Bump scrapy from 2.4.1 to 2.9.0

[dependabot]

Bumps scrapy from 2.4.1 to 2.9.0.

Release notes

Sourced from scrapy's releases.

2.9.0

• Per-domain download settings.
• Compatibility with new cryptography and new parsel.
• JMESPath selectors from the new parsel.
• Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

• Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older
• Bug fixes

See the full changelog

2.7.0

• Added Python 3.11 support, dropped Python 3.6 support
• Improved support for asynchronous callbacks
• Asyncio support is enabled by default on new projects
• Output names of item fields can now be arbitrary strings
• Centralized request fingerprinting configuration is now possible

See the full changelog

2.6.3

Makes pip install Scrapy work again.

It required making changes to support pyOpenSSL 22.1.0. We had to drop support for SSLv3 as a result.

We also upgraded the minimum versions of some dependencies.

See the changelog.

2.6.2

Fixes a security issue around HTTP proxy usage, and addresses a few regressions introduced in Scrapy 2.6.0.

See the changelog.

2.6.1

Fixes a regression introduced in 2.6.0 that would unset the request method when following redirects.

2.6.0

• Security fixes for cookie handling (see details below)
• Python 3.10 support
• asyncio support is no longer considered experimental, and works out-of-the-box on Windows regardless of your Python version

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.9.0 (2023-05-08)

Highlights:

• Per-domain download settings.
• Compatibility with new cryptography_ and new parsel_.
• JMESPath selectors from the new parsel_.
• Bug fixes.

Deprecations

-   :class:`scrapy.extensions.feedexport._FeedSlot` is renamed to
    :class:`scrapy.extensions.feedexport.FeedSlot` and the old name is
    deprecated. (:issue:`5876`)
New features

• Settings correponding to :setting:DOWNLOAD_DELAY, :setting:CONCURRENT_REQUESTS_PER_DOMAIN and :setting:RANDOMIZE_DOWNLOAD_DELAY can now be set on a per-domain basis via the new :setting:DOWNLOAD_SLOTS setting. (:issue:5328)

• Added :meth:TextResponse.jmespath, a shortcut for JMESPath selectors available since parsel_ 1.8.1. (:issue:5894, :issue:5915)

• Added :signal:feed_slot_closed and :signal:feed_exporter_closed signals. (:issue:5876)

• Added :func:scrapy.utils.request.request_to_curl, a function to produce a curl command from a :class:~scrapy.Request object. (:issue:5892)

• Values of :setting:FILES_STORE and :setting:IMAGES_STORE can now be :class:pathlib.Path instances. (:issue:5801)

Bug fixes

-   Fixed a warning with Parsel 1.8.1+. (:issue:`5903`, :issue:`5918`)


Fixed an error when using feed postprocessing with S3 storage.
(:issue:5500, :issue:5581)


Added the missing :meth:scrapy.settings.BaseSettings.setdefault method.
(:issue:5811, :issue:5821)


Fixed an error when using cryptography_ 40.0.0+ and
:setting:DOWNLOADER_CLIENT_TLS_VERBOSE_LOGGING is enabled.
</tr></table>

... (truncated)

Commits

• 52c0726 Bump version: 2.8.0 → 2.9.0
• 5bb6dfb Merge pull request #5909 from scrapy/relnotes-2.9
• caa66fa Mention deprecating _FeedSlot.
• 636559f Add newer changes.
• 92f86fa Merge pull request #5919 from scrapy/docs-parsel-fixes
• d1d6465 Address feedback.
• cba891a Enable doc tests for selectors.rst, fix issues.
• 776cf59 Merge pull request #5918 from Laerte/master
• 7317ff1 refactor: use kwargs strategy
• d907f9e fix: Handle Parsel > 1.7.0 warning
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.