timatlee/cloudflare-ddns-docker-updated
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Update dependency urllib3 to v2.7.0 #92

Merged
timatlee merged 1 commits from renovate/urllib3-2.x into main 2026-05-07 19:42:55 -06:00
Conversation 0 Commits 1 Files Changed 1
+1 -1
renovate-bot commented 2026-05-07 11:00:20 -06:00
Collaborator
Copy Link
Copy Source

This PR contains the following updates:

Package Update Change
urllib3 (changelog) minor ==2.6.3==2.7.0

Release Notes

urllib3/urllib3 (urllib3)

v2.7.0

Compare Source

=======================

Security

Addressed high-severity security issues.
Impact was limited to specific use cases detailed in the accompanying
advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been
      read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or
      HTTPResponse.stream(amt=N) call when the response was decompressed
      using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__
    for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip
    sensitive headers specified in Retry.remove_headers_on_redirect when
    redirecting to a different host.
    (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better
    visibility of existing deprecation notices. Rescheduled the removal of
    deprecated features to version 3.0.
    (#&#8203;3764 <https://github.com/urllib3/urllib3/issues/3764>__)
  • Removed support for end-of-life Python 3.9.
    (#&#8203;3720 <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10.
    (#&#8203;4979 <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0.
    (#&#8203;3777 <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed
    data buffered from previous partial reads.
    (#&#8203;3636 <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the
    response after a partial read when cache_content=True.
    (#&#8203;4967 <https://github.com/urllib3/urllib3/issues/4967>__)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle
    amt=0.
    (#&#8203;3793 <https://github.com/urllib3/urllib3/issues/3793>__)
  • Updated _TYPE_BODY type alias to include missing Iterable[str],
    matching the documented and runtime behavior of chunked request bodies.
    (#&#8203;3798 <https://github.com/urllib3/urllib3/issues/3798>__)
  • Fixed LocationParseError when paths resembling schemeless URIs were
    passed to HTTPConnectionPool.urlopen().
    (#&#8203;3352 <https://github.com/urllib3/urllib3/issues/3352>__)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept
    memoryview in addition to bytearray, matching the
    io.RawIOBase.readinto contract and enabling use with
    io.BufferedReader without type errors.
    (#&#8203;3764 <https://github.com/urllib3/urllib3/issues/3764>__)

Configuration

📅 Schedule: (in timezone America/Edmonton)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [urllib3](https://github.com/urllib3/urllib3) ([changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)) | minor | `==2.6.3` → `==2.7.0` | --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.7.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#270-2026-05-07) [Compare Source](https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0) \======================= ## Security Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal. - Decompression-bomb safeguards of the streaming API were bypassed: 1. When `HTTPResponse.drain_conn()` was called after the response had been read and decompressed partially. 2. During the second `HTTPResponse.read(amt=N)` or `HTTPResponse.stream(amt=N)` call when the response was decompressed using the official `Brotli <https://pypi.org/project/brotli/>`\_\_ library. See `GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>`\_\_ for details. - HTTP pools created using `ProxyManager.connection_from_url` did not strip sensitive headers specified in `Retry.remove_headers_on_redirect` when redirecting to a different host. (`GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>`\_\_) ## Deprecations and Removals - Used `FutureWarning` instead of `DeprecationWarning` for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (`#&#8203;3764 <https://github.com/urllib3/urllib3/issues/3764>`\_\_) - Removed support for end-of-life Python 3.9. (`#&#8203;3720 <https://github.com/urllib3/urllib3/issues/3720>`\_\_) - Removed support for end-of-life PyPy3.10. (`#&#8203;4979 <https://github.com/urllib3/urllib3/issues/4979>`\_\_) - Bumped the minimum supported pyOpenSSL version to 19.0.0. (`#&#8203;3777 <https://github.com/urllib3/urllib3/issues/3777>`\_\_) ## Bugfixes - Fixed a bug where `HTTPResponse.read(amt=None)` was ignoring decompressed data buffered from previous partial reads. (`#&#8203;3636 <https://github.com/urllib3/urllib3/issues/3636>`\_\_) - Fixed a bug where `HTTPResponse.read()` could cache only part of the response after a partial read when `cache_content=True`. (`#&#8203;4967 <https://github.com/urllib3/urllib3/issues/4967>`\_\_) - Fixed `HTTPResponse.stream()` and `HTTPResponse.read_chunked()` to handle `amt=0`. (`#&#8203;3793 <https://github.com/urllib3/urllib3/issues/3793>`\_\_) - Updated `_TYPE_BODY` type alias to include missing `Iterable[str]`, matching the documented and runtime behavior of chunked request bodies. (`#&#8203;3798 <https://github.com/urllib3/urllib3/issues/3798>`\_\_) - Fixed `LocationParseError` when paths resembling schemeless URIs were passed to `HTTPConnectionPool.urlopen()`. (`#&#8203;3352 <https://github.com/urllib3/urllib3/issues/3352>`\_\_) - Fixed `BaseHTTPResponse.readinto()` type annotation to accept `memoryview` in addition to `bytearray`, matching the `io.RawIOBase.readinto` contract and enabling use with `io.BufferedReader` without type errors. (`#&#8203;3764 <https://github.com/urllib3/urllib3/issues/3764>`\_\_) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Edmonton) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE2OS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate-bot added 1 commit 2026-05-07 11:00:21 -06:00
Update dependency urllib3 to v2.7.0
Build Docker Image / build (pull_request) Successful in 1m46s
Details
46197e9806
timatlee merged commit a7a0982a64 into main 2026-05-07 19:42:55 -06:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate-bot timatlee (Tim AtLee)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: timatlee/cloudflare-ddns-docker-updated#92
Delete Branch "renovate/urllib3-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?