{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":664362963,"defaultBranch":"main","name":"urllib3.future","ownerLogin":"jawah","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2023-07-09T18:41:21.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/139072305?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1725843444.0","currentOid":""},"activityList":{"items":[{"before":"d59dd09fffc1799e7657372cf1f948d8cb257435","after":null,"ref":"refs/heads/dependabot/github_actions/pypa/gh-action-pypi-publish-1.10.0","pushedAt":"2024-09-09T00:57:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"932fbe765ec391d88e9b0ba84e4e273b0a498b4c","ref":"refs/heads/dependabot/github_actions/pypa/gh-action-pypi-publish-1.10.1","pushedAt":"2024-09-09T00:57:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1\n\nBumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.9.0 to 1.10.1.\n- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)\n- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0...0ab0b79471669eb3a4d647e625009c62f9f3b241)\n\n---\nupdated-dependencies:\n- dependency-name: pypa/gh-action-pypi-publish\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1"}},{"before":"dc4727785ac39e416dbe5285457a95f370c3b50a","after":null,"ref":"refs/heads/dependabot/github_actions/actions/setup-python-5.2.0","pushedAt":"2024-09-02T02:33:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"}},{"before":"111e38096e787d783cb0fe0bbbd6587b9a4cc444","after":"748e9089182ee17915aa010bfa28cfc5cddf52ee","ref":"refs/heads/main","pushedAt":"2024-09-02T02:33:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":"⬆️ Bump actions/setup-python from 4.7.0 to 5.2.0 (#146)\n\nBumps [actions/setup-python](https://github.com/actions/setup-python)\r\nfrom 4.7.0 to 5.2.0.\r\n
\r\nRelease notes\r\n

Sourced from actions/setup-python's\r\nreleases.

\r\n
\r\n

v5.2.0

\r\n

What's Changed

\r\n

Bug fixes:

\r\n
    \r\n
  • Add .zip extension to Windows package downloads for\r\nExpand-Archive Compatibility by @​priyagupta108\r\nin actions/setup-python#916\r\nThis addresses compatibility issues on Windows self-hosted runners by\r\nensuring that the filenames for Python and PyPy package downloads\r\nexplicitly include the .zip extension, allowing the Expand-Archive\r\ncommand to function correctly.
    • \r\n
  • Add arch to cache key by @​Zxilly in actions/setup-python#896\r\nThis addresses issues with caching by adding the architecture (arch) to\r\nthe cache key, ensuring that cache keys are accurate to prevent\r\nconflicts
    • \r\n
\r\n

Documentation changes:

\r\n
    \r\n
  • Fix display of emojis in contributors doc by @​sciencewhiz in\r\nactions/setup-python#899
    • \r\n
  • Documentation update for caching poetry dependencies by @​gowridurgad in\r\nactions/setup-python#908
    • \r\n
\r\n

Dependency updates:

\r\n
    \r\n
  • Bump @​iarna/toml version from 2.2.5 to 3.0.0 by @​priya-kinthali\r\nin actions/setup-python#912
    • \r\n
  • Bump pyinstaller from 3.6 to 5.13.1 by @​aparnajyothi-y\r\nin actions/setup-python#923
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​sciencewhiz\r\nmade their first contribution in actions/setup-python#899
    • \r\n
  • @​priyagupta108\r\nmade their first contribution in actions/setup-python#916
    • \r\n
  • @​Zxilly made\r\ntheir first contribution in actions/setup-python#896
    • \r\n
  • @​aparnajyothi-y\r\nmade their first contribution in actions/setup-python#923
    • \r\n
\r\n

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.2.0

\r\n

v5.1.1

\r\n

What's Changed

\r\n

Bug fixes:

\r\n
    \r\n
  • fix(ci): update all failing workflows by @​mayeut in actions/setup-python#863\r\nThis update ensures compatibility and optimal performance of workflows\r\non the latest macOS version.
    • \r\n
\r\n

Documentation changes:

\r\n
    \r\n
  • Documentation update for cache by @​gowridurgad in\r\nactions/setup-python#873
    • \r\n
\r\n

Dependency updates:

\r\n
    \r\n
  • Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by\r\n@​dependabot in\r\nactions/setup-python#893
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​gowridurgad\r\nmade their first contribution in actions/setup-python#873
    • \r\n
\r\n

