Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump urllib3 from 1.26.15 to 1.26.18 in /src #87

Merged
merged 3 commits into from
Oct 20, 2023
Merged

Bump urllib3 from 1.26.15 to 1.26.18 in /src #87

merged 3 commits into from
Oct 20, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 18, 2023

Bumps urllib3 from 1.26.15 to 1.26.18.

Release notes

Sourced from urllib3's releases.

1.26.18

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

1.26.16

  • Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954)
Changelog

Sourced from urllib3's changelog.

1.26.18 (2023-10-17)

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

1.26.16 (2023-05-23)

  • Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) <https://github.com/urllib3/urllib3/pull/2954>_)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump urllib3 from 1.26.15 to 1.26.18 in /src
2bb6e66 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 1.26.18.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.15...1.26.18)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 18, 2023
@dependabot dependabot bot requested a review from jsf9k as a code owner October 18, 2023 00:13
@dependabot dependabot bot added the python label Oct 18, 2023
@dependabot dependabot bot requested a review from mcdonnnj as a code owner October 18, 2023 00:13
@dependabot dependabot bot mentioned this pull request Oct 18, 2023
Closed
@jsf9k
Update python3 and python3-dev package versions
909a4c6 
3.10.13-r0 is what is currently offered by Alpine 3.17.
jsf9k
jsf9k reviewed Oct 18, 2023
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mcdonnnj - I'm not sure how you want to bump the version here. Normally this would be a patch bump, but I see you're using dev in your version. Once you bump the version as you see fit I'll approve.

@jsf9k jsf9k added version bump This issue or pull request increments the version number docker Pull requests that update Docker code labels Oct 18, 2023
@jsf9k
Copy link
Member

jsf9k commented Oct 20, 2023
edited
Loading

In a private conversation @mcdonnnj told me that he is "moving to cutting version changes when appropriate vs. every PR" and therefore does not want a version bump here.

@jsf9k jsf9k enabled auto-merge October 20, 2023 15:15
@mcdonnnj mcdonnnj removed the version bump This issue or pull request increments the version number label Oct 20, 2023
@mcdonnnj
Copy link
Member

@mcdonnnj - I'm not sure how you want to bump the version here. Normally this would be a patch bump, but I see you're using dev in your version. Once you bump the version as you see fit I'll approve.

Sorry missed the notification here. Yes I am moving to letting develop be development and cutting releases when an appropriate corpus of changes have been merged. In a case such as this I would prefer to ensure all dependencies are up-to-date before considering a version bump + release. This follows the development model of a lot of mature projects and it has grown on me.

@jsf9k jsf9k merged commit ccb702f into develop Oct 20, 2023
12 checks passed
@jsf9k jsf9k deleted the dependabot/pip/src/urllib3-1.26.18 branch October 20, 2023 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jasonodoom jasonodoom Awaiting requested review from jasonodoom

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

@mcdonnnj mcdonnnj

Labels
dependencies Pull requests that update a dependency file docker Pull requests that update Docker code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsf9k @mcdonnnj @dav3r