feat: Support urllib3 >= 2.6.0 (#1658)

feat: Support urllib3 >= 2.6.0

**Context**:
* This library implements a custom decoders ( `_GzipDecoder` ,
`_BrotliDecoder` ) which inherit from `urllib3.response.ContentDecoder`
* Interface of `urllib3.response.ContentDecoder` was changed in
[2.6.0](https://urllib3.readthedocs.io/en/stable/changelog.html#id1) to
fix security vulnerability for highly compressed data reads.
(Decompression bombs)

Hence we need to change our interfaces as well. 

**Changes**
* Add `max_length` param on decompress method, provide default value of
-1 (same as urllib3's decompress)
* Provide backwards compatibility  ( ie urllib3 <= 2.5.0)

Author: chandra-siri

google/cloud/storage/_media/requests/download.py

@@ -711,7 +711,7 @@ def __init__(self, checksum):
         super().__init__()
         self._checksum = checksum
 
-    def decompress(self, data):
+    def decompress(self, data, max_length=-1):
         """Decompress the bytes.
 
         Args:
@@ -721,7 +721,11 @@ def decompress(self, data):
             bytes: The decompressed bytes from ``data``.
         """
         self._checksum.update(data)
-        return super().decompress(data)
+        try:
+            return super().decompress(data, max_length=max_length)
+        except TypeError:
+            # Fallback for urllib3 < 2.6.0 which lacks `max_length` support.
+            return super().decompress(data)
 
 
 # urllib3.response.BrotliDecoder might not exist depending on whether brotli is
@@ -747,7 +751,7 @@ def __init__(self, checksum):
             self._decoder = urllib3.response.BrotliDecoder()
             self._checksum = checksum
 
-        def decompress(self, data):
+        def decompress(self, data, max_length=-1):
             """Decompress the bytes.
 
             Args:
@@ -757,10 +761,19 @@ def decompress(self, data):
                 bytes: The decompressed bytes from ``data``.
             """
             self._checksum.update(data)
-            return self._decoder.decompress(data)
+            try:
+                return self._decoder.decompress(data, max_length=max_length)
+            except TypeError:
+                # Fallback for urllib3 < 2.6.0 which lacks `max_length` support.
+                return self._decoder.decompress(data)
 
         def flush(self):
             return self._decoder.flush()
 
+        @property
+        def has_unconsumed_tail(self) -> bool:
+            return self._decoder.has_unconsumed_tail
+
+
 else:  # pragma: NO COVER
     _BrotliDecoder = None  # type: ignore # pragma: NO COVER

testing/constraints-3.12.txt

@@ -7,4 +7,3 @@ grpcio
 proto-plus
 protobuf
 grpc-google-iam-v1
-urllib3==2.5.0