Sync from SUSE:SLFO:Main python-urllib3 revision b62f7a8b3740e3b8609fe1bca250e3b6

python-urllib3.changes

@@ -1,3 +1,71 @@
+-------------------------------------------------------------------
+Mon Jun 23 02:03:12 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 2.5.0:
+  * Security issues
+    Pool managers now properly control redirects when retries is passed
+    (CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
+    Redirects are now controlled by urllib3 in the Node.js runtime
+    (CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924)
+  * Features
+    Added support for the compression.zstd module that is new in Python 3.14.
+    Added support for version 0.5 of hatch-vcs
+  * Bugfixes
+    Raised exception for HTTPResponse.shutdown on a connection already
+    released to the pool.
+    Fixed incorrect CONNECT statement when using an IPv6 proxy with
+    connection_from_host. Previously would not be wrapped in [].
+
+-------------------------------------------------------------------
+Tue May 27 08:56:43 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 2.4.0
+  * Applied PEP 639 by specifying the license fields in
+    pyproject.toml. (#3522)
+  * Updated exceptions to save and restore more properties during the
+    pickle/serialization process. (#3567)
+  * Added verify_flags option to create_urllib3_context with a default
+    of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python
+    3.13+. (#3571)
+  * Fixed a bug with partial reads of streaming data in Emscripten.
+    (#3555)
+  * Switched to uv for installing development dependecies. (#3550)
+  * Removed the multiple.intoto.jsonl asset from GitHub releases.
+    Attestation of release files since v2.3.0 can be found on PyPI.
+    (#3566)
+- 2.3.0:
+  * Added HTTPResponse.shutdown() to stop any ongoing or future reads
+    for a specific response. It calls shutdown(SHUT_RD) on the
+    underlying socket. This feature was sponsored by LaunchDarkly.
+    (#2868)
+  * Added support for JavaScript Promise Integration on Emscripten.
+    This enables more efficient WebAssembly requests and streaming,
+    and makes it possible to use in Node.js if you launch it as node
+    --experimental-wasm-stack-switching. (#3400)
+  * Added the proxy_is_tunneling property to HTTPConnection and
+    HTTPSConnection. (#3285)
+  * Added pickling support to NewConnectionError and
+    NameResolutionError. (#3480)
+  * Fixed an issue in debug logs where the HTTP version was rendering
+    as "HTTP/11" instead of "HTTP/1.1". (#3489)
+  * Removed support for Python 3.8. (#3492)
+
+-------------------------------------------------------------------
+Tue May 27 08:51:09 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Skip test_close_after_handshake flaky test, it fails sometimes in
+  ppc64le and s390x architectures, bsc#1243583
+
+-------------------------------------------------------------------
+Thu Dec 19 07:20:32 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Skip some flaky tests that fail sometimes in OBS (bsc#1234681)
+
+-------------------------------------------------------------------
+Wed Dec 18 08:41:22 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Ignore DeprecationWarning in tests (bsc#1234681)
+
 -------------------------------------------------------------------
 Thu Oct  3 05:10:09 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 

python-urllib3.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-urllib3
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,8 +18,6 @@
 
 %global flavor @BUILD_FLAVOR@%{nil}
 %if "%{flavor}" == "test"
-# No Quart for Python 3.10
-%define skip_python310 1
 %define psuffix -test
 %bcond_without test
 %else
@@ -28,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-urllib3%{psuffix}
-Version:        2.2.3
+Version:        2.5.0
 Release:        0
 Summary:        HTTP library with thread-safe connection pooling, file post, and more
 License:        MIT
@@ -119,7 +117,7 @@ export PYTHONPATH="$PWD/../patched-hypercorn/hypercorn-%{hypercorn_commit}/src"
 # gh#urllib3/urllib3#2109
 export CI="true"
 # skip some randomly failing tests (mostly on i586, but sometimes they fail on other architectures)
-skiplist="test_ssl_read_timeout or test_ssl_failed_fingerprint_verification or test_ssl_custom_validation_failure_terminates"
+skiplist="test_ssl_read_timeout or test_ssl_failed_fingerprint_verification or test_ssl_custom_validation_failure_terminates or test_close_after_handshake"
 # gh#urllib3/urllib3#1752 and others: upstream's way of checking that the build
 # system has a correct system time breaks (re-)building the package after too
 # many months have passed since the last release.
@@ -130,7 +128,10 @@ skiplist+=" or test_requesting_large_resources_via_ssl"
 skiplist+=" or test_deprecated_no_scheme"
 # weird threading issues on OBS runners
 skiplist+=" or test_http2_probe_blocked_per_thread"
-%pytest %{?jobs:-n %jobs} -k "not (${skiplist})" --ignore test/with_dummyserver/test_socketlevel.py
+# flaky test, works locally but fails in OBS with
+# TypeError: _wrap_bio() argument 'incoming' must be _ssl.MemoryBIO, not _ssl.MemoryBIO
+skiplist+=" or test_https_proxy_forwarding_for_https or test_https_headers_forwarding_for_https"
+%pytest -W ignore::DeprecationWarning %{?jobs:-n %jobs} -k "not (${skiplist})" --ignore test/with_dummyserver/test_socketlevel.py
 %endif
 
 %if ! %{with test}