Fix cookie unquoting regression

[bdraco]

What do these changes do?

This PR fixes a regression I introduced when vendoring SimpleCookie - I accidentally copied the wrong _unquote function. The correct implementation from Python's http.cookies module is now vendored, which properly handles:

• Octal escape sequences in cookie values (e.g., \012 for newline, \011 for tab)
• Escaped quotes (\") and backslashes (\\)
• All edge cases that the standard library handles

Comprehensive tests have been added to ensure the vendored function behaves identically to SimpleCookie's implementation.

Are there changes in behavior for the user?

Cookie parsing will now correctly handle cookies with octal escape sequences in their values, restoring compatibility with servers that send such cookies. This fixes a regression where these cookies were not being decoded properly.

Is it a substantial burden for the maintainers to support this?

No. This is a straightforward vendoring of a stable function from Python's standard library that has remained unchanged for years. The implementation is well-tested and matches Python's cookie handling behavior exactly. The comprehensive test suite ensures any future changes will be caught.

Related issue number

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES/ folder

  • name it <issue_or_pr_num>.<type>.rst (e.g. 588.bugfix.rst)

  • if you don't have an issue number, change it to the pull request
    number after creating the PR

    • .bugfix: A bug fix for something the maintainers deemed an
      improper undesired behavior that got corrected to match
      pre-agreed expectations.
    • .feature: A new behavior, public APIs. That sort of stuff.
    • .deprecation: A declaration of future API removals and breaking
      changes in behavior.
    • .breaking: When something public is removed in a breaking way.
      Could be deprecated in an earlier release.
    • .doc: Notable updates to the documentation structure or build
      process.
    • .packaging: Notes for downstreams about unobvious side effects
      and tooling. Changes in the test invocation considerations and
      runtime assumptions.
    • .contrib: Stuff that affects the contributor experience. e.g.
      Running tests, building the docs, setting up the development
      environment.
    • .misc: Changes that are hard to assign to any of the above
      categories.

  • Make sure to use full sentences with correct case and punctuation,
    for example:

    Fixed issue with non-ascii contents in doctest text files
    -- by :user:`contributor-gh-handle`.

    Use the past tense or the present tense a non-imperative mood,
    referring to what's changed compared to the last released version
    of this project.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.86%. Comparing base (2a7ed29) to head (c1f1556).
⚠️ Report is 3084 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #11173      +/-   ##
==========================================
+ Coverage   98.30%   98.86%   +0.55%     
==========================================
  Files         132      131       -1     
  Lines       43245    43010     -235     
  Branches     2374     2316      -58     
==========================================
+ Hits        42511    42520       +9     
+ Misses        558      340     -218     
+ Partials      176      150      -26     

Flag	Coverage Δ
CI-GHA	98.75% <100.00%> (+0.55%)	⬆️
OS-Linux	98.47% <100.00%> (+0.54%)	⬆️
OS-Windows	96.80% <100.00%> (+1.16%)	⬆️
OS-macOS	97.70% <100.00%> (+0.51%)	⬆️
Py-3.10.11	97.34% <100.00%> (+0.51%)	⬆️
Py-3.10.17	97.84% <100.00%> (+0.52%)	⬆️
Py-3.11.12	98.02% <100.00%> (+0.50%)	⬆️
Py-3.11.9	97.54% <100.00%> (+0.51%)	⬆️
Py-3.12.10	98.40% <100.00%> (+0.54%)	⬆️
Py-3.13.3	98.39% <100.00%> (+0.54%)	⬆️
Py-3.9.13	97.23% <100.00%> (+0.51%)	⬆️
Py-3.9.22	97.71% <100.00%> (+0.50%)	⬆️
Py-pypy7.3.16	86.12% <100.00%> (-1.82%)	⬇️
VM-macos	97.70% <100.00%> (+0.51%)	⬆️
VM-ubuntu	98.47% <100.00%> (+0.54%)	⬆️
VM-windows	96.80% <100.00%> (+1.16%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[codspeed-hq]

CodSpeed Performance Report

Merging #11173 will not alter performance

_{Comparing cookie_unquoting_regression (c1f1556) with master (8795da3)}

Summary

✅ 59 untouched benchmarks

[patchback]

Backport to 3.12: 💚 backport PR created

✅ Backport PR branch: patchback/backports/3.12/85b0df43bf99aeb1b5258aecae19d40a16ac273e/pr-11173

Backported as #11179

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[patchback]

Backport to 3.13: 💚 backport PR created

✅ Backport PR branch: patchback/backports/3.13/85b0df43bf99aeb1b5258aecae19d40a16ac273e/pr-11173

Backported as #11180

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.