Bump curl-cffi from 0.14.0 to 0.15.0

[dependabot]

Bumps curl-cffi from 0.14.0 to 0.15.0.

Release notes

Sourced from curl-cffi's releases.

v0.15.0

🎉 Another release with significant changes!

Highlights

• http/3 fingerprints, added for Chrome 145, 146 and Firefox 147. To verify http3 fingerprints, visit https://fp.impersonate.pro
• http/3 proxy support with socks5 udp proxy server.
• New CLI tool, just called curl-cffi, easier http debugging for both humans and agents. See docs. We also added a skill.
• Compatibility optimization, curl_cffi is now fully static. Especially for macOS, no dependencies needed and compatible with macOS since 11.0.
• ⚠️ Security improvement. If you are accepting urls from others and returning the response to them, you are vulnerable to redirection-based SSRF. Disable allow_redirects or at lease set allow_redirects="safe", see the advisory and the docs.
• Performance optimization: WebSocket improvement and free-threading support.
• Android is officially supported, closing a 3-years-old issue.
• New impersonation behaviors, the cookie header behavior and POST boundary are now made exactly the same as browsers. These are not part of tls or http binary fingerprints, but are exploited by WAFs, too.

The list of proxy vendors with udp sock5 support is very limited, so I set up 2 servers for testing. You can simply run:

curl-cffi get https://fp.impersonate.pro/api/http3 --proxy socks5://imp:curl-cffi@206.189.95.199:1080 --http3-only
curl-cffi get https://fp.impersonate.pro/api/http3 --proxy socks5://imp:curl-cffi@24.144.88.46:1080 --http3-only

If you need more udp socks5 servers from us, click the 👀 emoji to vote.

What's Changed

• Fix some of the extension values being overwritten caused by applying… by @​enter-a-new-username3 in lexiforest/curl_cffi#680
• Typehint session return values and internal functions by @​Vizonex in lexiforest/curl_cffi#664
• Add free threaded builds by @​lexiforest in lexiforest/curl_cffi#697
• Async WebSocket: Docs, Safety & Performance Improvements by @​Sh3llcod3 in lexiforest/curl_cffi#692
• Add support for Android by @​lexiforest in lexiforest/curl_cffi#699
• add type hint for request responses by @​MFTabriz in lexiforest/curl_cffi#690
• Response hint fix for < 3.13 by @​novitae in lexiforest/curl_cffi#546
• Fix BufferError Crash by @​Sh3llcod3 in lexiforest/curl_cffi#700
• WS: Small Optimizations by @​Sh3llcod3 in lexiforest/curl_cffi#702
• Add support for retrying by @​lexiforest in lexiforest/curl_cffi#689
• WS: Update Docs by @​Sh3llcod3 in lexiforest/curl_cffi#705
• Enable http3 fingerprints by @​lexiforest in lexiforest/curl_cffi#712
• Add support for loongarch64 by @​wxpppp in lexiforest/curl_cffi#716
• Make the CLI more useful by @​lexiforest in lexiforest/curl_cffi#726
• Add option to mitigate SSRF by @​lexiforest in lexiforest/curl_cffi#727
• Expose http3 fingerprints customization by @​lexiforest in lexiforest/curl_cffi#728
• Add body to response.request by @​lexiforest in lexiforest/curl_cffi#710
• fix Makefile issue by @​p9s in lexiforest/curl_cffi#655
• Add support for READFUNCTION by @​lexiforest in lexiforest/curl_cffi#698

New Contributors

• @​enter-a-new-username3 made their first contribution in lexiforest/curl_cffi#680
• @​MFTabriz made their first contribution in lexiforest/curl_cffi#690
• @​wxpppp made their first contribution in lexiforest/curl_cffi#716
• @​p9s made their first contribution in lexiforest/curl_cffi#655

Full Changelog: lexiforest/curl_cffi@v0.14.0...v0.15.0

... (truncated)

Commits

• 0e219c4 cli: add --http3-only
• 21ca4f0 Optimize CLI output
• 884fffd Bump version to 0.15.0
• 754b43d Bump version
• 6e61a25 Add support for READFUNCTION (#698)
• 5eb13bc fix Makefile issue (#655)
• 39c046c Store request body (#710)
• 06237c9 Expose http3 fingerprints customization (#728)
• 5686baf Add option to mitigate SSRF (#727)
• 73b2b16 Bump version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)