Merge branch 'main' into url-auth-headers

.eslintrc.yml

@@ -0,0 +1,7 @@
+env:
+  es2020 : true
+  worker: true
+rules: {}
+extends: 
+-  eslint:recommended
+

.github/CODEOWNERS

@@ -1,9 +1,8 @@
 # Restrict all files related to deploying to
 # require lead maintainer approval.
 
-.github/workflows/          @sethmlarson @pquentin @shazow
-.github/CODEOWNERS          @sethmlarson @pquentin @shazow
-src/urllib3/_version.py     @sethmlarson @pquentin @shazow
-setup.py                    @sethmlarson @pquentin @shazow
-pyproject.toml              @sethmlarson @pquentin @shazow
-ci/                         @sethmlarson @pquentin @shazow
+.github/workflows/          @sethmlarson @pquentin @shazow @illia-v
+.github/CODEOWNERS          @sethmlarson @pquentin @shazow @illia-v
+src/urllib3/_version.py     @sethmlarson @pquentin @shazow @illia-v
+pyproject.toml              @sethmlarson @pquentin @shazow @illia-v
+ci/                         @sethmlarson @pquentin @shazow @illia-v

.github/ISSUE_TEMPLATE/02_bug_report.md

@@ -14,10 +14,12 @@ At least, paste here the output of:
 
 ```python
 import platform
+import ssl
 import urllib3
 
 print("OS", platform.platform())
 print("Python", platform.python_version())
+print(ssl.OPENSSL_VERSION)
 print("urllib3", urllib3.__version__)
 ```
 