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.1.1

\r\n

v5.1.0

\r\n

What's Changed

\r\n
    \r\n
  • Leveraging the raw API to retrieve the version-manifest, as it does\r\nnot impose a rate limit and hence facilitates unrestricted consumption\r\nwithout the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-python#766.
    • \r\n
  • Dependency updates by @​dependabot and\r\n@​HarithaVattikuti\r\nin actions/setup-python#817
    • \r\n
  • Documentation changes for version in README by @​basnijholt in actions/setup-python#776
    • \r\n
  • Documentation changes for link in README by @​ukd1 in actions/setup-python#793
    • \r\n
  • Documentation changes for link in Advanced Usage by @​Jamim in actions/setup-python#782
    • \r\n
  • Documentation changes for avoiding rate limit issues on GHES by @​priya-kinthali\r\nin actions/setup-python#835
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​basnijholt made\r\ntheir first contribution in actions/setup-python#776
    • \r\n
  • @​ukd1 made their\r\nfirst contribution in actions/setup-python#793
    • \r\n
  • @​Jamim made\r\ntheir first contribution in actions/setup-python#782
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=4.7.0&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"⬆️ Bump actions/setup-python from 4.7.0 to 5.2.0 (#146)"}},{"before":null,"after":"e09a60aa02e35b88e0d42237b932291da4ea5294","ref":"refs/heads/dependabot/github_actions/actions/upload-artifact-4.4.0","pushedAt":"2024-09-02T00:36:24.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump actions/upload-artifact from 3.1.2 to 4.4.0\n\nBumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 4.4.0.\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...50769540e7f4bd5e21e526ee35c689e35e0d6874)\n\n---\nupdated-dependencies:\n- dependency-name: actions/upload-artifact\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump actions/upload-artifact from 3.1.2 to 4.4.0"}},{"before":null,"after":"dc4727785ac39e416dbe5285457a95f370c3b50a","ref":"refs/heads/dependabot/github_actions/actions/setup-python-5.2.0","pushedAt":"2024-09-02T00:36:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump actions/setup-python from 4.7.0 to 5.2.0\n\nBumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.0 to 5.2.0.\n- [Release notes](https://github.com/actions/setup-python/releases)\n- [Commits](https://github.com/actions/setup-python/compare/61a6322f88396a6271a6ee3565807d608ecaddd1...f677139bbe7f9c59b41e40162b753c062f5d49a3)\n\n---\nupdated-dependencies:\n- dependency-name: actions/setup-python\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump actions/setup-python from 4.7.0 to 5.2.0"}},{"before":null,"after":"d59dd09fffc1799e7657372cf1f948d8cb257435","ref":"refs/heads/dependabot/github_actions/pypa/gh-action-pypi-publish-1.10.0","pushedAt":"2024-09-02T00:36:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.0\n\nBumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.9.0 to 1.10.0.\n- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)\n- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0...8a08d616893759ef8e1aa1f2785787c0b97e20d6)\n\n---\nupdated-dependencies:\n- dependency-name: pypa/gh-action-pypi-publish\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.0"}},{"before":"a535d9db2a9702ee1747e84548b3f143a5703925","after":"111e38096e787d783cb0fe0bbbd6587b9a4cc444","ref":"refs/heads/main","pushedAt":"2024-08-20T01:35:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":"Update CHANGES.rst","shortMessageHtmlLink":"Update CHANGES.rst"}},{"before":"d4c6cf93b729c11569efa2df088bb1975355b9ae","after":null,"ref":"refs/heads/fix-http2-low-window-frame","pushedAt":"2024-08-20T01:32:34.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"}},{"before":"b6dc3344625fa39f751e02b01d17b40406d70b5c","after":"a535d9db2a9702ee1747e84548b3f143a5703925","ref":"refs/heads/main","pushedAt":"2024-08-20T01:32:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bug: fix http2 maximum frame size error when the remote explicitly set a lower value than the default blocksize (#144)\n\n…\r\nOriginally found at\r\nhttps://github.com/internetstandards/Internet.nl/issues/1485","shortMessageHtmlLink":"🐛 fix http2 maximum frame size error when the remote explicitly set a…"}},{"before":"3e85584b9ebc17502a01ea96d9cf81e08f722bad","after":"d4c6cf93b729c11569efa2df088bb1975355b9ae","ref":"refs/heads/fix-http2-low-window-frame","pushedAt":"2024-08-20T01:12:47.