Upgrade urllib3 to 1.26.8

news/urllib3.vendor.rst

@@ -0,0 +1 @@
+Upgrade urllib3 to 1.26.8

src/pip/_vendor/urllib3/_version.py

@@ -1,2 +1,2 @@
 # This file is protected via CODEOWNERS
-__version__ = "1.26.7"
+__version__ = "1.26.8"

src/pip/_vendor/urllib3/connection.py

@@ -51,7 +51,6 @@ class BrokenPipeError(Exception):
     SubjectAltNameWarning,
     SystemTimeWarning,
 )
-from .packages.ssl_match_hostname import CertificateError, match_hostname
 from .util import SKIP_HEADER, SKIPPABLE_HEADERS, connection
 from .util.ssl_ import (
     assert_fingerprint,
@@ -61,6 +60,7 @@ class BrokenPipeError(Exception):
     resolve_ssl_version,
     ssl_wrap_socket,
 )
+from .util.ssl_match_hostname import CertificateError, match_hostname
 
 log = logging.getLogger(__name__)
 

src/pip/_vendor/urllib3/connectionpool.py

@@ -2,6 +2,7 @@
 
 import errno
 import logging
+import re
 import socket
 import sys
 import warnings
@@ -35,7 +36,6 @@
 )
 from .packages import six
 from .packages.six.moves import queue
-from .packages.ssl_match_hostname import CertificateError
 from .request import RequestMethods
 from .response import HTTPResponse
 from .util.connection import is_connection_dropped
@@ -44,6 +44,7 @@
 from .util.request import set_file_position
 from .util.response import assert_header_parsing
 from .util.retry import Retry
+from .util.ssl_match_hostname import CertificateError
 from .util.timeout import Timeout
 from .util.url import Url, _encode_target
 from .util.url import _normalize_host as normalize_host
@@ -301,8 +302,11 @@ def _put_conn(self, conn):
             pass
         except queue.Full:
             # This should never happen if self.block == True
-            log.warning("Connection pool is full, discarding connection: %s", self.host)
-
+            log.warning(
+                "Connection pool is full, discarding connection: %s. Connection pool size: %s",
+                self.host,
+                self.pool.qsize(),
+            )
         # Connection never got put back into the pool, close it.
         if conn:
             conn.close()
@@ -745,7 +749,33 @@ def urlopen(
             # Discard the connection for these exceptions. It will be
             # replaced during the next _get_conn() call.
             clean_exit = False
-            if isinstance(e, (BaseSSLError, CertificateError)):
+
+            def _is_ssl_error_message_from_http_proxy(ssl_error):
+                # We're trying to detect the message 'WRONG_VERSION_NUMBER' but
+                # SSLErrors are kinda all over the place when it comes to the message,
+                # so we try to cover our bases here!
+                message = " ".join(re.split("[^a-z]", str(ssl_error).lower()))
+                return (
+                    "wrong version number" in message or "unknown protocol" in message
+                )
+
+            # Try to detect a common user error with proxies which is to
+            # set an HTTP proxy to be HTTPS when it should be 'http://'
+            # (ie {'http': 'http://proxy', 'https': 'https://proxy'})
+            # Instead we add a nice error message and point to a URL.
+            if (
+                isinstance(e, BaseSSLError)
+                and self.proxy
+                and _is_ssl_error_message_from_http_proxy(e)
+            ):
+                e = ProxyError(
+                    "Your proxy appears to only use HTTP and not HTTPS, "
+                    "try changing your proxy URL to be HTTP. See: "
+                    "https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html"
+                    "#https-proxy-error-http-proxy",
+                    SSLError(e),
+                )
+            elif isinstance(e, (BaseSSLError, CertificateError)):
                 e = SSLError(e)
             elif isinstance(e, (SocketError, NewConnectionError)) and self.proxy:
                 e = ProxyError("Cannot connect to proxy.", e)

src/pip/_vendor/urllib3/contrib/_securetransport/bindings.py

@@ -48,7 +48,7 @@
 )
 from ctypes.util import find_library
 
-from pip._vendor.urllib3.packages.six import raise_from
+from ...packages.six import raise_from
 
 if platform.system() != "Darwin":
     raise ImportError("Only macOS is supported")

src/pip/_vendor/urllib3/packages/__init__.py

@@ -1,5 +0,0 @@
-from __future__ import absolute_import
-
-from . import ssl_match_hostname
-
-__all__ = ("ssl_match_hostname",)

