Bump scrapy from 2.8.0 to 2.15.0 in /microservices/course_ingestion

[dependabot]

Bumps scrapy from 2.8.0 to 2.15.0.

Release notes

Sourced from scrapy's releases.

2.15.0

• Experimental support for running without a Twisted reactor
• Experimental httpx-based download handler

Full Changelog

2.14.2

• Values from the Referrer-Policy header of HTTP responses are no longer executed as Python callables. See the cwxj-rr6w-m6w7 security advisory for details.
• In line with the standard, 301 redirects of POST requests are converted into GET requests.

Full Changelog

2.14.1

• Deprecate maybeDeferred_coro()
• Pass the spider arg to custom stat collectors {open,close}_spider()
• Replace deprecated Codecov CI action

Full Changelog

2.14.0

• More coroutine-based replacements for Deferred-based APIs
• The default priority queue is now DownloaderAwarePriorityQueue
• Dropped support for Python 3.9 and PyPy 3.10
• Improved and documented the API for custom download handlers

Full changelog

2.13.4

Fix for the CVE-2025-6176 security issue: improved protection against decompression bombs in HttpCompressionMiddleware for responses compressed using the br and deflate methods. Requires brotli >= 1.2.0.

Full changelog

2.13.3

• Changed the values for DOWNLOAD_DELAY (from 0 to 1) and CONCURRENT_REQUESTS_PER_DOMAIN (from 8 to 1) in the default project template.
• Fixed several bugs in the engine initialization and exception handling logic.
• Allowed running tests with Twisted 25.5.0+ again and fixed test failures with lxml 6.0.0.

See the full changelog

2.13.2

• Fixed a bug introduced in Scrapy 2.13.0 that caused results of request errbacks to be ignored when the errback was called because of a downloader error.
• Docs and error messages improvements related to the Scrapy 2.13.0 default reactor change.

See the full changelog

2.13.1

• Give callback requests precedence over start requests when priority values are the same.

See the full changelog

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.15.0 (2026-04-09)

Highlights:

• Experimental support for running without a Twisted reactor

• Experimental httpx-based download handler

Backward-incompatible changes

-   The built-in HTTP :ref:`download handlers <download-handlers-ref>` now
    raise Scrapy-specific exceptions instead of implementation-specific ones,
    see :ref:`download-handlers-exceptions`. This can affect user code that
    handles downloader exceptions, such as ``process_exception()`` methods of
    custom :ref:`downloader middlewares <topics-downloader-middleware-custom>`.
    (:issue:`7208`)


In order to fix a long-standing bug with handling of asynchronous storages,

the following changes were made to media pipeline classes, which can impact

some of the user code that subclasses them or calls their methods directly:


overrides of :meth:scrapy.pipelines.media.MediaPipeline.media_downloaded

and :meth:~scrapy.pipelines.files.FilesPipeline.file_downloaded can now

return coroutines


:meth:~scrapy.pipelines.files.FilesPipeline.media_downloaded,

:meth:~scrapy.pipelines.files.FilesPipeline.file_downloaded and

:meth:~scrapy.pipelines.images.ImagesPipeline.image_downloaded now

return coroutines


(:issue:2183, :issue:6369, :issue:7182)


Request and Response objects: __slots__ and setter changes:


:class:scrapy.http.Request and :class:scrapy.http.Response now

define __slots__. Assigning arbitrary attributes to instances (for

example, response.foo = 1) will raise AttributeError. Store

per-request/response data in the request/response meta mapping

instead of attaching new attributes to the objects.


If you maintain custom Request or Response subclasses that

relied on dynamic instance attributes, either add '__dict__' to

your subclass __slots__ to allow dynamic attributes, or migrate

per-instance state to meta or explicit documented attributes.


The setters for headers, flags and cookies no longer coerce

falsy values into None. For example, request.headers = {} now

stores an empty :class:scrapy.http.headers.Headers instance (not

</tr></table>

... (truncated)

Commits

• 47e25fb Bump version: 2.14.2 → 2.15.0
• 1432455 Add a missing release notes change.
• 7e881ce Release notes for 2.15.0 (#7373)
• b68f267 Fix DownloaderAwarePriorityQueue tie-breaking across slots (#7351)
• 2b174e3 Silence the CertificateOptions method warning. (#7410)
• b9be5ce Reactorless shell and other small shell improvements (#7395)
• 5b37613 Improve commands (#7376)
• 13a014d Response now uses less memory (#7374)
• 9fffcc1 Optimize SitemapSpider memory usage (#7007)
• a4377f9 Rename DNS_RESOLVER to TWISTED_DNS_RESOLVER (#7361)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.