timatlee/cloudflare-ddns-docker-updated
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Update dependency urllib3 to v2.6.3 #61

Merged
timatlee merged 1 commits from renovate/urllib3-2.x into main 2026-01-17 16:51:19 -07:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2026-01-17 14:00:32 -07:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
urllib3 (changelog) minor ==2.4.0==2.6.3

Release Notes

urllib3/urllib3 (urllib3)

v2.6.3

Compare Source

==================

  • Fixed a high-severity security issue where decompression-bomb safeguards of
    the streaming API were bypassed when HTTP redirects were followed.
    (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
  • Started treating Retry-After times greater than 6 hours as 6 hours by
    default. (#&#8203;3743 <https://github.com/urllib3/urllib3/issues/3743>__)
  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten.
    (#&#8203;3752 <https://github.com/urllib3/urllib3/issues/3752>__)

v2.6.2

Compare Source

==================

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in
    the decoder's buffer when reading compressed chunked responses.
    (#&#8203;3734 <https://github.com/urllib3/urllib3/issues/3734>__)

v2.6.1

Compare Source

==================

  • Restore previously removed HTTPResponse.getheaders() and
    HTTPResponse.getheader() methods.
    (#&#8203;3731 <https://github.com/urllib3/urllib3/issues/3731>__)

v2.6.0

Compare Source

==================

Security

  • Fixed a security issue where streaming API could improperly handle highly
    compressed HTTP content ("decompression bombs") leading to excessive resource
    consumption even when a small amount of data was requested. Reading small
    chunks of compressed data is safer and much more efficient now.
    (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with
    virtually unlimited links in the Content-Encoding header, potentially
    leading to a denial of service (DoS) attack by exhausting system resources
    during decoding. The number of allowed chained encodings is now limited to 5.
    (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but
    your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
    sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
    benefit from the security fixes and avoid warnings. Prefer using
    urllib3[brotli] to install a compatible Brotli package automatically.

  • If you use custom decompressors, please make sure to update them to
    respect the changed API of urllib3.response.ContentDecoder.

Features

  • Enabled retrieval, deletion, and membership testing in HTTPHeaderDict using bytes keys. (#&#8203;3653 <https://github.com/urllib3/urllib3/issues/3653>__)
  • Added host and port information to string representations of HTTPConnection. (#&#8203;3666 <https://github.com/urllib3/urllib3/issues/3666>__)
  • Added support for Python 3.14 free-threading builds explicitly. (#&#8203;3696 <https://github.com/urllib3/urllib3/issues/3696>__)

Removals

  • Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers.
    Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default). (#&#8203;3622 <https://github.com/urllib3/urllib3/issues/3622>__)

Bugfixes

  • Fixed redirect handling in urllib3.PoolManager when an integer is passed
    for the retries parameter. (#&#8203;3649 <https://github.com/urllib3/urllib3/issues/3649>__)
  • Fixed HTTPConnectionPool when used in Emscripten with no explicit port. (#&#8203;3664 <https://github.com/urllib3/urllib3/issues/3664>__)
  • Fixed handling of SSLKEYLOGFILE with expandable variables. (#&#8203;3700 <https://github.com/urllib3/urllib3/issues/3700>__)

Misc

  • Changed the zstd extra to install backports.zstd instead of zstandard on Python 3.13 and before. (#&#8203;3693 <https://github.com/urllib3/urllib3/issues/3693>__)
  • Improved the performance of content decoding by optimizing BytesQueueBuffer class. (#&#8203;3710 <https://github.com/urllib3/urllib3/issues/3710>__)
  • Allowed building the urllib3 package with newer setuptools-scm v9.x. (#&#8203;3652 <https://github.com/urllib3/urllib3/issues/3652>__)
  • Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (#&#8203;3638 <https://github.com/urllib3/urllib3/issues/3638>__)

v2.5.0

Compare Source

==================

Features

  • Added support for the compression.zstd module that is new in Python 3.14.
    See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. (#&#8203;3610 <https://github.com/urllib3/urllib3/issues/3610>__)
  • Added support for version 0.5 of hatch-vcs (#&#8203;3612 <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

