Skip to content

feat: Support urllib3 >= 2.6.0 #1658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chandra-siri merged 17 commits into from
Dec 9, 2025
Merged

feat: Support urllib3 >= 2.6.0 #1658

chandra-siri merged 17 commits into from
Dec 9, 2025

Conversation

@chandra-siri
Copy link
Collaborator

@chandra-siri chandra-siri commented Dec 9, 2025
edited
Loading

feat: Support urllib3 >= 2.6.0

Context:

  • This library implements a custom decoders ( _GzipDecoder , _BrotliDecoder ) which inherit from urllib3.response.ContentDecoder
  • Interface of urllib3.response.ContentDecoder was changed in 2.6.0 to fix security vulnerability for highly compressed data reads. (Decompression bombs)

Hence we need to change our interfaces as well.

Changes

  • Add max_length param on decompress method, provide default value of -1 (same as urllib3's decompress)
  • Provide backwards compatibility ( ie urllib3 <= 2.5.0)

chandra-siri and others added 12 commits November 3, 2025 06:37
@chandra-siri
test
b0a3349
@chandra-siri
Revert "test"
778e68e 
This reverts commit b0a3349.
@chandra-siri
Merge branch 'googleapis:main' into main
33a998e
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
d49d31d
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
ddbc1dd
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
3a1aac4
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
ee259d4
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
e66761a
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
633fb36
@chandra-siri
Merge branch 'main' of github.com:chandra-siri/python-storage
c1ec22e
@chandra-siri
Merge branch 'main' of github.com:googleapis/python-storage
ff08e0d
@chandra-siri
feat: Support urllib3's custom decoder, add max_length param
959bc49
@product-auto-label product-auto-label bot added size: s Pull request size is small. api: storage Issues related to the googleapis/python-storage API. labels Dec 9, 2025
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 9, 2025

Summary of Changes

Hello @chandra-siri, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the download functionality by integrating support for urllib3's custom decoder, specifically by introducing a max_length parameter to control decompression limits. It also includes a robust backward compatibility mechanism to ensure smooth operation across different urllib3 versions.

Highlights

  • urllib3 custom decoder support: The decompress methods in _BaseDecoder and _BrotliDecoder have been updated to support urllib3's custom decoder by accepting a new max_length parameter.
  • Backward compatibility: A try-except TypeError block has been introduced to ensure backward compatibility with urllib3 versions older than 2.6.0, which do not support the max_length parameter in their decompress method.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds support for urllib3's max_length parameter in the custom _GzipDecoder and _BrotliDecoder to align with newer urllib3 APIs. The implementation correctly maintains backward compatibility with older urllib3 versions (pre-2.6.0) by using a try...except TypeError block. The changes are logical and well-implemented. My feedback is focused on improving the clarity of comments within these compatibility blocks to enhance long-term code maintainability.

@chandra-siri chandra-siri changed the title feat: Support urllib3's custom decoder, add max_length param feat: Support urllib3 >= 2.6.0 Dec 9, 2025
@chandra-siri chandra-siri marked this pull request as ready for review December 9, 2025 13:43
@chandra-siri chandra-siri requested review from a team as code owners December 9, 2025 13:43
@chandra-siri
Copy link
Collaborator Author

chandra-siri commented Dec 9, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the custom Gzip and Brotli decoders to be compatible with urllib3 v2.x, which introduced a max_length parameter to the decompress method to mitigate decompression bomb vulnerabilities. The changes add this parameter to the custom decoders and use a try-except block for backward compatibility with older urllib3 versions.

My review focuses on improving the implementation of this backward compatibility. I've suggested replacing the try-except blocks with an explicit version check at import time, which is cleaner and more performant. I also identified a bug in the new has_unconsumed_tail property for the Brotli decoder that would cause an AttributeError with older urllib3 versions and provided a fix. Overall, the changes are in the right direction to support modern urllib3 versions.

@chandra-siri chandra-siri mentioned this pull request Dec 9, 2025
Closed
@chandra-siri chandra-siri requested a review from jasha26 December 9, 2025 14:26
googlyrahman
googlyrahman approved these changes Dec 9, 2025
View reviewed changes
@chandra-siri chandra-siri merged commit 57405e9 into googleapis:main Dec 9, 2025
14 checks passed
@release-please release-please bot mentioned this pull request Dec 9, 2025
Merged
chandra-siri added a commit that referenced this pull request Dec 9, 2025
@release-please @chandra-siri
chore(main): release 3.7.0 (#1621)
89a947a 
🤖 I have created a release *beep* *boop*
---


##
[3.7.0](v3.6.0...v3.7.0)
(2025-12-09)


### Features

* Auto enable mTLS when supported certificates are detected
([#1637](#1637))
([4e91c54](4e91c54))
* Send entire object checksum in the final api call of resumable upload
([#1654](#1654))
([ddce7e5](ddce7e5))
* Support urllib3 &gt;= 2.6.0
([#1658](#1658))
([57405e9](57405e9))


### Bug Fixes

* **bucket:** Move blob fails when the new blob name contains characters
that need to be url encoded
([#1605](#1605))
([ec470a2](ec470a2))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Chandra Shekhar Sirimala <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ankitaluthra1 ankitaluthra1 ankitaluthra1 approved these changes

@jasha26 jasha26 jasha26 approved these changes

@Pulkit0110 Pulkit0110 Pulkit0110 approved these changes

@googlyrahman googlyrahman googlyrahman approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Pulkit0110 Pulkit0110

@googlyrahman googlyrahman

Labels

api: storage Issues related to the googleapis/python-storage API. size: s Pull request size is small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@chandra-siri @ankitaluthra1 @jasha26 @Pulkit0110 @googlyrahman