Upgrade urllib3 to 1.26.19

Author: hmstepanek

newrelic/packages/requirements.txt

@@ -3,6 +3,6 @@
 # This file is used by dependabot to keep track of and recommend updates
 # to the New Relic Python Agent's dependencies in newrelic/packages/.
 opentelemetry_proto==1.0.0
-urllib3==1.26.18
+urllib3==1.26.19
 wrapt==1.16.0
 asgiref==3.6.0  # We only vendor asgiref.compatibility.py

newrelic/packages/urllib3/LICENSE.txt

@@ -19,6 +19,22 @@
 from .util.timeout import Timeout
 from .util.url import get_host
 
+# === NOTE TO REPACKAGERS AND VENDORS ===
+# Please delete this block, this logic is only
+# for urllib3 being distributed via PyPI.
+# See: https://github.com/urllib3/urllib3/issues/2680
+try:
+    import urllib3_secure_extra  # type: ignore # noqa: F401
+except ImportError:
+    pass
+else:
+    warnings.warn(
+        "'urllib3[secure]' extra is deprecated and will be removed "
+        "in a future release of urllib3 2.x. Read more in this issue: "
+        "https://github.com/urllib3/urllib3/issues/2680",
+        category=DeprecationWarning,
+        stacklevel=2,
+    )
 
 __author__ = "Andrey Petrov ([email protected])"
 __license__ = "MIT"

newrelic/packages/urllib3/__init__.py

@@ -1,2 +1,2 @@
 # This file is protected via CODEOWNERS
-__version__ = "1.26.18"
+__version__ = "1.26.19"

newrelic/packages/urllib3/_version.py

@@ -68,7 +68,7 @@ class BrokenPipeError(Exception):
 
 # When it comes time to update this value as a part of regular maintenance
 # (ie test_recent_date is failing) update it to ~6 months before the current date.
-RECENT_DATE = datetime.date(2022, 1, 1)
+RECENT_DATE = datetime.date(2024, 1, 1)
 
 _CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]")
 
@@ -437,7 +437,7 @@ def connect(self):
             and self.ssl_version is None
             and hasattr(self.sock, "version")
             and self.sock.version() in {"TLSv1", "TLSv1.1"}
-        ):
+        ):  # Defensive:
             warnings.warn(
                 "Negotiating TLSv1/TLSv1.1 by default is deprecated "
                 "and will be disabled in urllib3 v2.0.0. Connecting to "

newrelic/packages/urllib3/connection.py

@@ -768,7 +768,9 @@ def _is_ssl_error_message_from_http_proxy(ssl_error):
                 # so we try to cover our bases here!
                 message = " ".join(re.split("[^a-z]", str(ssl_error).lower()))
                 return (
-                    "wrong version number" in message or "unknown protocol" in message
+                    "wrong version number" in message
+                    or "unknown protocol" in message
+                    or "record layer failure" in message
                 )
 
             # Try to detect a common user error with proxies which is to

newrelic/packages/urllib3/connectionpool.py

@@ -235,7 +235,9 @@ class Retry(object):
     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
 
     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
+        ["Cookie", "Authorization", "Proxy-Authorization"]
+    )
 
     #: Maximum backoff time.
     DEFAULT_BACKOFF_MAX = 120