From d596b86c8dee9b45333d887af20e6812f963f99a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Dec 2022 15:59:10 -0800
Subject: [PATCH] Bump urllib3 from 1.26.12 to 1.26.13 (#1908)

* Bump urllib3 from 1.26.12 to 1.26.13

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.12 to 1.26.13.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.13/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.12...1.26.13)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update urllib3==1.26.13

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com>

[skip ci]
---
 lib/urllib3/_version.py          |  2 +-
 lib/urllib3/connectionpool.py    |  2 +-
 lib/urllib3/contrib/pyopenssl.py |  7 +++----
 lib/urllib3/response.py          | 13 +++++++++++++
 lib/urllib3/util/retry.py        |  2 +-
 lib/urllib3/util/url.py          |  2 +-
 requirements.txt                 |  2 +-
 7 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/lib/urllib3/_version.py b/lib/urllib3/_version.py
index 6fbc84b3..308d7f28 100644
--- a/lib/urllib3/_version.py
+++ b/lib/urllib3/_version.py
@@ -1,2 +1,2 @@
 # This file is protected via CODEOWNERS
-__version__ = "1.26.12"
+__version__ = "1.26.13"
diff --git a/lib/urllib3/connectionpool.py b/lib/urllib3/connectionpool.py
index 96339e90..70873927 100644
--- a/lib/urllib3/connectionpool.py
+++ b/lib/urllib3/connectionpool.py
@@ -862,7 +862,7 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods):
             )
 
         # Check if we should retry the HTTP response.
-        has_retry_after = bool(response.getheader("Retry-After"))
+        has_retry_after = bool(response.headers.get("Retry-After"))
         if retries.is_retry(method, response.status, has_retry_after):
             try:
                 retries = retries.increment(method, url, response=response, _pool=self)
diff --git a/lib/urllib3/contrib/pyopenssl.py b/lib/urllib3/contrib/pyopenssl.py
index 50a07d59..1ed214b1 100644
--- a/lib/urllib3/contrib/pyopenssl.py
+++ b/lib/urllib3/contrib/pyopenssl.py
@@ -47,10 +47,10 @@ compression in Python 2 (see `CRIME attack`_).
 """
 from __future__ import absolute_import
 
+import OpenSSL.crypto
 import OpenSSL.SSL
 from cryptography import x509
 from cryptography.hazmat.backends.openssl import backend as openssl_backend
-from cryptography.hazmat.backends.openssl.x509 import _Certificate
 
 try:
     from cryptography.x509 import UnsupportedExtension
@@ -228,9 +228,8 @@ def get_subj_alt_name(peer_cert):
     if hasattr(peer_cert, "to_cryptography"):
         cert = peer_cert.to_cryptography()
     else:
-        # This is technically using private APIs, but should work across all
-        # relevant versions before PyOpenSSL got a proper API for this.
-        cert = _Certificate(openssl_backend, peer_cert._x509)
+        der = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, peer_cert)
+        cert = x509.load_der_x509_certificate(der, openssl_backend)
 
     # We want to find the SAN extension. Ask Cryptography to locate it (it's
     # faster than looping in Python)
diff --git a/lib/urllib3/response.py b/lib/urllib3/response.py
index 01f08eee..8f1b4fa8 100644
--- a/lib/urllib3/response.py
+++ b/lib/urllib3/response.py
@@ -3,6 +3,7 @@ from __future__ import absolute_import
 import io
 import logging
 import sys
+import warnings
 import zlib
 from contextlib import contextmanager
 from socket import error as SocketError
@@ -663,9 +664,21 @@ class HTTPResponse(io.IOBase):
 
     # Backwards-compatibility methods for http.client.HTTPResponse
     def getheaders(self):
+        warnings.warn(
+            "HTTPResponse.getheaders() is deprecated and will be removed "
+            "in urllib3 v2.1.0. Instead access HTTResponse.headers directly.",
+            category=DeprecationWarning,
+            stacklevel=2,
+        )
         return self.headers
 
     def getheader(self, name, default=None):
+        warnings.warn(
+            "HTTPResponse.getheader() is deprecated and will be removed "
+            "in urllib3 v2.1.0. Instead use HTTResponse.headers.get(name, default).",
+            category=DeprecationWarning,
+            stacklevel=2,
+        )
         return self.headers.get(name, default)
 
     # Backwards compatibility for http.cookiejar
diff --git a/lib/urllib3/util/retry.py b/lib/urllib3/util/retry.py
index 3398323f..2490d5e5 100644
--- a/lib/urllib3/util/retry.py
+++ b/lib/urllib3/util/retry.py
@@ -394,7 +394,7 @@ class Retry(object):
     def get_retry_after(self, response):
         """Get the value of Retry-After in seconds."""
 
-        retry_after = response.getheader("Retry-After")
+        retry_after = response.headers.get("Retry-After")
 
         if retry_after is None:
             return None
diff --git a/lib/urllib3/util/url.py b/lib/urllib3/util/url.py
index b667c160..94f1b8d4 100644
--- a/lib/urllib3/util/url.py
+++ b/lib/urllib3/util/url.py
@@ -63,7 +63,7 @@ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$")
 BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$")
 ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$")
 
-_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % (
+_HOST_PORT_PAT = ("^(%s|%s|%s)(?::0*([0-9]{0,5}))?$") % (
     REG_NAME_PAT,
     IPV4_PAT,
     IPV6_ADDRZ_PAT,
diff --git a/requirements.txt b/requirements.txt
index dfafa748..727bd6db 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -45,7 +45,7 @@ tempora==5.1.0
 tokenize-rt==5.0.0
 tzdata==2022.6
 tzlocal==4.2
-urllib3==1.26.12
+urllib3==1.26.13
 webencodings==0.5.1
 websocket-client==1.4.2
 xmltodict==0.13.0