packaging: update dulwich to drop the certifi dependency on Windows stable
authorMatt Harbison <matt_harbison@yahoo.com>
Tue, 06 Sep 2022 15:08:52 -0400
branchstable
changeset 49418 37debd850c16
parent 49417 58e38c1a2370
child 49419 b3e77d536b53
packaging: update dulwich to drop the certifi dependency on Windows The presence of `certifi` causes the system certificate store to be ignored, which was reported as a bug against TortoiseHg[1]. It was only pulled in on Windows because of `dulwich`, which was copied from the old TortoiseHg install scripts, in order to support `hg-git`. This version of `dulwich` raises the minimum `urllib3` to a version (1.25) that does certificate verification by default, without the help of `certifi`[2]. We already bundle a newer version of `urllib3`. Note that `certifi` can still be imported from the user site directory, if installed there. But the installer no longer disables the system certificates by default. [1] https://foss.heptapod.net/mercurial/tortoisehg/thg/-/issues/5825 [2] https://github.com/jelmer/dulwich/issues/1025
contrib/packaging/requirements-windows-py3.txt
--- a/contrib/packaging/requirements-windows-py3.txt	Mon Sep 19 17:34:42 2022 -0400
+++ b/contrib/packaging/requirements-windows-py3.txt	Tue Sep 06 15:08:52 2022 -0400
@@ -16,10 +16,6 @@
     --hash=sha256:9fa5755838eecbb2d234c3aa390bd80fbd3ac6b6869109bfc1b499f7bd89a130 \
     --hash=sha256:df4f613cf7ad9a588cc381aaf4a512d26265ecebd5eb9e1ba12f1319eb85a6a0
     # via pygit2
-certifi==2021.5.30 \
-    --hash=sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee \
-    --hash=sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8
-    # via dulwich
 cffi==1.15.0 \
     --hash=sha256:00c878c90cb53ccfaae6b8bc18ad05d2036553e6d9d1d9dbcf323bbe83854ca3 \
     --hash=sha256:0104fb5ae2391d46a4cb082abdd5c69ea4eab79d8d44eaaf79f1b1fd806ee4c2 \
@@ -80,28 +76,38 @@
     --hash=sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af \
     --hash=sha256:c2de3a60e9e7d07be26b7f2b00ca0309c207e06c100f9cc2a94931fc75a478fc
     # via -r contrib/packaging/requirements-windows.txt.in
-dulwich==0.20.45 \
-    --hash=sha256:042bc206764968b17338e32c52bb6a116154eb87a63651971946917dfa37a359 \
-    --hash=sha256:22d433ba9c776f2b0e19b1186e01e25ca286175e20f4ac422141db94eeaac08b \
-    --hash=sha256:2d7cf5171034d9d61b928bd5f9c509000e895d1ba29bd6ea850b9e4f93fca0f7 \
-    --hash=sha256:3136bcaf7508522a2aa63f856743f06129261bc5a03331aa6a0654fa6d04a4ae \
-    --hash=sha256:35015e43207752cf7924860e85a3c2290c652c0c3ee81e7c95c52d34638f605d \
-    --hash=sha256:3f2c137a0003e80e384d116e65b453f8a704c2d393c30a47b447764e7f9c05a1 \
-    --hash=sha256:49852f12c1e1d50039f927e9fdee1bd00a9b428c31b078ba5ba9fc1cf88e9d3e \
-    --hash=sha256:4abb1b0e1e50192ce7204c4e14f24c989c5920c56de908365f4e66c6e3458945 \
-    --hash=sha256:4e405ac9426288ca782c45e066f816d878b4a529acf4d4b0b2a5bb45a804dfec \
-    --hash=sha256:5e41044ac51a4b3454d67e5f691808540470deeb6a852d7c5c6ca44c48b4cdc3 \
-    --hash=sha256:65334bd7a1d91054516a49f86343e9c2549740bbddebcbb4763c8aacf2aac48c \
-    --hash=sha256:6e02babb44bdad17b6c9c50b4f9df42f6e511e3a51555ac07dd85ec904efe0b1 \
-    --hash=sha256:70710dd9ca2a442190c7e506892db074c318ac762e221f7529b8ce34802041b7 \
-    --hash=sha256:9b689b05bc7baa5cb20ebff54291085b598a9bdf7caeab23daf93b46421d96ff \
-    --hash=sha256:b3f64870f2f206dda3308cb73563f5f59fdc084179271651a0488d12ab4185b9 \