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bug: fix http2 maximum frame size error when the remote explicitly set a lower value than the default blocksize","shortMessageHtmlLink":"🐛 fix http2 maximum frame size error when the remote explicitly set a…"}},{"before":null,"after":"3e85584b9ebc17502a01ea96d9cf81e08f722bad","ref":"refs/heads/fix-http2-low-window-frame","pushedAt":"2024-08-20T01:04:38.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bug: fix http2 maximum frame size error when the remote explicitly set a lower value than the default blocksize","shortMessageHtmlLink":"🐛 fix http2 maximum frame size error when the remote explicitly set a…"}},{"before":"678912c5e9725790f25c17c6abf87321ee3be2e4","after":null,"ref":"refs/heads/remove-openssl-constraint","pushedAt":"2024-08-15T04:42:14.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"}},{"before":"f2c8bd00564408f38eaabaf51db614069b3b473e","after":"b6dc3344625fa39f751e02b01d17b40406d70b5c","ref":"refs/heads/main","pushedAt":"2024-08-15T04:42:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bookmark: Release 2.8.906 (#143)\n\n- Removed opinionated OpenSSL version constraint that forbid any version\r\nlower than 1.1.1. The reasoning behind this is that some companies\r\nexpressed (to us) the need to upgrade urllib3 to urllib3-future in\r\n(very) old Python 3.7 built against patched OpenSSL 1.0.2 or 1.0.8 and\r\ncollaborative testing showed us that this constraint is overly\r\nprotective. Those build often lack TLS 1.3 support and may contain major\r\nvulnerabilities, but we have to be optimistic on their awareness. TLS\r\n1.3 / QUIC is also an option for them as it works out of the box on\r\nthose old distributions. Effective immediately, we added a dedicated\r\npipeline in our CI to verify that urllib3-future works with the oldest\r\nPython 3.7 build we found out there. Blindly removing support for those\r\nlibraries when supporting Python 3.7 ... 3.9 is as we \"partially\"\r\nsupport this range and end-users have no to little clues for why it's\r\nrejected when it clearly works. The only issue that can appear is for\r\nusers that have Python built against a SSL library that does not support\r\neither TLS 1.2 or 1.3, they will encounter errors for sure.\r\n- Changed to submodule http2 to subpackage http2. Purely upstream sync.\r\nStill no use for us.\r\n- Changed minimum (C)Python interpreter version for qh3 automatic pickup\r\nto 3.7.11 as it bundle pip 21.2.4 and is the minimum version to pick an\r\nappropriate (abi3) pre-built wheel. You may still install ``qh3``\r\nmanually by first upgrading your pip installation by running ``python -m\r\npip install -U pip``.\r\n- Fixed an issue where a server is yielding an invalid/malformed\r\n``Alt-Svc`` header and urllib3-future may crash upon it.\r\n- Fixed an issue where sending a ``str`` body using a ``bytes`` value\r\nfor Content-Type would induce a crash. This was due to our unicode\r\ntransparency policy. See\r\nhttps://github.com/jawah/urllib3.future/pull/142","shortMessageHtmlLink":"🔖 Release 2.8.906 (#143)"}},{"before":"dee539dccd35f2f3cb479bc8f6e6d06ece638d00","after":"678912c5e9725790f25c17c6abf87321ee3be2e4","ref":"refs/heads/remove-openssl-constraint","pushedAt":"2024-08-15T04:27:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bookmark: Release 2.8.906\n\n- Removed opinionated OpenSSL version constraint that forbid any version lower than 1.1.1.\n The reasoning behind this is that some companies expressed (to us) the need to upgrade urllib3 to urllib3-future\n in (very) old Python 3.7 built against patched OpenSSL 1.0.2 or 1.0.8 and collaborative testing showed us\n that this constraint is overly protective. Those build often lack TLS 1.3 support and may contain\n major vulnerabilities, but we have to be optimistic on their awareness.\n TLS 1.3 / QUIC is also an option for them as it works out of the box on those old distributions.\n Effective immediately, we added a dedicated pipeline in our CI to verify that urllib3-future works\n with the oldest Python 3.7 build we found out there.\n Blindly removing support for those libraries when supporting Python 3.7 ... 3.9 is as we \"partially\"\n support this range and end-users have no to little clues for why it's rejected when it clearly works.\n The only issue that can appear is for users that have Python built against a SSL library that does not\n support either TLS 1.2 or 1.3, they will encounter errors for sure.