Bump the pip group across 1 directory with 6 updates

[dependabot]

Bumps the pip group with 6 updates in the /tests/data directory:

Package	From	To
certifi	2023.7.22	2024.6.2
future	0.18.2	0.18.3
pillow	10.2.0	10.3.0
pyinstaller	5.13.1	6.8.0
requests	2.24.0	2.32.2
urllib3	1.26.18	1.26.19

Updates certifi from 2023.7.22 to 2024.6.2

Commits

• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
• 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
• 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
• 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
• Additional commits viewable in compare view

Updates future from 0.18.2 to 0.18.3

Release notes

Sourced from future's releases.

v0.18.3

This is a minor bug-fix release containing a number of fixes:

• Backport fix for bpo-38804 (c91d70b)
• Fix bug in fix_print.py fixer (dffc579)
• Fix bug in fix_raise.py fixer (3401099)
• Fix newint bool in py3 (fe645ba)
• Fix bug in super() with metaclasses (6e27aac)
• docs: fix simple typo, reqest -> request (974eb1f)
• Correct eq (c780bf5)
• Pass if lint fails (2abe00d)
• Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
• fix order (f96a219)
• Add flake8 to image (046ff18)
• Make lint.sh executable (58cc984)
• Add docker push to optimize CI (01e8440)
• Build System (42b3025)
• Add docs build status badge to README.md (3f40bd7)
• Use same docs requirements in tox (18ecc5a)
• Add docs/requirements.txt (5f9893f)
• Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
• fix 2.6 test, better comment (ddedcb9)
• fix 2.6 test (3f1ff7e)
• remove nan test (4dbded1)
• include list test values (e3f1a12)
• fix other python2 test issues (c051026)
• fix missing subTest (f006cad)
• import from old imp library on older python versions (fc84fa8)
• replace fstrings with format for python 3.4,3.5 (4a687ea)
• minor style/spelling fixes (8302d8c)
• improve cmp function, add unittest (0d95a40)
• Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
• Fix various py26 unit test failures (9ca5a14)
• Add initial contributing guide with docs build instruction (e55f915)
• Add docs building to tox.ini (3ee9e7f)
• Support NumPy's specialized int types in builtins.round (b4b54f0)
• Added r""" to the docstring to avoid warnings in python3 (5f94572)
• Add subclasscheck for past.types.basestring (c9bc0ff)
• Correct example in README (681e78c)
• Add simple documentation (6c6e3ae)
• Add pre-commit hooks (a9c6a37)
• Handling of next and next by future.utils.get_next was reversed (52b0ff9)
• Add a test for our fix (461d77e)
• Compare headers to correct definition of str (3eaa8fd)
• #322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
• Add tkFileDialog to future.movers.tkinter (f6a6549)
• Sort before comparing dicts in TestChainMap (6126997)
• Fix typo (4dfa099)
• Fix formatting in "What's new" (1663dfa)
• Fix typo (4236061)

... (truncated)

Changelog

Sourced from future's changelog.

Changes in version 0.18.3 (2023-01-13)

This is a minor bug-fix release containing a number of fixes:

• Backport fix for bpo-38804 (c91d70b)
• Fix bug in fix_print.py fixer (dffc579)
• Fix bug in fix_raise.py fixer (3401099)
• Fix newint bool in py3 (fe645ba)
• Fix bug in super() with metaclasses (6e27aac)
• docs: fix simple typo, reqest -> request (974eb1f)
• Correct eq (c780bf5)
• Pass if lint fails (2abe00d)
• Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
• fix order (f96a219)
• Add flake8 to image (046ff18)
• Make lint.sh executable (58cc984)
• Add docker push to optimize CI (01e8440)
• Build System (42b3025)
• Add docs build status badge to README.md (3f40bd7)
• Use same docs requirements in tox (18ecc5a)
• Add docs/requirements.txt (5f9893f)
• Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
• fix 2.6 test, better comment (ddedcb9)
• fix 2.6 test (3f1ff7e)
• remove nan test (4dbded1)
• include list test values (e3f1a12)
• fix other python2 test issues (c051026)
• fix missing subTest (f006cad)
• import from old imp library on older python versions (fc84fa8)
• replace fstrings with format for python 3.4,3.5 (4a687ea)
• minor style/spelling fixes (8302d8c)
• improve cmp function, add unittest (0d95a40)
• Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
• Fix various py26 unit test failures (9ca5a14)
• Add initial contributing guide with docs build instruction (e55f915)
• Add docs building to tox.ini (3ee9e7f)
• Support NumPy's specialized int types in builtins.round (b4b54f0)
• Added r""" to the docstring to avoid warnings in python3 (5f94572)
• Add subclasscheck for past.types.basestring (c9bc0ff)
• Correct example in README (681e78c)
• Add simple documentation (6c6e3ae)
• Add pre-commit hooks (a9c6a37)
• Handling of next and next by future.utils.get_next was reversed (52b0ff9)
• Add a test for our fix (461d77e)
• Compare headers to correct definition of str (3eaa8fd)
• #322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
• Add tkFileDialog to future.movers.tkinter (f6a6549)
• Sort before comparing dicts in TestChainMap (6126997)
• Fix typo (4dfa099)
• Fix formatting in "What's new" (1663dfa)

