- Update to 2.2.3:
  * Features
    + Added support for Python 3.13.
  * Bugfixes
    + Fixed the default encoding of chunked request bodies to be UTF-8
      instead of ISO-8859-1. All other methods of supplying a request body
      already use UTF-8 starting in urllib3 v2.0.
    + Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting
      python/cpython#103472.
    + Fixed a crash where certain standard library hash functions were absent
      in restricted environments.
    + Added the Proxy-Authorization header to the list of headers to strip
      from requests when redirecting to a different host. As before,
      different headers can be set via Retry.remove_headers_on_redirect.
    + Allowed passing negative integers as amt to read methods of
      http.client.HTTPResponse as an alternative to None.
    + Fixed issue where InsecureRequestWarning was emitted for HTTPS
      connections when using Emscripten.
    + Fixed HTTPConnectionPool.urlopen to stop automatically casting
      non-proxy headers to HTTPHeaderDict. This change was premature as it
      did not apply to proxy headers and HTTPHeaderDict does not handle byte
      header values correctly yet.
    + Changed InvalidChunkLength to ProtocolError when response terminates
      before the chunk length is sent.
    + Changed ProtocolError to be more verbose on incomplete reads with
      excess content.
    + Added support for HTTPResponse.read1() method.
    + Fixed issue where requests against urls with trailing dots were
      failing due to SSL errors when using proxy.
    + Fixed HTTPConnection.proxy_is_verified and

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Add upstream patch openssl-3.2.patch, to fix tests with opennssl
  3.2.0, gh#urllib3/urllib3#3271

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- update to 2.0.7 (bsc#1216377, CVE-2023-45803):
  * Made body stripped from HTTP requests changing the request method
    to GET after HTTP 303 "See Other" redirect responses.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 2.0.6 (bsc#1215968, CVE-2023-43804):
  * Added the Cookie header to the list of headers to strip from
    requests when redirecting to a different host. As before, different
    headers can be set via Retry.remove_headers_on_redirect
- 2.0.5:
  * Allowed pyOpenSSL third-party module without any deprecation
    warning. #3126
  * Fixed default blocksize of HTTPConnection classes to match
    high-level classes. Previously was 8KiB, now 16KiB. #3066

• Files Changed
• Browse Source

  * Changed HTTPConnection.request_chunked() to not erroneously emit multiple
  * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
- Add missing dependency on python-six (bsc#1150895)
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
 * Allow providing a list of headers to strip from requests when redirecting
    without repeatedly flushing the decoder, to function better on
  * Accept ca_cert_dir for SSL-related PoolManager configuration.
- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
- Comment out test requirements, as tests are disabled anyway, and
  * Add support for directories of certificate authorities, as
  * New exception: NewConnectionError, raised when we fail to
- Update 0001-Don-t-pin-dependency-to-exact-version.patch
  * Shuffled around development-related files.
    If you're maintaining a distro package of urllib3, you may need
  * Unverified HTTPS requests will trigger a warning on the first
  * New retry logic and urllib3.util.retry.Retry configuration
  * All raised exceptions should now wrapped in a
    urllib3.exceptions.HTTPException-extending exception.
    urllib3.exceptions.MaxRetryError, including timeout-related
    exceptions which were previously exempt. Underlying error is
  * urllib3.exceptions.ConnectionError renamed to
  * Requesting an empty host will raise
  * Catch read timeouts over SSL connections as
  * Fix TLS verification when using a proxy in Python 3.4.1.
  * Add disable_cache option to urllib3.util.make_headers.
  * Wrap socket.timeout exception with
  * Fixed proxy-related bug where connections were being reused
  * Added socket_options keyword parameter which allows to define
  * Removed HTTPConnection.tcp_nodelay in favor of
  * Don't install dummyserver into site-packages as it's only

• Files Changed
• Browse Source

- update to 1.25.9 (bsc#1177120, CVE-2020-26137):