\n- Changed to submodule http2 to subpackage http2. Purely upstream sync. Still no use for us.\n- Changed minimum (C)Python interpreter version for qh3 automatic pickup to 3.7.11 as it bundle pip 21.2.4 and\n is the minimum version to pick an appropriate (abi3) pre-built wheel. You may still install ``qh3`` manually\n by first upgrading your pip installation by running ``python -m pip install -U pip``.\n- Fixed an issue where a server is yielding an invalid/malformed ``Alt-Svc`` header and urllib3-future may crash upon it.\n- Fixed an issue where sending a ``str`` body using a ``bytes`` value for Content-Type would induce a crash.\n This was due to our unicode transparency policy. See https://github.com/jawah/urllib3.future/pull/142","shortMessageHtmlLink":"🔖 Release 2.8.906"}},{"before":"e4634bc23588409638e8042682dae8ac6a44f8eb","after":"dee539dccd35f2f3cb479bc8f6e6d06ece638d00","ref":"refs/heads/remove-openssl-constraint","pushedAt":"2024-08-15T04:15:27.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bookmark: Release 2.8.906\n\n- Removed opinionated OpenSSL version constraint that forbid any version lower than 1.1.1.\n The reasoning behind this is that some companies expressed (to us) the need to upgrade urllib3 to urllib3-future\n in (very) old Python 3.7 built against patched OpenSSL 1.0.2 or 1.0.8 and collaborative testing showed us\n that this constraint is overly protective. Those build often lack TLS 1.3 support and may contain\n major vulnerabilities, but we have to be optimistic on their awareness.\n TLS 1.3 / QUIC is also an option for them as it works out of the box on those old distributions.\n Effective immediately, we added a dedicated pipeline in our CI to verify that urllib3-future works\n with the oldest Python 3.7 build we found out there.\n Blindly removing support for those libraries when supporting Python 3.7 ... 3.9 is as we \"partially\"\n support this range and end-users have no to little clues for why it's rejected when it clearly works.\n The only issue that can appear is for users that have Python built against a SSL library that does not\n support either TLS 1.2 or 1.3, they will encounter errors for sure.\n- Changed to submodule http2 to subpackage http2. Purely upstream sync. Still no use for us.\n- Changed minimum (C)Python interpreter version for qh3 automatic pickup to 3.7.11 as it bundle pip 21.2.4 and\n is the minimum version to pick an appropriate (abi3) pre-built wheel. You may still install ``qh3`` manually\n by first upgrading your pip installation by running ``python -m pip install -U pip``.\n- Fixed an issue where a server is yielding an invalid/malformed ``Alt-Svc`` header and urllib3-future may crash upon it.\n- Fixed an issue where sending a ``str`` body using a ``bytes`` value for Content-Type would induce a crash.\n This was due to our unicode transparency policy. See https://github.com/jawah/urllib3.future/pull/142","shortMessageHtmlLink":"🔖 Release 2.8.906"}},{"before":"f085ce993f3e495fb52ce4b3732a369d77b03e7f","after":"e4634bc23588409638e8042682dae8ac6a44f8eb","ref":"refs/heads/remove-openssl-constraint","pushedAt":"2024-08-15T03:45:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bookmark: Release 2.8.906\n\n- Removed opinionated OpenSSL version constraint that forbid any version lower than 1.1.1.\n The reasoning behind this is that some companies expressed (to us) the need to upgrade urllib3 to urllib3-future\n in (very) old Python 3.7 built against patched OpenSSL 1.0.2 or 1.0.8 and collaborative testing showed us\n that this constraint is overly protective. Those build often lack TLS 1.3 support and may contain\n major vulnerabilities, but we have to be optimistic on their awareness.\n TLS 1.3 / QUIC is also an option for them as it works out of the box on those old distributions.\n Effective immediately, we added a dedicated pipeline in our CI to verify that urllib3-future works\n with the oldest Python 3.7 build we found out there.\n Blindly removing support for those libraries when supporting Python 3.7 ... 3.9 is as we \"partially\"\n support this range and end-users have no to little clues for why it's rejected when it clearly works.\n The only issue that can appear is for users that have Python built against a SSL library that does not\n support either TLS 1.2 or 1.3, they will encounter errors for sure.\n- Changed to submodule http2 to subpackage http2. Purely upstream sync. Still no use for us.