[PR #11749/81160396 backport][3.13] Bump brotli from 1.1.0 to 1.2.0

[patchback]

This is a backport of PR #11749 as merged into 3.14 (8116039).

Bumps brotli from 1.1.0 to 1.2.0.

Release notes

Sourced from brotli's releases.

v1.2.0

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

v1.2.0 RC2

What's Changed (compared to RC1)

• pick changes from Debian patch by @​copybara-service[bot] in google/brotli#1349
• pick changes from Alpine patch by @​copybara-service[bot] in google/brotli#1348
• pick VCPKG patches by @​copybara-service[bot] in google/brotli#1350
• fix copy-paste in Java decoder by @​copybara-service[bot] in google/brotli#1357

v1.2.0 RC1

IMPORTANT: though this is a pre-release for v1.2.0, it is expected that some changes will be added before release; most notably concerning build files: patches applied by Alpine, Debian, Conan, VCPKG will be partially/fully integrated.

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)

... (truncated)

Changelog

Sourced from brotli's changelog.

[1.2.0] - 2025-10-27

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

Commits

• 028fb5a release v1.2.0
• 390de5b build and test csharp decoder
• 3499acb regenerate go/kt/js/ts
• 8ca2312 fix release workflow
• ee771da fix copy-paste in Java decoder
• 42aee32 try to fix release workflow
• 392c06b redesign release resource uploading
• 1964cdb ramp up all GH actions plugins
• 61605b1 pick VCPKG patches
• 4b0f27b pick changes from Alpine patch
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codspeed-hq]

CodSpeed Performance Report

Merging #11779 will not alter performance

_{Comparing patchback/backports/3.13/81160396facbbcdedb84b0e9e6459225d7af755e/pr-11749 (a5a61d4) with 3.13 (de9d490)}

Summary

✅ 59 untouched

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.26%. Comparing base (de9d490) to head (a5a61d4).
⚠️ Report is 1 commits behind head on 3.13.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             3.13   #11779   +/-   ##
=======================================
  Coverage   98.26%   98.26%           
=======================================
  Files         128      128           
  Lines       44035    44035           
  Branches     2393     2393           
=======================================
  Hits        43271    43271           
  Misses        588      588           
  Partials      176      176           

Flag	Coverage Δ
CI-GHA	98.14% <ø> (ø)
OS-Linux	97.90% <ø> (ø)
OS-Windows	95.61% <ø> (ø)
OS-macOS	97.13% <ø> (-0.01%)	⬇️
Py-3.10.11	96.67% <ø> (ø)
Py-3.10.19	97.17% <ø> (ø)
Py-3.11.14	97.36% <ø> (ø)
Py-3.11.9	96.86% <ø> (ø)
Py-3.12.10	96.94% <ø> (-0.01%)	⬇️
Py-3.12.12	97.45% <ø> (-0.01%)	⬇️
Py-3.13.9	97.68% <ø> (+0.01%)	⬆️
Py-3.14.0	97.66% <ø> (+<0.01%)	⬆️
Py-3.14.0t	96.76% <ø> (+<0.01%)	⬆️
Py-3.9.13	96.57% <ø> (ø)
Py-3.9.25	97.07% <ø> (ø)
Py-pypy3.11.13-7.3.20	96.93% <ø> (+<0.01%)	⬆️
VM-macos	97.13% <ø> (-0.01%)	⬇️
VM-ubuntu	97.90% <ø> (ø)
VM-windows	95.61% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.