Bump qutebrowser from 1.11.0 to 2.4.0 in /python

[dependabot]

Bumps qutebrowser from 1.11.0 to 2.4.0.

Release notes

Sourced from qutebrowser's releases.

v2.4.0

Security

• CVE-2021-41146: Fix arbitrary command execution on Windows via URL handler argument injection. See the security advisory for details.

Added

• New content.blocking.hosts.block_subdomains setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0.
• New downloads.prevent_mixed_content setting to prevent insecure mixed-content downloads (true by default).
• New --private flag for :tab-clone, which clones a tab into a new private window, mirroring the same flags for :open and :tab-give.

Fixed

• Switching tabs via mouse wheel scrolling now works properly on macOS. Set tabs.mousewheel_switching to false if you prefer the previous behavior.
• Speculative fix for a crash when closing qutebrowser while a systray notification is shown.

v2.3.1

Fixes

• Updated the workaround for Google Account log in claiming that this browser isn't secure. For an equivalent workaround on older versions, run: :set -u https://accounts.google.com/* content.headers.user_agent "Mozilla/5.0 ({os_info}; rv:90.0) Gecko/20100101 Firefox/90.0"
• Corrupt cache file exceptions with adblock 0.5.0+ are now handled properly.
• Crash when entering unicode surrogates into the filename prompt.
• UnboundLocalError in qute-keepass when the database couldn't be opened.

v2.3.0

Added

• New content.prefers_reduced_motion setting to request websites to reduce non-essential motion/animations.
• New colors.prompts.selected.fg setting to customize the text color for selected items in filename prompts.

Changed

• The hosts-based adblocker (using content.blocking.hosts.lists) now also blocks all requests to any subdomains of blocked hosts.
• The fonts.web.* settings now support URL patterns.
• The :greasemonkey-reload command now shows a list of loaded scripts and has a new --quiet switch to suppress that message.
• When launching a userscript via hints, a new QUTE_CURRENT_URL environment variable now points to the current page (rather than the URL of the selected element, where QUTE_URL points to).

Fixed

• Crash on macOS 10.14+ when logging into Google accounts -- the previous fix was incomplete due wrong information in Apple's documentation.

... (truncated)

Changelog

Sourced from qutebrowser's changelog.

v2.4.0 (2021-10-21)

Security

- **CVE-2021-41146**: Fix arbitrary command execution on Windows via URL handler
  argument injection. See the
  https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm[security advisory]
  for details.
Added

- New `content.blocking.hosts.block_subdomains` setting which can be used to
  disable the subdomain blocking for the hosts-based adblocker introduced in
  v2.3.0.
- New `downloads.prevent_mixed_content` setting to prevent insecure
  mixed-content downloads (true by default).
- New `--private` flag for `:tab-clone`, which clones a tab into a new private
  window, mirroring the same flags for `:open` and `:tab-give`.
Fixed



Switching tabs via mouse wheel scrolling now works properly on macOS. Set
tabs.mousewheel_switching to false if you prefer the previous behavior.
Speculative fix for a crash when closing qutebrowser while a systray
notification is shown.

Changed

- Typing in the filename prompt now filters matching directories.
- When opening a file qutebrowser can't handle from a `file:///` directory
  listing, qutebrowser now opens it with the default application rather than
  displaying a download prompt.
- In Greasemonkey scripts, using "overrideMimeType" with GM_xmlhttpRequest is
  now supported.
- `:hint --rapid` is now supported for the `tab` hinting target no matter what
  `tabs.background` is set to, as there are various scenarios where tabs can
  open in the background.
- New flags for the `qute-pass` userscript:
  * `--unfiltered` to show all secrets, not just the one matching the current
    URL.
  * `--always-show-selection` to confirm the password to be entered even if
    there's only a single match.
- In insert mode, `<Shift-Escape>` is now bound to `fake-key <Escape>` by
  default, i.e., sends an Escape keypress to the website.
- Using `GM_setClipboard` in Greasemonkey scripts is now supported.
</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/36ffff2f6b3b77f900cd503b86ec9cfd9497e983&quot;&gt;&lt;code&gt;36ffff2&lt;/code&gt;&lt;/a> Release v2.4.0</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/89cb4cfdd8ae17581134de5b7acca96079eca78a&quot;&gt;&lt;code&gt;89cb4cf&lt;/code&gt;&lt;/a> Merge remote-tracking branch 'origin/update-dependencies'</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/1e1aa4e89187bc70f27af18231942608003ae168&quot;&gt;&lt;code&gt;1e1aa4e&lt;/code&gt;&lt;/a> Update changelog</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/bcd91f3d4a0c2abec3c2742681f71f77643cfd3d&quot;&gt;&lt;code&gt;bcd91f3&lt;/code&gt;&lt;/a> Fix typo</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/2d85e4100624f09f14a7256f81870f292d152af5&quot;&gt;&lt;code&gt;2d85e41&lt;/code&gt;&lt;/a> utils: Fix coverage pragma location</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/62958e54e09eb21fbe7ce4d1517b6b35e9509e85&quot;&gt;&lt;code&gt;62958e5&lt;/code&gt;&lt;/a> Update dependencies</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/ca114a076621c58f067e8b809e7ef4e27ad4e2c1&quot;&gt;&lt;code&gt;ca114a0&lt;/code&gt;&lt;/a> scripts: Fix changelog URLs for real</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/e6e7e95013f76a21357783d27fda85de6f125ffc&quot;&gt;&lt;code&gt;e6e7e95&lt;/code&gt;&lt;/a> scripts: Use new Qt path in build_release</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/51972fa4e2fa3b9d90cd728020d5d7496331b008&quot;&gt;&lt;code&gt;51972fa&lt;/code&gt;&lt;/a> Revert &quot;scripts: Remove macOS symlinking&quot;</li>

<li><a href="https://github.com/qutebrowser/qutebrowser/commit/a8dacd98fb15c688571d1fa9db82cbd4715a0bda&quot;&gt;&lt;code&gt;a8dacd9&lt;/code&gt;&lt;/a> scripts: Remove old -Qt5 PyQt packages</li>

<li>Additional commits viewable in <a href="https://github.com/qutebrowser/qutebrowser/compare/v1.11.0...v2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />



Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.