\n- Changed minimum (C)Python interpreter version for qh3 automatic pickup to 3.7.11 as it bundle pip 21.2.4 and\n is the minimum version to pick an appropriate (abi3) pre-built wheel. You may still install ``qh3`` manually\n by first upgrading your pip installation by running ``python -m pip install -U pip``.\n- Fixed an issue where a server is yielding an invalid/malformed ``Alt-Svc`` header and urllib3-future may crash upon it.\n- Fixed an issue where sending a ``str`` body using a ``bytes`` value for Content-Type would induce a crash.\n This was due to our unicode transparency policy. See https://github.com/jawah/urllib3.future/pull/142","shortMessageHtmlLink":"🔖 Release 2.8.906"}},{"before":null,"after":"f085ce993f3e495fb52ce4b3732a369d77b03e7f","ref":"refs/heads/remove-openssl-constraint","pushedAt":"2024-08-15T03:41:10.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bookmark: Release 2.8.906\n\n- Removed opinionated OpenSSL version constraint that forbid any version lower than 1.1.1.\n The reasoning behind this is that some companies expressed (to us) the need to upgrade urllib3 to urllib3-future\n in (very) old Python 3.7 built against patched OpenSSL 1.0.2 or 1.0.8 and collaborative testing showed us\n that this constraint is overly protective. Those build often lack TLS 1.3 support and may contain\n major vulnerabilities, but we have to be optimistic on their awareness.\n TLS 1.3 / QUIC is also an option for them as it works out of the box on those old distributions.\n Effective immediately, we added a dedicated pipeline in our CI to verify that urllib3-future works\n with the oldest Python 3.7 build we found out there.\n Blindly removing support for those libraries when supporting Python 3.7 ... 3.9 is as we \"partially\"\n support this range and end-users have no to little clues for why it's rejected when it clearly works.\n The only issue that can appear is for users that have Python built against a SSL library that does not\n support either TLS 1.2 or 1.3, they will encounter errors for sure.\n- Changed to submodule http2 to subpackage http2. Purely upstream sync. Still no use for us.\n- Changed minimum (C)Python interpreter version for qh3 automatic pickup to 3.7.11 as it bundle pip 21.2.4 and\n is the minimum version to pick an appropriate (abi3) pre-built wheel. You may still install ``qh3`` manually\n by first upgrading your pip installation by running ``python -m pip install -U pip``.\n- Fixed an issue where a server is yielding an invalid/malformed ``Alt-Svc`` header and urllib3-future may crash upon it.\n- Fixed an issue where sending a ``str`` body using a ``bytes`` value for Content-Type would induce a crash.\n This was due to our unicode transparency policy. See https://github.com/jawah/urllib3.future/pull/142","shortMessageHtmlLink":"🔖 Release 2.8.906"}},{"before":"79aaa265e4eb66521d38f6c2b70c1f508505c606","after":"f2c8bd00564408f38eaabaf51db614069b3b473e","ref":"refs/heads/main","pushedAt":"2024-08-15T03:36:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":"Fix unhandled header as bytes for the unicode content-type transparency (#142)\n\nThis PR aims to fix a bug I encountered when using a library that\r\ndepends on urllib3.future in the same venv as boto3. This is I believe\r\nthe same issue raised in #133.\r\n\r\nThe reason this occurred is that since urllib3 v2, headers were typed to be string only (k,v). but current usage shows that bytes are still used as values.\r\nFortunately, the rest of the code already take that into account. The issue was specifically located in the \"content-length\" x \"charset\" transparency addition in urllib3-future.\r\nmoreover, it seems that no test available in botocore or boto3 cover that specific case, another reason why we missed it.\r\n\r\n---------\r\n\r\nCo-authored-by: Ahmed TAHRI ","shortMessageHtmlLink":"Fix unhandled header as bytes for the unicode content-type transparen…"}},{"before":"5888a6eb906b8b5ff2b85bb016335b268d6b6486","after":null,"ref":"refs/heads/dependabot/github_actions/github/codeql-action-3.26.0","pushedAt":"2024-08-12T04:14:20.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"}},{"before":"240cee02decb5d6c6670ed76e610cc0d65bd482b","after":"79aaa265e4eb66521d38f6c2b70c1f508505c606","ref":"refs/heads/main","pushedAt":"2024-08-12T04:14:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":"⬆️ Bump github/codeql-action from 3.25.6 to 3.26.0 (#141)\n\nBumps [github/codeql-action](https://github.com/github/codeql-action)\r\nfrom 3.25.6 to 3.26.0.\r\n
\r\nChangelog\r\n

