dimstar_suse
e59c31cab6
- Update to 2.7.0 (CVE-2026-44432, bsc#1265266, CVE-2026-44431, bsc#1265267):
## Security
Addressed high-severity security issues. Impact was limited to
specific use cases detailed in the accompanying advisories; overall
user exposure was estimated to be marginal.
* Decompression-bomb safeguards of the streaming API were bypassed:
See GHSA-mf9v-mfxr-j63j for details.
* HTTP pools created using ProxyManager.connection_from_url did not
strip sensitive headers specified in
Retry.remove_headers_on_redirect when redirecting to a different
host. (GHSA-qccp-gfcp-xxvc)
## Deprecations and Removals
* Used FutureWarning instead of DeprecationWarning for better
visibility of existing deprecation notices. Rescheduled the
removal of deprecated features to version 3.0. (#3763)
* Removed support for end-of-life Python 3.9. (#3720)
* Removed support for end-of-life PyPy3.10. (#4979)
* Bumped the minimum supported pyOpenSSL version to 19.0.0. (#3777)
## Bugfixes
* Fixed a bug where HTTPResponse.read(amt=None) was ignoring
decompressed data buffered from previous partial reads. (#3636)
* Fixed a bug where HTTPResponse.read() could cache only part of the
response after a partial read when cache_content=True. (#4967)
* Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to
handle amt=0. (#3793)
* Updated _TYPE_BODY type alias to include missing Iterable[str],
matching the documented and runtime behavior of chunked request
bodies. (#3798)
* Fixed LocationParseError when paths resembling schemeless URIs
were passed to HTTPConnectionPool.urlopen(). (#3352)
OBS-URL: https://build.opensuse.org/request/show/1353180
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=75