src/pip/_vendor/urllib3/util/connection.py

@@ -2,9 +2,8 @@
 
 import socket
 
-from pip._vendor.urllib3.exceptions import LocationParseError
-
 from ..contrib import _appengine_environ
+from ..exceptions import LocationParseError
 from ..packages import six
 from .wait import NoWayToWaitForSocketError, wait_for_read
 

src/pip/_vendor/urllib3/util/retry.py

@@ -69,6 +69,24 @@ def DEFAULT_REDIRECT_HEADERS_BLACKLIST(cls, value):
         )
         cls.DEFAULT_REMOVE_HEADERS_ON_REDIRECT = value
 
+    @property
+    def BACKOFF_MAX(cls):
+        warnings.warn(
+            "Using 'Retry.BACKOFF_MAX' is deprecated and "
+            "will be removed in v2.0. Use 'Retry.DEFAULT_BACKOFF_MAX' instead",
+            DeprecationWarning,
+        )
+        return cls.DEFAULT_BACKOFF_MAX
+
+    @BACKOFF_MAX.setter
+    def BACKOFF_MAX(cls, value):
+        warnings.warn(
+            "Using 'Retry.BACKOFF_MAX' is deprecated and "
+            "will be removed in v2.0. Use 'Retry.DEFAULT_BACKOFF_MAX' instead",
+            DeprecationWarning,
+        )
+        cls.DEFAULT_BACKOFF_MAX = value
+
 
 @six.add_metaclass(_RetryMeta)
 class Retry(object):
@@ -181,7 +199,7 @@ class Retry(object):
 
         seconds. If the backoff_factor is 0.1, then :func:`.sleep` will sleep
         for [0.0s, 0.2s, 0.4s, ...] between retries. It will never be longer
-        than :attr:`Retry.BACKOFF_MAX`.
+        than :attr:`Retry.DEFAULT_BACKOFF_MAX`.
 
         By default, backoff is disabled (set to 0).
 
@@ -220,7 +238,7 @@ class Retry(object):
     DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
 
     #: Maximum backoff time.
-    BACKOFF_MAX = 120
+    DEFAULT_BACKOFF_MAX = 120
 
     def __init__(
         self,
@@ -348,7 +366,7 @@ def get_backoff_time(self):
             return 0
 
         backoff_value = self.backoff_factor * (2 ** (consecutive_errors_len - 1))
-        return min(self.BACKOFF_MAX, backoff_value)
+        return min(self.DEFAULT_BACKOFF_MAX, backoff_value)
 
     def parse_retry_after(self, retry_after):
         # Whitespace: https://tools.ietf.org/html/rfc7230#section-3.2.4

src/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py → src/pip/_vendor/urllib3/util/ssl_match_hostname.py

@@ -9,7 +9,7 @@
 # ipaddress has been backported to 2.6+ in pypi.  If it is installed on the
 # system, use it to handle IPAddress ServerAltnames (this was added in
 # python-3.5) otherwise only do DNS matching.  This allows
-# backports.ssl_match_hostname to continue to be used in Python 2.7.
+# util.ssl_match_hostname to continue to be used in Python 2.7.
 try:
     import ipaddress
 except ImportError:
@@ -78,7 +78,8 @@ def _dnsname_match(dn, hostname, max_wildcards=1):
 
 def _to_unicode(obj):
     if isinstance(obj, str) and sys.version_info < (3,):
-        obj = unicode(obj, encoding="ascii", errors="strict")
+        # ignored flake8 # F821 to support python 2.7 function
+        obj = unicode(obj, encoding="ascii", errors="strict")  # noqa: F821
     return obj
 
 

src/pip/_vendor/urllib3/util/ssltransport.py

@@ -2,8 +2,8 @@
 import socket
 import ssl
 
-from pip._vendor.urllib3.exceptions import ProxySchemeUnsupported
-from pip._vendor.urllib3.packages import six
+from ..exceptions import ProxySchemeUnsupported
+from ..packages import six
 
 SSL_BLOCKSIZE = 16384
 

src/pip/_vendor/vendor.txt

@@ -13,7 +13,7 @@ requests==2.27.1
     certifi==2021.05.30
     chardet==4.0.0
     idna==3.2
-    urllib3==1.26.7
+    urllib3==1.26.8
 rich==10.14.0
     pygments==2.10.0
     typing_extensions==3.10.0.2