Sourced from github/codeql-action's\r\nchangelog.

\r\n
\r\n

CodeQL Action Changelog

\r\n

See the releases\r\npage for the relevant changes to the CodeQL CLI and language\r\npacks.

\r\n

Note that the only difference between v2 and\r\nv3 of the CodeQL Action is the node version they support,\r\nwith v3 running on node 20 while we continue to release\r\nv2 to support running on node 16. For example\r\n3.22.11 was the first v3 release and is\r\nfunctionally identical to 2.22.11. This approach ensures an\r\neasy way to track exactly which features are included in different\r\nversions, indicated by the minor and patch version numbers.

\r\n

[UNRELEASED]

\r\n

No user facing changes.

\r\n

3.26.0 - 06 Aug 2024

\r\n
    \r\n
  • Deprecation: Swift analysis on Ubuntu runner images is no\r\nlonger supported. Please migrate to a macOS runner if this affects you.\r\n#2403
    • \r\n
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408
    • \r\n
\r\n

3.25.15 - 26 Jul 2024

\r\n
    \r\n
  • Update default CodeQL bundle version to 2.18.1. #2385
    • \r\n
\r\n

3.25.14 - 25 Jul 2024

\r\n
    \r\n
  • Experimental: add a new start-proxy action which starts\r\nthe same HTTP proxy as used by github/dependabot-action.\r\nDo not use this in production as it is part of an internal experiment\r\nand subject to change at any time. #2376
    • \r\n
\r\n

3.25.13 - 19 Jul 2024

\r\n
    \r\n
  • Add codeql-version to outputs. #2368
    • \r\n
  • Add a deprecation warning for customers using CodeQL version 2.13.4\r\nand earlier. These versions of CodeQL were discontinued on 9 July 2024\r\nalongside GitHub Enterprise Server 3.9, and will be unsupported by\r\nCodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.\r\n#2375\r\n
      \r\n
    • If you are using one of these versions, please update to CodeQL CLI\r\nversion 2.13.5 or later. For instance, if you have specified a custom\r\nversion of the CLI using the 'tools' input to the 'init' Action, you can\r\nremove this input to use the default version.
      • \r\n
    • Alternatively, if you want to continue using a version of the CodeQL\r\nCLI between 2.12.6 and 2.13.4, you can replace\r\ngithub/codeql-action/*@v3 by\r\ngithub/codeql-action/*@v3.25.13 and\r\ngithub/codeql-action/*@v2 by\r\ngithub/codeql-action/*@v2.25.13 in your code scanning\r\nworkflow to ensure you continue using this version of the CodeQL\r\nAction.
      • \r\n
    \r\n
    • \r\n
\r\n

3.25.12 - 12 Jul 2024

\r\n
    \r\n
  • Improve the reliability and performance of analyzing code when\r\nanalyzing a compiled language with the autobuild build\r\nmode on GitHub Enterprise Server. This feature is already available\r\nto GitHub.com users. #2353
    • \r\n
  • Update default CodeQL bundle version to 2.18.0. #2364
    • \r\n
\r\n

3.25.11 - 28 Jun 2024

\r\n
    \r\n
  • Avoid failing the workflow run if there is an error while uploading\r\ndebug artifacts. #2349
    • \r\n
  • Update default CodeQL bundle version to 2.17.6. #2352
    • \r\n
\r\n

3.25.10 - 13 Jun 2024

\r\n
    \r\n
  • Update default CodeQL bundle version to 2.17.5. #2327
    • \r\n
\r\n

3.25.9 - 12 Jun 2024

\r\n
    \r\n
  • Avoid failing database creation if the database folder already\r\nexists and contains some unexpected files. Requires CodeQL 2.18.0 or\r\nhigher. #2330
    • \r\n
  • The init Action will attempt to clean up the database cluster\r\ndirectory before creating a new database and at the end of the job. This\r\nwill help to avoid issues where the database cluster directory is left\r\nin an inconsistent state. #2332
    • \r\n
\r\n

