CVS commit: pkgsrc/www/py-scrapy

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-scrapy
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Fri, 13 Mar 2026 11:13:57 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Mar 13 11:13:57 UTC 2026

Modified Files:
        pkgsrc/www/py-scrapy: Makefile distinfo

Log Message:
py-scrapy: updated to 2.14.2

Scrapy 2.14.2 (2026-03-12)

Security bug fixes

-   Values from the ``Referrer-Policy`` header of HTTP responses are no longer
    executed as Python callables. See the `cwxj-rr6w-m6w7`_ security advisory
    for details.

    .. _cwxj-rr6w-m6w7: https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7

-   In line with the `standard
    <https://fetch.spec.whatwg.org/#http-redirect-fetch>`__, 301 redirects of
    ``POST`` requests are converted into ``GET`` requests.

    Converting to a ``GET`` request implies not only a method change, but also
    omitting the body and ``Content-*`` headers in the redirect request. On
    cross-origin redirects (for example, cross-domain redirects), this is
    effectively a security bug fix for scenarios where the body contains
    secrets.

Deprecations

-   Passing a response URL string as the first positional argument to
    :meth:`scrapy.spidermiddlewares.referer.RefererMiddleware.policy` is
    deprecated. Pass a :class:`~scrapy.http.Response` instead.

    The parameter has also been renamed to ``response`` to reflect this change.
    The old parameter name (``resp_or_url``) is deprecated.

New features

-   Added a new setting, :setting:`REFERER_POLICIES`, to allow customizing
    supported referrer policies.

Bug fixes

-   Made additional redirect scenarios convert to ``GET`` in line with the
    `standard <https://fetch.spec.whatwg.org/#http-redirect-fetch>`__:

    -   Only ``POST`` 302 redirects are converted into ``GET`` requests; other
        methods are preserved.

    -   ``HEAD`` 303 redirects are not converted into ``GET`` requests.

    -   ``GET`` 303 redirects do not have their body or standard ``Content-*``
        headers removed.

-   Redirects where the original request body is dropped now also have their
    ``Content-Encoding``, ``Content-Language`` and ``Content-Location`` headers
    removed, in addition to the ``Content-Type`` and ``Content-Length`` headers
    that were already being removed.

-   Redirects now preserve the source URL fragment if the redirect URL does not
    include one. This is useful when using browser-based download handlers,
    such as `scrapy-playwright`_ or `scrapy-zyte-api`_, while letting Scrapy
    handle redirects.

    .. _scrapy-playwright: https://github.com/scrapy-plugins/scrapy-playwright
    .. _scrapy-zyte-api: https://scrapy-zyte-api.readthedocs.io/en/latest/

-   The ``Referer`` header is now removed on redirect if
    :class:`~scrapy.spidermiddlewares.referer.RefererMiddleware` is disabled.

-   The handling of the ``Referer`` header on redirects now takes into account
    the ``Referer-Policy`` header of the response that triggers the redirect.


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/py-scrapy/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/www/py-scrapy/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-scrapy/Makefile
diff -u pkgsrc/www/py-scrapy/Makefile:1.35 pkgsrc/www/py-scrapy/Makefile:1.36
--- pkgsrc/www/py-scrapy/Makefile:1.35  Tue Jan 13 12:39:52 2026
+++ pkgsrc/www/py-scrapy/Makefile       Fri Mar 13 11:13:57 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.35 2026/01/13 12:39:52 adam Exp $
+# $NetBSD: Makefile,v 1.36 2026/03/13 11:13:57 adam Exp $
 
-DISTNAME=      scrapy-2.14.1
+DISTNAME=      scrapy-2.14.2
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=S/Scrapy/}

Index: pkgsrc/www/py-scrapy/distinfo
diff -u pkgsrc/www/py-scrapy/distinfo:1.25 pkgsrc/www/py-scrapy/distinfo:1.26
--- pkgsrc/www/py-scrapy/distinfo:1.25  Tue Jan 13 12:39:52 2026
+++ pkgsrc/www/py-scrapy/distinfo       Fri Mar 13 11:13:57 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.25 2026/01/13 12:39:52 adam Exp $
+$NetBSD: distinfo,v 1.26 2026/03/13 11:13:57 adam Exp $
 
-BLAKE2s (scrapy-2.14.1.tar.gz) = 17d6034710ce9a9188bbc647cbd445de4e67d8c9b6bd0e5dd180293ec049b7d0
-SHA512 (scrapy-2.14.1.tar.gz) = 9d5e0a98921c3deb85bf4134567fa325a3e14d110a135024b6b12e29aaf8b8590d0a4b442146acfc11db70dd69d9e2334e00219d32eb3f495deb0720e270198f
-Size (scrapy-2.14.1.tar.gz) = 1251898 bytes
+BLAKE2s (scrapy-2.14.2.tar.gz) = deb144eb7a5cd812a9ae22ab3c7aeed500e3b06317ef79c24bee8b99ce0f407f
+SHA512 (scrapy-2.14.2.tar.gz) = 14edf7cb1c2054b0644134cacae68bf6cb785c5881a0428192dcb47b13ca9ba7e31d76b4f28fb85ef4a3a12b6061d2b22f837434c9cf40404f964c45361e72cd
+Size (scrapy-2.14.2.tar.gz) = 1255604 bytes

Prev by Date: CVS commit: pkgsrc/security/py-cyclonedx-bom
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/security/py-cyclonedx-bom
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index