From d3f3e2a6f28a4211513057a1e592b26ce4f23259 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Mar 2024 13:41:46 -0400
Subject: [PATCH] chore(deps): bump urllib3 from 1.26.14 to 1.26.18 in
/python/message-service (#1003)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to
1.26.18.
Release notes
Sourced from urllib3's
releases.
1.26.18
- Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 "See Other" redirect responses.
(GHSA-g4mx-q9vg-27p4)
1.26.17
- Added the
Cookie header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect.
(GHSA-v845-jxx5-vc9f)
1.26.16
- Fixed thread-safety issue where accessing a
PoolManager
with many distinct origins would cause connection pools to be closed
while requests are in progress (#2954)
1.26.15
Changelog
Sourced from urllib3's
changelog.
1.26.18 (2023-10-17)
- Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 "See Other" redirect responses.
1.26.17 (2023-10-02)
- Added the
Cookie header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect.
([#3139](https://github.com/urllib3/urllib3/issues/3139)
<https://github.com/urllib3/urllib3/pull/3139>_)
1.26.16 (2023-05-23)
- Fixed thread-safety issue where accessing a
PoolManager
with many distinct origins
would cause connection pools to be closed while requests are in progress
([#2954](https://github.com/urllib3/urllib3/issues/2954)
<https://github.com/urllib3/urllib3/pull/2954>_)
1.26.15 (2023-03-10)
- Fix socket timeout value when
HTTPConnection is reused
([#2645](https://github.com/urllib3/urllib3/issues/2645)
<https://github.com/urllib3/urllib3/issues/2645>__)
- Remove "!" character from the unreserved characters in
IPv6 Zone ID parsing
(
[#2899](https://github.com/urllib3/urllib3/issues/2899)
<https://github.com/urllib3/urllib3/issues/2899>__)
- Fix IDNA handling of '\x80' byte
(
[#2901](https://github.com/urllib3/urllib3/issues/2901)
<https://github.com/urllib3/urllib3/issues/2901>__)
Commits
9c2c230
Release 1.26.18 (#3159)b594c5c
Merge pull request from GHSA-g4mx-q9vg-27p4944f0eb
[1.26] Use vendored six in urllib3.contrib.securetransportc9016bf
Release 1.26.170122035
Backport GHSA-v845-jxx5-vc9f (#3139)e63989f
Fix installing brotli extra on Python 2.72e7a24d
[1.26] Configure OS for RTD to fix building docs57181d6
[1.26] Improve error message when calling urllib3.request() (#3058)3c01480
[1.26] Run coverage even with failed jobsd94029b
Release 1.26.16- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/honeycombio/example-greeting-service/network/alerts).
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
python/message-service/poetry.lock | 42 ++++--------------------------
1 file changed, 5 insertions(+), 37 deletions(-)
diff --git a/python/message-service/poetry.lock b/python/message-service/poetry.lock
index 547ba02c..d067277b 100644
--- a/python/message-service/poetry.lock
+++ b/python/message-service/poetry.lock
@@ -1,10 +1,9 @@
-# This file is automatically @generated by Poetry and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand.
[[package]]
name = "bottle"
version = "0.12.25"
description = "Fast and simple WSGI-framework for small web-applications."
-category = "main"
optional = false
python-versions = "*"
files = [
@@ -16,7 +15,6 @@ files = [
name = "certifi"
version = "2022.12.7"
description = "Python package for providing Mozilla's CA Bundle."
-category = "main"
optional = false
python-versions = ">=3.6"
files = [
@@ -28,7 +26,6 @@ files = [
name = "charset-normalizer"
version = "3.0.1"
description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
-category = "main"
optional = false
python-versions = "*"
files = [
@@ -126,7 +123,6 @@ files = [
name = "colorama"
version = "0.4.6"
description = "Cross-platform colored terminal text."
-category = "dev"
optional = false
python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
files = [
@@ -138,7 +134,6 @@ files = [
name = "deprecated"
version = "1.2.13"
description = "Python @deprecated decorator to deprecate old python classes, functions or methods."