3.25.8 - 04 Jun 2024

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • eb055d7\r\nMerge pull request #2410\r\nfrom github/update-v3.26.0-c24926b73
    • \r\n
  • 3884d04\r\nUpdate changelog for v3.26.0
    • \r\n
  • c24926b\r\nMerge pull request #2407\r\nfrom github/dependabot/npm_and_yarn/npm-7954a73ad2
    • \r\n
  • 68ba39b\r\nMerge branch 'main' into dependabot/npm_and_yarn/npm-7954a73ad2
    • \r\n
  • 8dd1773\r\nMerge pull request #2408\r\nfrom github/henrymercer/deprecate-codeql-2.13.4
    • \r\n
  • 441c9d9\r\nMerge pull request #2409\r\nfrom github/henrymercer/fix-required-checks
    • \r\n
  • f03da13\r\nExclude push-only unit tests job from required PR checks script
    • \r\n
  • 29a5cfc\r\nBump version to 3.26.0
    • \r\n
  • 9e440ad\r\nAdd changelog note
    • \r\n
  • 136f5a5\r\nAdd CodeQL v2.17.6 to default test versions
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.6&new-version=3.26.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"⬆️ Bump github/codeql-action from 3.25.6 to 3.26.0 (#141)"}},{"before":"7d96620d7c99383d41456a3c3cbfd87d9169bb44","after":null,"ref":"refs/heads/dependabot/github_actions/actions/upload-artifact-4.3.6","pushedAt":"2024-08-12T04:10:16.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"5888a6eb906b8b5ff2b85bb016335b268d6b6486","ref":"refs/heads/dependabot/github_actions/github/codeql-action-3.26.0","pushedAt":"2024-08-12T00:21:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump github/codeql-action from 3.25.6 to 3.26.0\n\nBumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.26.0.\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...eb055d739abdc2e8de2e5f4ba1a8b246daa779aa)\n\n---\nupdated-dependencies:\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump github/codeql-action from 3.25.6 to 3.26.0"}},{"before":null,"after":"7d96620d7c99383d41456a3c3cbfd87d9169bb44","ref":"refs/heads/dependabot/github_actions/actions/upload-artifact-4.3.6","pushedAt":"2024-08-12T00:21:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump actions/upload-artifact from 3.1.2 to 4.3.6\n\nBumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 4.3.6.\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...834a144ee995460fba8ed112a2fc961b36a5ec5a)\n\n---\nupdated-dependencies:\n- dependency-name: actions/upload-artifact\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump actions/upload-artifact from 3.1.2 to 4.3.6"}},{"before":"ec9b59c151f10c754e7eeb8998bab8e064bc8925","after":null,"ref":"refs/heads/dependabot/github_actions/actions/upload-artifact-4.3.5","pushedAt":"2024-08-05T08:49:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"ec9b59c151f10c754e7eeb8998bab8e064bc8925","ref":"refs/heads/dependabot/github_actions/actions/upload-artifact-4.3.5","pushedAt":"2024-08-05T00:11:12.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":":arrow_up: Bump actions/upload-artifact from 3.1.2 to 4.3.5\n\nBumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 4.3.5.\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...89ef406dd8d7e03cfd12d9e0a4a378f454709029)\n\n---\nupdated-dependencies:\n- dependency-name: actions/upload-artifact\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"⬆️ Bump actions/upload-artifact from 3.1.2 to 4.3.5"}},{"before":"73f66391d604d733e3ccb06a7f17eb9e04168c57","after":null,"ref":"refs/heads/dependabot/github_actions/ossf/scorecard-action-2.4.0","pushedAt":"2024-08-04T09:32:27.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"}},{"before":"8a03252ed13dd3660e8731ba0ec8500053950998","after":"240cee02decb5d6c6670ed76e610cc0d65bd482b","ref":"refs/heads/main","pushedAt":"2024-08-04T09:32:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":"⬆️ Bump ossf/scorecard-action from 2.3.0 to 2.4.0 (#137)\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)\r\nfrom 2.3.0 to 2.4.0.\r\n
\r\nRelease notes\r\n

Sourced from ossf/scorecard-action's\r\nreleases.

\r\n
\r\n

v2.4.0

\r\n

What's Changed

\r\n

This update bumps the Scorecard version to the v5 release. For a\r\ncomplete list of changes, please refer to the v5.0.0\r\nrelease notes. Of special note to Scorecard Action is the Maintainer\r\nAnnotation feature, which can be used to suppress some Code Scanning\r\nfalse positives. Alerts will not be generated for any Scorecard Check\r\nwith an annotation.

\r\n
    \r\n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0 by @​spencerschrock\r\nin ossf/scorecard-action#1410
    • \r\n
  • :bug: lower license sarif alert threshold to 9 by @​spencerschrock\r\nin ossf/scorecard-action#1411
    • \r\n
\r\n

Documentation

\r\n
    \r\n
  • docs: dogfooding badge by @​jkowalleck in ossf/scorecard-action#1399
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​jkowalleck made\r\ntheir first contribution in ossf/scorecard-action#1399
    • \r\n
\r\n

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0

\r\n

v2.3.3

\r\n
\r\n

[!NOTE]
\r\nThere is no v2.3.2 release as a step was skipped in the release process.\r\nThis was fixed and re-released under the v2.3.3 tag

\r\n
\r\n

What's Changed

\r\n
    \r\n
  • :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\r\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock\r\nin ossf/scorecard-action#1366
    • \r\n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\r\nv5.0.0-rc2 by @​spencerschrock\r\nin ossf/scorecard-action#1374
    • \r\n
  • :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock\r\nin ossf/scorecard-action#1377
    • \r\n
\r\n

For a full changelist of what these include, see the v5.0.0-rc1\r\nand v5.0.0-rc2\r\nrelease notes.