-    --hash=sha256:bb75268cec2f3ae6f6b7addbc0db50db2e9e42b2ad8364e74b9f5b17ab0053b5 \
-    --hash=sha256:c8c0fc7d2e3b0ad6a4faadf96f0626fa50935ababfd774b9b94edaa28f0668ec \
-    --hash=sha256:d89f53a739ac3394b5ef2f178480569b7d36d4fe7b4bb49678582914530ce35b \
-    --hash=sha256:d8b6aae7af8edbfac8038e1777ae820efac33c7c22a8025d3254bbd53ec725b5 \
-    --hash=sha256:eb4189d72a0e2f3070e2abdbd10a05c0e62355cd5496761d6e68f1e865ac6fad \
-    --hash=sha256:efe46167eb02ba85d9c2e993635e7543e1e04bb3261112e9d54daff2385ae5df
+dulwich==0.20.46 \
+    --hash=sha256:0a1ca555a3eafe7388d6cb81bb08f34608a1592500f0bd4c26734c91d208a546 \
+    --hash=sha256:100d39bc18196a07c521fd5f60f78f397493303daa0b8690216864bbc621cd5d \
+    --hash=sha256:1162fdafb2abdfe66649617061f3853cb26384fade1f6884f6fe6e9c570a7552 \
+    --hash=sha256:153c7512587384a290c60fef330f1ab397a59559e19e8b02a0169ff21b4c69fb \
+    --hash=sha256:3e16376031466848e44aabf3489fafb054482143744b21167dbd168731041c74 \
+    --hash=sha256:42fa5a68908556eb6c40f231a67caf6a4660588aad707a9d6b334fa1d8f04bf7 \
+    --hash=sha256:4f0e88ffff5db1523d93d92f1525fe5fa161318ffbaad502c1b9b3be7a067172 \
+    --hash=sha256:525115c4d1fbf60a5fe98f340b4ca597ba47b2c75d9c5ec750dd0e9115ef8ec6 \
+    --hash=sha256:6676196e9cf377cde62aa2f5d741e93207437343e0c62368bd0d784c322a3c49 \
+    --hash=sha256:669c6b3d82996518a7fec4604771bd285e23f0860f41f565fef5987265d431d9 \
+    --hash=sha256:6826512f778eaa47e2e8c0a46cdc555958f9f5286771490b8642b4b508ea5d25 \
+    --hash=sha256:6eed5a3194d64112605fc0f638f4fa91771495e8674fa3e6d6b33bf150d297d5 \
+    --hash=sha256:73e2585a9fcf1f8cdad8597a0c384c0b365b2e8346463130c96d9ea1478587ae \
+    --hash=sha256:769442c9657b10fc35ac625beeaf440540c9288c96fcfaba3e58adf745c5cafd \
+    --hash=sha256:8d6fee82cedb2362942d9ef94061901f7e07d7d8674e4c7b6fceeef7822ae275 \
+    --hash=sha256:90a075aeb0fdbad7e18b9db3af161e3d635e2b7697b7a4b467e6844a13b0b210 \
+    --hash=sha256:92024f572d32680e021219f77015c8b443c38022e502b7f51ad7cf51a6285a36 \
+    --hash=sha256:9ca4d73987f5b0e2e843497876f9bb39a47384a2e50597a85542285f5c890293 \
+    --hash=sha256:9fc7a4f633f5468453d5dd84a753cd99d4433f0397437229a0a8b10347935591 \
+    --hash=sha256:a5b68bd815cd2769c75e5a78708eb0440612df19b370a977aa9e01a056baa9ed \
+    --hash=sha256:a5d1b7a3a7d84a5dedbb90092e00097357106b9642ac08a96c2ae89ccd8afd9a \
+    --hash=sha256:b1339bca70764eb8e780d80c72e7c1cb4651201dc9e43ec5d616bf51eb3bb3a6 \
+    --hash=sha256:b739d759c10e2af7c964dcc97fd4e5dc49e8567d080eed8906fc422c79b7fdcf \
+    --hash=sha256:b9f49de83911eed7adbe83136229837ef9d102e42dbe6aacb1a18be45c997ace \
+    --hash=sha256:c4cd2cd7baa81246bdc8c5272d4e9224e2255da7a0618a220aab5e07b9888e9b \
+    --hash=sha256:d38be7d3a78d608ecab3348f7920d6b9002e7972dd245206dc8075cfdb91621d \
+    --hash=sha256:d928de1eba0326a2a8a52ed94c9bf7c315ff4db606a1aa3ae688d39574f93267 \
+    --hash=sha256:dd3eac228117487a959ac8f49ea2787eac34acc69999fe7adae70b23e3c3571c \
+    --hash=sha256:de22a54f68c6c4e97f9b924abd46da4618536d7934b9849066be9fc5cd31205d \
+    --hash=sha256:f4b7a7feb966a4669c254b18385fe0b3c639f3b1f5ddef0d9e083364cc762847 \
+    --hash=sha256:f9552ac246bceab1c5cdd1ec3cfe9446fe76b9853eaf59d3244df03eb27fd3fe
     # via -r contrib/packaging/requirements-windows.txt.in
 fuzzywuzzy==0.18.0 \
     --hash=sha256:45016e92264780e58972dca1b3d939ac864b78437422beecebb3095f8efd00e8