... (truncated)

Commits

• af1db97 Merge pull request #613 from PythonCharmers/lwan/0.18.3-release
• 079ee9b Prepare for 0.18.3 release
• 02f7a81 Merge pull request #610 from wshanks/wshanks-patch-1
• c91d70b Backport fix for bpo-38804
• 80523f3 Merge pull request #569 from jmadler/master
• 5e5af71 Merge pull request #582 from r3m0t/patch-6
• 17e4bbd Merge pull request #596 from abjonnes/fix-print-trailing-comma
• 1b427ba Merge branch 'xZise-official-count' into master
• c8eb497 Merge branch 'official-count' of https://github.com/xZise/python-future into ...
• dffc579 Fix bug in fix_print.py fixer
• Additional commits viewable in compare view

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates pyinstaller from 5.13.1 to 6.8.0

Release notes

Sourced from pyinstaller's releases.

v6.8.0

Please see the v6.8.0 section of the changelog for a list of the changes since v6.7.0.

v6.7.0

Please see the v6.7.0 section of the changelog for a list of the changes since v6.6.0.

v6.6.0

Please see the v6.6.0 section of the changelog for a list of the changes since v6.5.0.

v6.5.0

Please see the v6.5.0 section of the changelog for a list of the changes since v6.4.0.

v6.4.0

Please see the v6.4.0 section of the changelog for a list of the changes since v6.3.0.

v6.3.0

Please see the v6.3.0 section of the changelog for a list of the changes since v6.2.0.

v6.2.0

Please see the v6.2.0 section of the changelog for a list of the changes since v6.1.0.

v6.1.0

Please see the v6.1.0 section of the changelog for a list of the changes since v6.0.0.

v6.0.0

Please see the v6.0.0 section of the changelog for a list of the changes since v5.13.2.

v5.13.2

Please see the v5.13.2 section of the changelog for a list of the changes since v5.13.1.

Changelog

Sourced from pyinstaller's changelog.

6.8.0 (2024-06-08)

Bugfix

* (macOS) When running ``codesign`` utility on macOS, use hard-coded absolute
  path (``/usr/bin/codesign``) to avoid errors when user has the ``codesign``
  from `sigtool <https://github.com/thefloweringash/sigtool>`_ in their
  ``PATH``. (:issue:`8581`)
* (Windows) When setting up DLL search paths for binary dependency analysis,
  consider the directory where python executable is located (i.e.,
  ``os.path.dirname(sys._base_executable)``) in addition to directory pointed to
  by ``sys.base_prefix``, in case the two differ. This fixes discovery of
  ``python3.dll`` when using python that was locally built from source (i.e.,
  using ``PCbuild\build.bat`` script that comes with python's source code).
  (:issue:`8569`)
Incompatible Changes

• Attempting to do a build whilst inside C:\Windows is now blocked. (:issue:8570)
• Invalid hiddenimports (e.g. filenames instead of module names) are now a build error. (:issue:8570)

Deprecations

* Adding a Python environment's ``site-packages`` directory to
  ``pathex``/``--paths`` will be blocked in v7.0 (:issue:`8570`)
* Running PyInstaller with escalated privileges (e.g. using sudo or in a *run as
  admin* terminal) will be blocked in v7.0. True admin users will be unaffected.
  (:issue:`8570`)
Bootloader