\r\n

Documentation

\r\n
    \r\n
  • :book: Move token discussion out of main README. by @​spencerschrock\r\nin ossf/scorecard-action#1279
    • \r\n
  • :book: link to ossf/scorecard workflow instead of\r\nmaintaining an example by @​spencerschrock\r\nin ossf/scorecard-action#1352
    • \r\n
  • :book: update api links to new scorecard.dev site by @​spencerschrock\r\nin ossf/scorecard-action#1376
    • \r\n
\r\n

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

\r\n

v2.3.1

\r\n

What's Changed

\r\n
    \r\n
  • :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1\r\nby @​spencerschrock\r\nin ossf/scorecard-action#1282\r\n
      \r\n
    • Adds additional Fuzzing detection and fixes a SAST bug related to\r\ndetecting CodeQL. For a full changelist of what this includes, see the\r\nv4.13.1\r\nrelease notes
      • \r\n
    \r\n
    • \r\n
\r\n

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1

\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 62b2cac\r\nbump docker tag to v2.4.0 for release (#1414)
    • \r\n
  • c09630c\r\nlower license score alert threshold to 9 (#1411)
    • \r\n
  • cf8594c\r\n:seedling: Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
    • \r\n
  • de5fcb9\r\n:seedling: Bump the github-actions group with 2 updates (#1412)
    • \r\n
  • a46b90b\r\nbump scorecard to v5.0.0 release (#1410)
    • \r\n
  • 9fc518d\r\n:seedling: Bump golang in the docker-images group (#1407)
    • \r\n
  • a8eaa1b\r\n:seedling: Bump the github-actions group with 2 updates (#1408)
    • \r\n
  • 873d5fd\r\n:seedling: Bump the github-actions group across 1 directory with 2\r\nupdates (#...
    • \r\n
  • 54cc1fe\r\n:seedling: Bump the docker-images group with 2 updates (#1401)
    • \r\n
  • 82bcb91\r\n:seedling: Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"⬆️ Bump ossf/scorecard-action from 2.3.0 to 2.4.0 (#137)"}},{"before":"c4d108f842022608d9caf47bcda8d926f114d1fd","after":null,"ref":"refs/heads/release-2.8.905","pushedAt":"2024-08-04T05:55:48.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"}},{"before":"d00a79be1a19034f4bfbd87d45d85982d72d28a4","after":"8a03252ed13dd3660e8731ba0ec8500053950998","ref":"refs/heads/main","pushedAt":"2024-08-04T05:55:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Ousret","name":"TAHRI Ahmed R.","path":"/Ousret","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/9326700?s=80&v=4"},"commit":{"message":":bookmark: Release 2.8.905 (#138)\n\n- Fixed wrong upgrade attempt to QUIC when using a SOCKS proxy. Any\r\nusage of a proxy disable HTTP/3 over QUIC as per documented. until\r\nproper support is implemented in a next minor version.\r\n- Backported upstream urllib3 #3434: util/ssl: make code resilient to\r\nmissing hash functions. In certain environments such as in a FIPS\r\nenabled system, certain algorithms such as md5 may be unavailable. Due\r\nto the importing of such a module on a system where it is unavailable,\r\nurllib3(-future) will crash and is unusable.\r\nhttps://github.com/urllib3/urllib3/pull/3434\r\n- Backported upstream urllib3 GHSA-34jh-p97f-mpxf: Strip\r\nProxy-Authorization header on redirects. Added the\r\n``Proxy-Authorization`` header to the list of headers to strip from\r\nrequests when redirecting to a different host. As before, different\r\nheaders can be set via ``Retry.remove_headers_on_redirect``.\r\n- Fixed state-machine desync on a rare scenario when uploading a body\r\nusing HTTP/3 over QUIC.","shortMessageHtmlLink":"🔖 Release 2.8.905 (#138)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEsFy-sgA","startCursor":null,"endCursor":null}},"title":"Activity · jawah/urllib3.future"}