.github/PULL_REQUEST_TEMPLATE/release.md

@@ -1,15 +1,18 @@
-* [ ]  See if all tests, including integration, pass
+* [ ]  See if all tests, including downstream, pass
 * [ ]  Get the release pull request approved by a [CODEOWNER](https://github.com/urllib3/urllib3/blob/main/.github/CODEOWNERS)
 * [ ]  Squash merge the release pull request with message "`Release <VERSION>`"
 * [ ]  Tag with X.Y.Z, push tag on urllib3/urllib3 (not on your fork, update `<REMOTE>` accordingly)
   * Notice that the `<VERSION>` shouldn't have a `v` prefix (Use `1.26.6` instead of `v.1.26.6`)
   * ```
+    # Ensure the release commit is the latest in the main branch.
+    git checkout main
+    git pull origin main
     git tag -s -a '<VERSION>' -m 'Release: <VERSION>'
     git push <REMOTE> --tags
     ```
 * [ ]  Execute the `publish` GitHub workflow. This requires a review from a maintainer.
 * [ ]  Ensure that all expected artifacts are added to the new GitHub release. Should
-       be one `.whl`, one `.tar.gz`, and one `urllib3.intoto.jsonl`. Update the GitHub
+       be one `.whl`, one `.tar.gz`, and one `multiple.intoto.jsonl`. Update the GitHub
        release to have the content of the release's changelog.
 * [ ]  Announce on:
   * [ ]  Twitter

.github/dependabot.yml

@@ -4,3 +4,12 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "Skip Changelog"
+    ignore:
+      # Ignore all patch releases as we can manually
+      # upgrade if we run into a bug and need a fix.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-patch"]

.github/workflows/changelog.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           # `towncrier check` runs `git diff --name-only origin/main...`, which
           # needs a non-shallow clone.

.github/workflows/ci.yml

@@ -15,10 +15,10 @@ jobs:
 
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - name: "Setup Python"
-        uses: "actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912"
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: "3.x"
           cache: "pip"
@@ -31,33 +31,52 @@ jobs:
           python -m twine check dist/*
 
   test:
-    env:
-      SETUPTOOLS_USE_DISTUTILS: stdlib
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
         os:
-          - macos-11
+          - macos-12
           - windows-latest
-          - ubuntu-20.04  # OpenSSL 1.1.1
-          - ubuntu-22.04  # OpenSSL 3.0
-        experimental: [false]
+          - ubuntu-22.04
         nox-session: ['']
         include:
-          - python-version: "pypy-3.7"
+          - experimental: false
+          # integration
+          # 3.8 and 3.9 have a known issue with large SSL requests that we work around:
+          # https://github.com/urllib3/urllib3/pull/3181#issuecomment-1794830698
+          - python-version: "3.8"
             os: ubuntu-latest
             experimental: false
-            nox-session: test-pypy
+            nox-session: test_integration
+          - python-version: "3.9"
+            os: ubuntu-latest
+            experimental: false
+            nox-session: test_integration
+          - python-version: "3.12"
+            os: ubuntu-latest
+            experimental: false
+            nox-session: test_integration
+          # OpenSSL 1.1.1
+          - python-version: "3.8"
+            os: ubuntu-20.04
+            experimental: false
+            nox-session: test-3.8
+          # pypy
           - python-version: "pypy-3.8"
             os: ubuntu-latest
             experimental: false
             nox-session: test-pypy
-          - python-version: "2.7"
-            os: ubuntu-20.04  # CPython 2.7 is not available for ubuntu-22.04
+          - python-version: "pypy-3.9"
+            os: ubuntu-latest
+            experimental: false
+            nox-session: test-pypy
+          - python-version: "pypy-3.10"
+            os: ubuntu-latest
             experimental: false
-            nox-session: unsupported_setup_py
+            nox-session: test-pypy
           - python-version: "3.x"
+          # brotli
             os: ubuntu-latest
             experimental: false
             nox-session: test_brotlipy
@@ -66,85 +85,72 @@ jobs:
             os: ubuntu-20.04  # CPython 3.9.2 is not available for ubuntu-22.04.
             experimental: false
             nox-session: test-3.9
-          - python-version: 3.11
-            os: ubuntu-20.04
-            experimental: true
-            nox-session: test-3.11
-          - python-version: 3.11
-            os: ubuntu-22.04
+          - python-version: "3.11"
+            os: ubuntu-latest
+            nox-session: emscripten
             experimental: true
-            nox-session: test-3.11
         exclude:
           # Ubuntu 22.04 comes with OpenSSL 3.0, so only CPython 3.9+ is compatible with it
           # https://github.com/python/cpython/issues/83001
-          - python-version: "3.7"
-            os: ubuntu-22.04
           - python-version: "3.8"
             os: ubuntu-22.04
 
     runs-on: ${{ matrix.os }}
-    name: ${{ fromJson('{"macos-11":"macOS","windows-latest":"Windows","ubuntu-latest":"Ubuntu","ubuntu-20.04":"Ubuntu 20.04 (OpenSSL 1.1.1)","ubuntu-22.04":"Ubuntu 22.04 (OpenSSL 3.0)"}')[matrix.os] }} ${{ matrix.python-version }} ${{ matrix.nox-session}}
+    name: ${{ fromJson('{"macos-12":"macOS","windows-latest":"Windows","ubuntu-latest":"Ubuntu","ubuntu-20.04":"Ubuntu 20.04 (OpenSSL 1.1.1)","ubuntu-22.04":"Ubuntu 22.04 (OpenSSL 3.0)"}')[matrix.os] }} ${{ matrix.python-version }} ${{ matrix.nox-session}}
     continue-on-error: ${{ matrix.experimental }}
     timeout-minutes: 30
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - name: "Setup Python ${{ matrix.python-version }}"
-        uses: "actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912"
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: ${{ matrix.python-version }}
-
-      # Use deadsnakes for development versions
-      - if: endsWith(matrix.python-version, '-dev')
-        name: "Setup Python ${{ matrix.python-version }}"
-        uses: deadsnakes/action@e3117c2981fd8afe4af79f3e1be80066c82b70f5
-        with:
-          python-version: ${{ matrix.python-version }}
-
-      # Setup Python 3.x to run nox on behalf of Python 2.7
-      - if: matrix.python-version == '2.7'
-        name: "Setup Python 3.x"
-        uses: "actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912"
-        with:
-          python-version: "3.x"
-          cache: "pip"
+          allow-prereleases: true
 
       - name: "Install dependencies"
         run: python -m pip install --upgrade pip setuptools nox
 
+      - name: "Install Chrome"
+        uses: browser-actions/setup-chrome@52f10de5479c69bcbbab2eab094c9d373148005e # v1.4.0
+        if: ${{ matrix.nox-session == 'emscripten' }}
+      - name: "Install Firefox"
+        uses: browser-actions/setup-firefox@29a706787c6fb2196f091563261e1273bf379ead # v1.4.0
+        if: ${{ matrix.nox-session == 'emscripten' }}
       - name: "Run tests"
-        run: ./ci/run_tests.sh
+        # If no explicit NOX_SESSION is set, run the default tests for the chosen Python version
+        run: nox -s ${NOX_SESSION:-test-$PYTHON_VERSION} --error-on-missing-interpreters
         env:
           PYTHON_VERSION: ${{ matrix.python-version }}
           NOX_SESSION: ${{ matrix.nox-session }}
 
-      - if: ${{ matrix.nox-session != 'unsupported_setup_py' }}
-        name: "Upload artifact"
-        uses: "actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce"
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: coverage-data
           path: ".coverage.*"
           if-no-files-found: error
 
 
   coverage:
+    if: always()
     runs-on: "ubuntu-latest"
     needs: test
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - name: "Setup Python"
-        uses: "actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912"
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: "3.x"
 
       - name: "Install coverage"
-        run: "python -m pip install --upgrade coverage"
+        run: "python -m pip install -r dev-requirements.txt"
 
       - name: "Download artifact"
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: coverage-data
 
@@ -156,7 +162,7 @@ jobs:
 
       - if: ${{ failure() }}
         name: "Upload report if check failed"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: coverage-report
           path: htmlcov

.github/workflows/codeql.yml

@@ -12,6 +12,7 @@ permissions: "read-all"
 
 jobs:
   analyze:
+    if: github.repository_owner == 'urllib3'
     name: "Analyze"
     runs-on: "ubuntu-latest"
     permissions:
@@ -20,16 +21,16 @@ jobs:
       security-events: write
     steps:
     - name: "Checkout repository"
-      uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+      uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
     - name: "Run CodeQL init"
-      uses: "github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394"
+      uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
       with:
         config-file: "./.github/codeql.yml"
         languages: "python"
 
     - name: "Run CodeQL autobuild"
-      uses: "github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394"
+      uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
 
     - name: "Run CodeQL analyze"
-      uses: "github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394"
+      uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4

.github/workflows/integration.yml → .github/workflows/downstream.yml

@@ -5,20 +5,20 @@ on: [push, pull_request]
 permissions: "read-all"
 
 jobs:
-  integration:
+  downstream:
     strategy:
       fail-fast: false
       matrix:
         downstream: [botocore, requests]
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 30
 
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - name: "Setup Python"
-        uses: "actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912"
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: "3.x"
 

.github/workflows/lint.yml

@@ -11,16 +11,16 @@ jobs:
 
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b"
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - name: "Setup Python"
-        uses: "actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912"
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: "3.x"
           cache: pip
 
       - name: "Run pre-commit"
-        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0
 
       - name: "Install dependencies"
         run: python -m pip install nox