CVS commit: pkgsrc/www/py-urllib3

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-urllib3
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Fri, 5 Dec 2025 21:16:38 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Dec  5 21:16:38 UTC 2025

Modified Files:
        pkgsrc/www/py-urllib3: Makefile distinfo

Log Message:
py-urllib3: update to 2.6.0.

2.6.0 (2025-12-05)
==================

Security
--------

- Fixed a security issue where streaming API could improperly handle highly
  compressed HTTP content ("decompression bombs") leading to excessive resource
  consumption even when a small amount of data was requested. Reading small
  chunks of compressed data is safer and much more efficient now.
  (`GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>`__)
- Fixed a security issue where an attacker could compose an HTTP response with
  virtually unlimited links in the ``Content-Encoding`` header, potentially
  leading to a denial of service (DoS) attack by exhausting system resources
  during decoding. The number of allowed chained encodings is now limited to 5.
  (`GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>`__)

.. caution::
  - If urllib3 is not installed with the optional `urllib3[brotli]` extra, but
    your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
    sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
    benefit from the security fixes and avoid warnings. Prefer using
    `urllib3[brotli]` to install a compatible Brotli package automatically.

  - If you use custom decompressors, please make sure to update them to
    respect the changed API of ``urllib3.response.ContentDecoder``.

Features
--------

- Enabled retrieval, deletion, and membership testing in ``HTTPHeaderDict`` using bytes keys. (`#3653 <https://github.com/urllib3/urllib3/issues/3653>`__)
- Added host and port information to string representations of ``HTTPConnection``. (`#3666 <https://github.com/urllib3/urllib3/issues/3666>`__)
- Added support for Python 3.14 free-threading builds explicitly. (`#3696 <https://github.com/urllib3/urllib3/issues/3696>`__)

Removals
--------

- Removed the ``HTTPResponse.getheaders()`` method in favor of ``HTTPResponse.headers``.
  Removed the ``HTTPResponse.getheader(name, default)`` method in favor of ``HTTPResponse.headers.get(name, default)``. (`#3622 <https://github.com/urllib3/urllib3/issues/3622>`__)

Bugfixes
--------

- Fixed redirect handling in ``urllib3.PoolManager`` when an integer is passed
  for the retries parameter. (`#3649 <https://github.com/urllib3/urllib3/issues/3649>`__)
- Fixed ``HTTPConnectionPool`` when used in Emscripten with no explicit port. (`#3664 <https://github.com/urllib3/urllib3/issues/3664>`__)
- Fixed handling of ``SSLKEYLOGFILE`` with expandable variables. (`#3700 <https://github.com/urllib3/urllib3/issues/3700>`__)

Misc
----

- Changed the ``zstd`` extra to install ``backports.zstd`` instead of ``zstandard`` on Python 3.13 and before. (`#3693 <https://github.com/urllib3/urllib3/issues/3693>`__)
- Improved the performance of content decoding by optimizing ``BytesQueueBuffer`` class. (`#3710 <https://github.com/urllib3/urllib3/issues/3710>`__)
- Allowed building the urllib3 package with newer setuptools-scm v9.x. (`#3652 <https://github.com/urllib3/urllib3/issues/3652>`__)
- Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (`#3638 <https://github.com/urllib3/urllib3/issues/3638>`__)


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/www/py-urllib3/Makefile
cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/py-urllib3/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-urllib3/Makefile
diff -u pkgsrc/www/py-urllib3/Makefile:1.67 pkgsrc/www/py-urllib3/Makefile:1.68
--- pkgsrc/www/py-urllib3/Makefile:1.67 Sun Jun 22 17:41:13 2025
+++ pkgsrc/www/py-urllib3/Makefile      Fri Dec  5 21:16:38 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.67 2025/06/22 17:41:13 wiz Exp $
+# $NetBSD: Makefile,v 1.68 2025/12/05 21:16:38 wiz Exp $
 
-DISTNAME=      urllib3-2.5.0
+DISTNAME=      urllib3-2.6.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=u/urllib3/}
@@ -29,14 +29,16 @@ PYTHON_VERSIONED_DEPENDENCIES+=     cryptogr
 
 TEST_DEPENDS+= ${PYPKGPREFIX}-coverage>=7.0.4:../../devel/py-coverage
 TEST_DEPENDS+= ${PYPKGPREFIX}-freezegun>=1.2.2:../../devel/py-freezegun
-#TEST_DEPENDS+=        ${PYPKGPREFIX}-towncrier>=21.9.0:../../wip/py-towncrier
+TEST_DEPENDS+= ${PYPKGPREFIX}-httpx>=0:../../www/py-httpx
+TEST_DEPENDS+= ${PYPKGPREFIX}-quart>=0:../../www/py-quart
+TEST_DEPENDS+= ${PYPKGPREFIX}-quart-trio>=0:../../www/py-quart-trio
 TEST_DEPENDS+= ${PYPKGPREFIX}-test-timeout>=2.1.0:../../devel/py-test-timeout
 TEST_DEPENDS+= ${PYPKGPREFIX}-tornado>=6.2:../../www/py-tornado
 TEST_DEPENDS+= ${PYPKGPREFIX}-trio>=0.26.2:../../devel/py-trio
 TEST_DEPENDS+= ${PYPKGPREFIX}-trustme>=0.9.0:../../security/py-trustme
-# quart
-#hypercorn @ git+https://github.com/urllib3/hypercorn@urllib3-changes
-#pytest-memray 1.5.0; sys_platform!="win32" and implementation_name=="cpython"
+
+# as of 2.6.0
+# 43 failed, 1681 passed, 523 skipped, 2 xfailed, 51 warnings, 1 error
 
 USE_LANGUAGES= # none
 

Index: pkgsrc/www/py-urllib3/distinfo
diff -u pkgsrc/www/py-urllib3/distinfo:1.53 pkgsrc/www/py-urllib3/distinfo:1.54
--- pkgsrc/www/py-urllib3/distinfo:1.53 Sun Jun 22 17:41:13 2025
+++ pkgsrc/www/py-urllib3/distinfo      Fri Dec  5 21:16:38 2025
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.53 2025/06/22 17:41:13 wiz Exp $
+$NetBSD: distinfo,v 1.54 2025/12/05 21:16:38 wiz Exp $
 
-BLAKE2s (urllib3-2.5.0.tar.gz) = 03454a77e9cad4ae1bddf6f65d1dc5d4dd795025c2154e73cec563346dba6c81
-SHA512 (urllib3-2.5.0.tar.gz) = f417a2745bc9750da23916690937e5c0dfe0534354f2c1c9f056baf16554a831a28937acca2b1f23941d5b6e87a372f2e074508eaf2c3304fd1014b8afc3295e
-Size (urllib3-2.5.0.tar.gz) = 393185 bytes
+BLAKE2s (urllib3-2.6.0.tar.gz) = 83b8d1451234eea096de1a6951417b413770ab38a347892a4c666cc050ac0b3b
+SHA512 (urllib3-2.6.0.tar.gz) = b825663ed9e037763c3c8a049f818330ee9cf0d00ba6f3bd368114ed1feb750e0e6613920cde62443aa05aa84752a2cdfa4f7a6f631801031cb2fbf6736675e3
+Size (urllib3-2.6.0.tar.gz) = 432585 bytes

Prev by Date: CVS commit: pkgsrc/www
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/www
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index