-category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
files = [
@@ -156,7 +151,6 @@ dev = ["PyTest", "PyTest (<5)", "PyTest-Cov", "PyTest-Cov (<2.6)", "bump2version
name = "exceptiongroup"
version = "1.1.0"
description = "Backport of PEP 654 (exception groups)"
-category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@@ -171,7 +165,6 @@ test = ["pytest (>=6)"]
name = "googleapis-common-protos"
version = "1.58.0"
description = "Common protobufs used in Google APIs"
-category = "main"
optional = false
python-versions = ">=3.7"
files = [
@@ -189,7 +182,6 @@ grpc = ["grpcio (>=1.44.0,<2.0.0dev)"]
name = "grpcio"
version = "1.53.0"
description = "HTTP/2-based RPC framework"
-category = "main"
optional = false
python-versions = ">=3.7"
files = [
@@ -247,7 +239,6 @@ protobuf = ["grpcio-tools (>=1.53.0)"]
name = "idna"
version = "3.4"
description = "Internationalized Domain Names in Applications (IDNA)"
-category = "main"
optional = false
python-versions = ">=3.5"
files = [
@@ -259,7 +250,6 @@ files = [
name = "importlib-metadata"
version = "6.11.0"
description = "Read metadata from Python packages"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -279,7 +269,6 @@ testing = ["flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs
name = "iniconfig"
version = "2.0.0"
description = "brain-dead simple config-ini parsing"
-category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@@ -291,7 +280,6 @@ files = [
name = "opentelemetry-api"
version = "1.23.0"
description = "OpenTelemetry Python API"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -307,7 +295,6 @@ importlib-metadata = ">=6.0,<7.0"
name = "opentelemetry-exporter-otlp-proto-common"
version = "1.23.0"
description = "OpenTelemetry Protobuf encoding"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -322,7 +309,6 @@ opentelemetry-proto = "1.23.0"
name = "opentelemetry-exporter-otlp-proto-grpc"
version = "1.23.0"
description = "OpenTelemetry Collector Protobuf over gRPC Exporter"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -346,7 +332,6 @@ test = ["pytest-grpc"]
name = "opentelemetry-instrumentation"
version = "0.44b0"
description = "Instrumentation Tools & Auto Instrumentation for OpenTelemetry Python"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -363,7 +348,6 @@ wrapt = ">=1.0.0,<2.0.0"
name = "opentelemetry-instrumentation-requests"
version = "0.44b0"
description = "OpenTelemetry requests instrumentation"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -385,7 +369,6 @@ test = ["httpretty (>=1.0,<2.0)", "opentelemetry-instrumentation-requests[instru
name = "opentelemetry-instrumentation-wsgi"
version = "0.44b0"
description = "WSGI Middleware for OpenTelemetry"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -406,7 +389,6 @@ test = ["opentelemetry-test-utils (==0.44b0)"]
name = "opentelemetry-proto"
version = "1.23.0"
description = "OpenTelemetry Python Proto"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -421,7 +403,6 @@ protobuf = ">=3.19,<5.0"
name = "opentelemetry-sdk"
version = "1.23.0"
description = "OpenTelemetry Python SDK"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -438,7 +419,6 @@ typing-extensions = ">=3.7.4"
name = "opentelemetry-semantic-conventions"
version = "0.44b0"
description = "OpenTelemetry Semantic Conventions"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -450,7 +430,6 @@ files = [
name = "opentelemetry-util-http"
version = "0.44b0"
description = "Web util for OpenTelemetry"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [
@@ -462,7 +441,6 @@ files = [
name = "packaging"
version = "23.0"
description = "Core utilities for Python packages"
-category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@@ -474,7 +452,6 @@ files = [
name = "pluggy"
version = "1.4.0"
description = "plugin and hook calling mechanisms for python"
-category = "dev"
optional = false
python-versions = ">=3.8"
files = [
@@ -490,7 +467,6 @@ testing = ["pytest", "pytest-benchmark"]
name = "protobuf"
version = "4.22.0"
description = ""
-category = "main"
optional = false
python-versions = ">=3.7"
files = [
@@ -513,7 +489,6 @@ files = [
name = "pytest"
version = "8.1.1"
description = "pytest: simple powerful testing with Python"
-category = "dev"
optional = false
python-versions = ">=3.8"
files = [
@@ -536,7 +511,6 @@ testing = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "pygm
name = "requests"
version = "2.31.0"
description = "Python HTTP for Humans."
-category = "main"
optional = false
python-versions = ">=3.7"
files = [
@@ -558,7 +532,6 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
name = "setuptools"
version = "67.4.0"
description = "Easily download, build, install, upgrade, and uninstall Python packages"
-category = "main"
optional = false
python-versions = ">=3.7"
files = [
@@ -575,7 +548,6 @@ testing-integration = ["build[virtualenv]", "filelock (>=3.4.0)", "jaraco.envs (
name = "tomli"
version = "2.0.1"
description = "A lil' TOML parser"
-category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@@ -587,7 +559,6 @@ files = [
name = "typing-extensions"
version = "4.5.0"
description = "Backported and Experimental Type Hints for Python 3.7+"
-category = "main"
optional = false
python-versions = ">=3.7"
files = [
@@ -597,18 +568,17 @@ files = [
[[package]]
name = "urllib3"
-version = "1.26.14"
+version = "1.26.18"
description = "HTTP library with thread-safe connection pooling, file post, and more."
-category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
files = [
- {file = "urllib3-1.26.14-py2.py3-none-any.whl", hash = "sha256:75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1"},
- {file = "urllib3-1.26.14.tar.gz", hash = "sha256:076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72"},
+ {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"},
+ {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"},
]
[package.extras]
-brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)", "brotlipy (>=0.6.0)"]
+brotli = ["brotli (==1.0.9)", "brotli (>=1.0.9)", "brotlicffi (>=0.8.0)", "brotlipy (>=0.6.0)"]
secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)", "urllib3-secure-extra"]
socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
@@ -616,7 +586,6 @@ socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
name = "wrapt"
version = "1.15.0"
description = "Module for decorators, wrappers and monkey patching."
-category = "main"
optional = false
python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7"
files = [
@@ -701,7 +670,6 @@ files = [
name = "zipp"
version = "3.17.0"
description = "Backport of pathlib-compatible object wrapper for zip files"
-category = "main"
optional = false
python-versions = ">=3.8"
files = [