* (POSIX) Bootloader now attempts to create the run-time temporary directory
  given via :option:`--runtime-tmpdir` option (instead of requiring the
  directory to already exist), in order to match the behavior on Windows. A
  relative run-time temporary directory is now resolved to an absolute full path
  before being used to construct the application's temporary directory path.
  (:issue:`8557`)
* (Windows) Bootloader now verifies the run-time temporary directory given via
  :option:`--runtime-tmpdir` option, and raises an error if either the drive is
  invalid or if the directory cannot be created (instead of creating the
</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/df1507f9c423eaf6794eee6723d6d09b86da1f3e&quot;&gt;&lt;code&gt;df1507f&lt;/code&gt;&lt;/a> Release v6.8.0. [skip ci]</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/83a1499b9588b8d530cc5b0d1d462e6fa6abb67f&quot;&gt;&lt;code&gt;83a1499&lt;/code&gt;&lt;/a> macOS: hard-code path to the codesign utility</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/3aa87b04648e5d9f957aec629fd2c0b283cb2bec&quot;&gt;&lt;code&gt;3aa87b0&lt;/code&gt;&lt;/a> tests: skip QtMultimedia test with PyQt6 6.7.0 and PyQt6-Qt6 6.7.1</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1e2259806302030dfa638df7128c5009222bb6c7&quot;&gt;&lt;code&gt;1e22598&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 22 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/8577&quot;&gt;#8577&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/3fa81817d8bdd1e84f77139d8d878a85831b9173&quot;&gt;&lt;code&gt;3fa8181&lt;/code&gt;&lt;/a> test: Disable unwanted tracebacks on pytest xfails</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/8b5d76d2e5c368d58821c96eefc975f22a0902f7&quot;&gt;&lt;code&gt;8b5d76d&lt;/code&gt;&lt;/a> Deprecate mixing Python environments using --paths=.../site-packages</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/a34370fb395dc629cddc162c985953aa0a0435ba&quot;&gt;&lt;code&gt;a34370f&lt;/code&gt;&lt;/a> Make --hiddenimport=.../site-packages/foo/bar.py a build error</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1d29b15e099739d4be2876d82940a646a2ff72d5&quot;&gt;&lt;code&gt;1d29b15&lt;/code&gt;&lt;/a> Block running PyInstaller from inside C:\Windows</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/94037335e431f2b6aa4c7da3ab8be95a39202db1&quot;&gt;&lt;code&gt;9403733&lt;/code&gt;&lt;/a> Dispel the myth that PyInstaller should be ran as an admin</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/16d3f973a0b3d44cf58d34085ccfae5427ccfc51&quot;&gt;&lt;code&gt;16d3f97&lt;/code&gt;&lt;/a> bootloader: splash: move mutex variables into SPLASH_CONTEXT</li>

<li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v5.13.1...v6.8.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates requests from 2.24.0 to 2.32.2

Release notes
Sourced from requests's releases.

v2.32.2
2.32.2 (2024-05-21)
Deprecations


To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)


v2.32.1
2.32.1 (2024-05-20)
Bugfixes

Add missing test certs to the sdist distributed on PyPI.

v2.32.0
2.32.0 (2024-05-20)
🐍 PYCON US 2024 EDITION 🐍
Security

Fixed an issue where setting verify=False on the first request from a
Session will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of verify.
(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)



... (truncated)


Changelog
Sourced from requests's changelog.

2.32.2 (2024-05-21)
Deprecations


To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)


2.32.1 (2024-05-20)
Bugfixes

Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)
Security

Fixed an issue where setting verify=False on the first request from a
Session will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of verify.
(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations


... (truncated)


Commits

88dce9d v2.32.2
c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
92075b3 Add deprecation warning
aa1461b Move _get_connection to get_connection_with_tls_context
970e8ce v2.32.1
d6ebc4a v2.32.0
9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
555b870 Allow character detection dependencies to be optional in post-packaging steps
d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
Additional commits viewable in compare view




Updates urllib3 from 1.26.18 to 1.26.19

Release notes
Sourced from urllib3's releases.

1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes

Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

Full Changelog: https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19
Note that due to an issue with our release automation, no  multiple.intoto.jsonl file is available for this release.



Changelog
Sourced from urllib3's changelog.

1.26.19 (2024-06-17)

Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)




Commits

d9d85c8 Release 1.26.19
8528b63 [1.26] Fix downstream tests (#3409)
40b6d16 Merge pull request from GHSA-34jh-p97f-mpxf
29cfd02 Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)
b600643 [1.26] Bump RECENT_DATE (#3404)
7e2d389 [1.26] Fix running CPython 2.7 tests in CI (#3137)
See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

You can disable automated security fix PRs for this repo from the Security Alerts page.