Merge #250

250: Bump scrapy from 2.6.1 to 2.6.3 r=brunoocasali a=dependabot[bot]

Bumps [scrapy](https://github.com/scrapy/scrapy) from 2.6.1 to 2.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/scrapy/scrapy/releases">scrapy's releases</a>.</em></p>
<blockquote>
<h2>2.6.3</h2>
<p>Makes <code>pip install Scrapy</code> work again.</p>
<p>It required making changes to support pyOpenSSL 22.1.0. We had to drop support for SSLv3 as a result.</p>
<p>We also upgraded the minimum versions of some dependencies.</p>
<p>See the <strong><a href="https://docs.scrapy.org/en/2.6/news.html#scrapy-2-6-3-2022-09-27">changelog</a></strong>.</p>
<h2>2.6.2</h2>
<p>Fixes a <strong>security issue</strong> around HTTP proxy usage, and addresses a few regressions introduced in Scrapy 2.6.0.</p>
<p>See the <strong><a href="https://docs.scrapy.org/en/2.6/news.html#scrapy-2-6-2-2022-07-25">changelog</a></strong>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/scrapy/scrapy/blob/master/docs/news.rst">scrapy's changelog</a>.</em></p>
<blockquote>
<h2>Scrapy 2.6.3 (2022-09-27)</h2>
<ul>
<li>
<p>Added support for pyOpenSSL_ 22.1.0, removing support for SSLv3
(:issue:<code>5634</code>, :issue:<code>5635</code>, :issue:<code>5636</code>).</p>
</li>
<li>
<p>Upgraded the minimum versions of the following dependencies:</p>
<ul>
<li>
<p>cryptography_: 2.0 → 3.3</p>
</li>
<li>
<p>pyOpenSSL_: 16.2.0 → 21.0.0</p>
</li>
<li>
<p>service_identity_: 16.0.0 → 18.1.0</p>
</li>
<li>
<p>Twisted_: 17.9.0 → 18.9.0</p>
</li>
<li>
<p>zope.interface_: 4.1.3 → 5.0.0</p>
</li>
</ul>
<p>(:issue:<code>5621</code>, :issue:<code>5632</code>)</p>
</li>
<li>
<p>Fixes test and documentation issues (:issue:<code>5612</code>, :issue:<code>5617</code>,
:issue:<code>5631</code>).</p>
</li>
</ul>
<p>.. _release-2.6.2:</p>
<h2>Scrapy 2.6.2 (2022-07-25)</h2>
<p><strong>Security bug fix:</strong></p>
<ul>
<li>
<p>When :class:<code>~scrapy.downloadermiddlewares.httpproxy.HttpProxyMiddleware</code>
processes a request with :reqmeta:<code>proxy</code> metadata, and that
:reqmeta:<code>proxy</code> metadata includes proxy credentials,
:class:<code>~scrapy.downloadermiddlewares.httpproxy.HttpProxyMiddleware</code> sets
the <code>Proxy-Authentication</code> header, but only if that header is not already
set.</p>
<p>There are third-party proxy-rotation downloader middlewares that set
different :reqmeta:<code>proxy</code> metadata every time they process a request.</p>
<p>Because of request retries and redirects, the same request can be processed
by downloader middlewares more than once, including both
:class:<code>~scrapy.downloadermiddlewares.httpproxy.HttpProxyMiddleware</code> and
any third-party proxy-rotation downloader middleware.</p>
<p>These third-party proxy-rotation downloader middlewares could change the
:reqmeta:<code>proxy</code> metadata of a request to a new value, but fail to remove
the <code>Proxy-Authentication</code> header from the previous value of the
:reqmeta:<code>proxy</code> metadata, causing the credentials of one proxy to be sent</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/scrapy/scrapy/commit/4dc8e77e003085632c2013fdadf030754289c2db"><code>4dc8e77</code></a> Bump version: 2.6.2 → 2.6.3</li>
<li><a href="https://github.com/scrapy/scrapy/commit/fa5945bc016c8ae0e7f1cfd1a0c492be69eb7a32"><code>fa5945b</code></a> 2.6.3: set a release date</li>
<li><a href="https://github.com/scrapy/scrapy/commit/e5ed0461f01ed0889a1782d9217c06b05f63210c"><code>e5ed046</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/scrapy/scrapy/issues/5637">#5637</a> from Gallaecio/support-latest-openssl</li>
<li><a href="https://github.com/scrapy/scrapy/commit/aec2d3a610daa84a21cf04cfabe4bc6556896f03"><code>aec2d3a</code></a> 2.6.3: update the release notes</li>
<li><a href="https://github.com/scrapy/scrapy/commit/fcc224fe78846a6329244b5a0a7bb1bbfb4b8bc5"><code>fcc224f</code></a> tox.ini cleanup</li>
<li><a href="https://github.com/scrapy/scrapy/commit/b00f312f08624c0bc78696ecbf7c742cdd10c03c"><code>b00f312</code></a> Limit minium versions of mitmproxy</li>
<li><a href="https://github.com/scrapy/scrapy/commit/d3f82aa4d50a214343d9d2cd78bf782d53deb1c3"><code>d3f82aa</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/scrapy/scrapy/issues/5617">#5617</a> from Laerte/fix/tests-w3lib</li>
<li><a href="https://github.com/scrapy/scrapy/commit/efc11b3b7e96bee4bc5e1b0ea9537b464433064f"><code>efc11b3</code></a> zope.interface: 4.4.2 → 5.0.0 (setuptools <a href="https://github-redirect.dependabot.com/scrapy/scrapy/issues/2017">#2017</a>)</li>
<li><a href="https://github.com/scrapy/scrapy/commit/edd7cfe4c77e18f3c8c3b7453435ad211a42389a"><code>edd7cfe</code></a> Update test-standard link in contributing docs (<a href="https://github-redirect.dependabot.com/scrapy/scrapy/issues/5631">#5631</a>)</li>
<li><a href="https://github.com/scrapy/scrapy/commit/9f443e89449cee34a5437f87a4fe4009988c9a0f"><code>9f443e8</code></a> zope.interface: 4.1.3 → 4.4.2</li>
<li>Additional commits viewable in <a href="https://github.com/scrapy/scrapy/compare/2.6.1...2.6.3">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=scrapy&package-manager=pip&previous-version=2.6.1&new-version=2.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: meili-bors[bot]

Pipfile

@@ -4,7 +4,7 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-Scrapy = "==2.6.1"
+Scrapy = "==2.6.3"
 selenium = "==4.1.5"
 pytest = "==7.1.2"
 meilisearch = "==0.19.1"