  • Fixed a security issue where restricting the maximum number of followed
    redirects at the urllib3.PoolManager level via the retries parameter
    did not work.
  • Made the Node.js runtime respect redirect parameters such as retries
    and redirects.
  • Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#&#8203;3581 <https://github.com/urllib3/urllib3/issues/3581>__)
  • Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#&#8203;3615 <https://github.com/urllib3/urllib3/issues/3615>__)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [urllib3](https://github.com/urllib3/urllib3) ([changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)) | minor | `==2.4.0` → `==2.6.3` | --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.6.3`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#263-2026-01-07) [Compare Source](https://github.com/urllib3/urllib3/compare/2.6.2...2.6.3) \================== - Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (`GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>`\_\_) - Started treating `Retry-After` times greater than 6 hours as 6 hours by default. (`#&#8203;3743 <https://github.com/urllib3/urllib3/issues/3743>`\_\_) - Fixed `urllib3.connection.VerifiedHTTPSConnection` on Emscripten. (`#&#8203;3752 <https://github.com/urllib3/urllib3/issues/3752>`\_\_) ### [`v2.6.2`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#262-2025-12-11) [Compare Source](https://github.com/urllib3/urllib3/compare/2.6.1...2.6.2) \================== - Fixed `HTTPResponse.read_chunked()` to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (`#&#8203;3734 <https://github.com/urllib3/urllib3/issues/3734>`\_\_) ### [`v2.6.1`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#261-2025-12-08) [Compare Source](https://github.com/urllib3/urllib3/compare/2.6.0...2.6.1) \================== - Restore previously removed `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` methods. (`#&#8203;3731 <https://github.com/urllib3/urllib3/issues/3731>`\_\_) ### [`v2.6.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#260-2025-12-05) [Compare Source](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0) \================== ## Security - Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (`GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>`\_\_) - Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the `Content-Encoding` header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (`GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>`\_\_) .. caution:: - If urllib3 is not installed with the optional `urllib3[brotli]` extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using `urllib3[brotli]` to install a compatible Brotli package automatically. - If you use custom decompressors, please make sure to update them to respect the changed API of `urllib3.response.ContentDecoder`. ## Features - Enabled retrieval, deletion, and membership testing in `HTTPHeaderDict` using bytes keys. (`#&#8203;3653 <https://github.com/urllib3/urllib3/issues/3653>`\_\_) - Added host and port information to string representations of `HTTPConnection`. (`#&#8203;3666 <https://github.com/urllib3/urllib3/issues/3666>`\_\_) - Added support for Python 3.14 free-threading builds explicitly. (`#&#8203;3696 <https://github.com/urllib3/urllib3/issues/3696>`\_\_) ## Removals - Removed the `HTTPResponse.getheaders()` method in favor of `HTTPResponse.headers`. Removed the `HTTPResponse.getheader(name, default)` method in favor of `HTTPResponse.headers.get(name, default)`. (`#&#8203;3622 <https://github.com/urllib3/urllib3/issues/3622>`\_\_) ## Bugfixes - Fixed redirect handling in `urllib3.PoolManager` when an integer is passed for the retries parameter. (`#&#8203;3649 <https://github.com/urllib3/urllib3/issues/3649>`\_\_) - Fixed `HTTPConnectionPool` when used in Emscripten with no explicit port. (`#&#8203;3664 <https://github.com/urllib3/urllib3/issues/3664>`\_\_) - Fixed handling of `SSLKEYLOGFILE` with expandable variables. (`#&#8203;3700 <https://github.com/urllib3/urllib3/issues/3700>`\_\_) ## Misc - Changed the `zstd` extra to install `backports.zstd` instead of `zstandard` on Python 3.13 and before. (`#&#8203;3693 <https://github.com/urllib3/urllib3/issues/3693>`\_\_) - Improved the performance of content decoding by optimizing `BytesQueueBuffer` class. (`#&#8203;3710 <https://github.com/urllib3/urllib3/issues/3710>`\_\_) - Allowed building the urllib3 package with newer setuptools-scm v9.x. (`#&#8203;3652 <https://github.com/urllib3/urllib3/issues/3652>`\_\_) - Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (`#&#8203;3638 <https://github.com/urllib3/urllib3/issues/3638>`\_\_) ### [`v2.5.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#250-2025-06-18) [Compare Source](https://github.com/urllib3/urllib3/compare/2.4.0...2.5.0) \================== ## Features - Added support for the `compression.zstd` module that is new in Python 3.14. See `PEP 784 <https://peps.python.org/pep-0784/>`\_ for more information. (`#&#8203;3610 <https://github.com/urllib3/urllib3/issues/3610>`\_\_) - Added support for version 0.5 of `hatch-vcs` (`#&#8203;3612 <https://github.com/urllib3/urllib3/issues/3612>`\_\_) ## Bugfixes - Fixed a security issue where restricting the maximum number of followed redirects at the `urllib3.PoolManager` level via the `retries` parameter did not work. - Made the Node.js runtime respect redirect parameters such as `retries` and `redirects`. - Raised exception for `HTTPResponse.shutdown` on a connection already released to the pool. (`#&#8203;3581 <https://github.com/urllib3/urllib3/issues/3581>`\_\_) - Fixed incorrect `CONNECT` statement when using an IPv6 proxy with `connection_from_host`. Previously would not be wrapped in `[]`. (`#&#8203;3615 <https://github.com/urllib3/urllib3/issues/3615>`\_\_) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NC4wIiwidXBkYXRlZEluVmVyIjoiNDIuODQuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate-bot added 1 commit 2026-01-17 14:00:33 -07:00
Update dependency urllib3 to v2.6.3
All checks were successful
Build Docker Image / build (pull_request) Successful in 1m28s
Details
431bc1ebd9
renovate-bot force-pushed renovate/urllib3-2.x from 431bc1ebd9 to 1ead8a04e3 2026-01-17 16:00:59 -07:00 Compare
timatlee merged commit ce02df2e2c into main 2026-01-17 16:51:19 -07:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate-bot timatlee
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: timatlee/cloudflare-ddns-docker-updated#61
Delete Branch "renovate/urllib3-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?