• Files Changed
• Browse Source

- update to 2.0.4:
  * Added support for union operators to ``HTTPHeaderDict``
  * Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078
  * Fixed ``urllib3.connection.HTTPConnection`` to raise the
    ``http.client.connect`` audit event to have the same behavior
    as the standard library HTTP client
  * Relied on the standard library for checking hostnames in
    supported PyPy releases

• Files Changed
• Browse Source

- Disable test_deprecated_no_scheme so it needs network connection to
  run correctly.
- update to 2.0.3:
  * Allowed alternative SSL libraries such as LibreSSL, while
    still issuing a warning as we cannot help users facing issues
    with implementations other than OpenSSL.
  * Deprecated URLs which don't have an explicit scheme
  * Fixed response decoding with Zstandard when compressed data
    is made of several frames.
  * Fixed ``assert_hostname=False`` to correctly skip hostname
    check.

• Files Changed
• Browse Source

- update to 2.0.2:
  * Fixed ``HTTPResponse.stream()`` to continue yielding bytes if
    buffered decompressed data was still available to be read
    even if the underlying socket is closed. This prevents
    a compressed response from being truncated.

- Update to 2.0.1:
  * Fixed a socket leak when fingerprint or hostname verifications fail.
  * Fixed an error when HTTPResponse.read(0) was the first read call or when
    the internal response body buffer was otherwise empty.
  * Removed support for Python 2.7, 3.5, and 3.6.
  * Removed fallback on certificate commonName in match_hostname() function.
  * Removed support for Python with an ssl module compiled with LibreSSL,
   CiscoSSL, wolfSSL, and all other OpenSSL alternatives.
  * Removed support for OpenSSL versions earlier than 1.1.1.
  * Removed urllib3.contrib.appengine.AppEngineManager and support for Google
    App Engine Standard Environment.
  * Changed ssl_version to instead set the corresponding
    SSLContext.minimum_version and SSLContext.maximum_version values.
  * Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2
    in line with Python 3.10.
  * Changed urllib3.util.create_urllib3_context to not override the system
    cipher suites with a default value.
  * Changed multipart/form-data header parameter formatting matches the
    WHATWG HTML Standard as of 2021-06-10.
  * Changed HTTPConnection.request() to always use lowercase chunk boundaries
    when sending requests with Transfer-Encoding: chunked.
  * Changed enforce_content_length default to True, preventing silent data
    loss when reading streamed responses.
  * Changed all parameters in the HTTPConnection and HTTPSConnection

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- update to 1.26.14:
  * Fixed parsing of port 0 (zero) returning None, instead of 0.
  * Removed deprecated getheaders() calls in contrib module.

• Files Changed
• Browse Source

- update to 1.26.13
  * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods.
  * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
    even when the port number after removing the zeroes was valid.
  * Fixed a deprecation warning when using cryptography v39.0.0.
  * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. (forwarded request 1039590 from glaubitz)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 1.26.12:
  * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
    Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
    for justification and info on how to migrate.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Remove unneeded BuildRequires of mock. 

- Remove unbundling off ssl.match_hostname.
  * It was only done for the primary python3 flavor
  * It is bundled for a reason gh#urllib3/urllib3#2439,
    gh#urllib3/urllib3#2448
  * The tests (and probably urllib3 users) use wildcard patterns
    not supported by the stdlib
- Fix undbundling of six for all flavors
- Replace brotlipy recommendation and test with python-Brotli
  (see release notes below)

- update to 1.26.9:
  * Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still
    receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``.
    This change does not impact behavior of urllib3, only which dependencies are installed.
  * Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
  * Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
    when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.

- update to 1.26.8:
  * Added extra message to``urllib3.exceptions.ProxyError`` when urllib3 detects that
    a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
  * Added a mention of the size of the connection pool when discarding a
    connection due to the pool being full.
  * Added explicit support for Python 3.11.
  * Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of
    ``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names.
    ``Retry.MAX_BACKOFF`` is removed in v2.0.
  * Changed location of the vendored ``ssl.match_hostname`` function from

• Files Changed
• Browse Source