Changelog
*Sourced from [requests's changelog](https://github.com/psf/requests/blob/master/HISTORY.md).*
> 2.20.0 (2018-10-18)
> -------------------
>
> **Bugfixes**
>
> - Content-Type header parsing is now case-insensitive (e.g.
> charset=utf8 v Charset=utf8).
> - Fixed exception leak where certain redirect urls would raise
> uncaught urllib3 exceptions.
> - Requests removes Authorization header from requests redirected
> from https to http on the same hostname. (CVE-2018-18074)
> - `should_bypass_proxies` now handles URIs without hostnames (e.g.
> files).
>
> **Dependencies**
>
> - Requests now supports urllib3 v1.24.
>
> **Deprecations**
>
> - Requests has officially stopped support for Python 2.6.
>
> 2.19.1 (2018-06-14)
> -------------------
>
> **Bugfixes**
>
> - Fixed issue where status\_codes.py's `init` function failed trying
> to append to a `__doc__` value of `None`.
>
> 2.19.0 (2018-06-12)
> -------------------
>
> **Improvements**
>
> - Warn user about possible slowdown when using cryptography version
> < 1.3.4
> - Check for invalid host in proxy URL, before forwarding request to
> adapter.
> - Fragments are now properly maintained across redirects. (RFC7231
> 7.1.2)
> - Removed use of cgi module to expedite library load time.
> - Added support for SHA-256 and SHA-512 digest auth algorithms.
> - Minor performance improvement to `Request.content`.
> - Migrate to using collections.abc for 3.7 compatibility.
>
> **Bugfixes**
>
> - Parsing empty `Link` headers with `parse_header_links()` no longer
> return one bogus entry.
> ... (truncated)
Commits
- [`bd84045`](https://github.com/psf/requests/commit/bd840450c0d1e9db3bf62382c15d96378cc3a056) v2.20.0
- [`7fd9267`](https://github.com/psf/requests/commit/7fd9267b3bab1d45f5e4ac0953629c5531ecbc55) remove final remnants from 2.6
- [`6ae8a21`](https://github.com/psf/requests/commit/6ae8a2189235b62d7c5b2a6b95528750f046097c) Add myself to AUTHORS
- [`89ab030`](https://github.com/psf/requests/commit/89ab030cdb83a728a30e172bc65d27ba214d2eda) Use comprehensions whenever possible
- [`2c6a842`](https://github.com/psf/requests/commit/2c6a8426aebd853966747f2c851f551c583cb21a) Merge pull request [#4827](https://github-redirect.dependabot.com/requests/requests/issues/4827) from webmaven/patch-1
- [`30be889`](https://github.com/psf/requests/commit/30be889651e7034eaa56edaf5794d68ffbfde9ed) CVE URLs update: www sub-subdomain no longer valid
- [`a6cd380`](https://github.com/psf/requests/commit/a6cd380c640087218695bc7c62311a4843777e43) Merge pull request [#4765](https://github-redirect.dependabot.com/requests/requests/issues/4765) from requests/encapsulate_urllib3_exc
- [`bbdbcc8`](https://github.com/psf/requests/commit/bbdbcc8f0553f112ff68b0950b4128bd8af000fc) wrap url parsing exceptions from urllib3's PoolManager
- [`ff0c325`](https://github.com/psf/requests/commit/ff0c325014f817095de35013d385e137b111d6e8) Merge pull request [#4805](https://github-redirect.dependabot.com/requests/requests/issues/4805) from jdufresne/https
- [`b0ad249`](https://github.com/psf/requests/commit/b0ad2499c8641d29affc90f565e6628d333d2a96) Prefer https:// for URLs throughout project
- Additional commits viewable in [compare view](https://github.com/requests/requests/compare/v2.13.0...v2.20.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Data4Democracy/nyc-accessibility/network/alerts).
Bumps requests from 2.13.0 to 2.20.0.
Changelog
*Sourced from [requests's changelog](https://github.com/psf/requests/blob/master/HISTORY.md).* > 2.20.0 (2018-10-18) > ------------------- > > **Bugfixes** > > - Content-Type header parsing is now case-insensitive (e.g. > charset=utf8 v Charset=utf8). > - Fixed exception leak where certain redirect urls would raise > uncaught urllib3 exceptions. > - Requests removes Authorization header from requests redirected > from https to http on the same hostname. (CVE-2018-18074) > - `should_bypass_proxies` now handles URIs without hostnames (e.g. > files). > > **Dependencies** > > - Requests now supports urllib3 v1.24. > > **Deprecations** > > - Requests has officially stopped support for Python 2.6. > > 2.19.1 (2018-06-14) > ------------------- > > **Bugfixes** > > - Fixed issue where status\_codes.py's `init` function failed trying > to append to a `__doc__` value of `None`. > > 2.19.0 (2018-06-12) > ------------------- > > **Improvements** > > - Warn user about possible slowdown when using cryptography version > < 1.3.4 > - Check for invalid host in proxy URL, before forwarding request to > adapter. > - Fragments are now properly maintained across redirects. (RFC7231 > 7.1.2) > - Removed use of cgi module to expedite library load time. > - Added support for SHA-256 and SHA-512 digest auth algorithms. > - Minor performance improvement to `Request.content`. > - Migrate to using collections.abc for 3.7 compatibility. > > **Bugfixes** > > - Parsing empty `Link` headers with `parse_header_links()` no longer > return one bogus entry. > ... (truncated)Commits
- [`bd84045`](https://github.com/psf/requests/commit/bd840450c0d1e9db3bf62382c15d96378cc3a056) v2.20.0 - [`7fd9267`](https://github.com/psf/requests/commit/7fd9267b3bab1d45f5e4ac0953629c5531ecbc55) remove final remnants from 2.6 - [`6ae8a21`](https://github.com/psf/requests/commit/6ae8a2189235b62d7c5b2a6b95528750f046097c) Add myself to AUTHORS - [`89ab030`](https://github.com/psf/requests/commit/89ab030cdb83a728a30e172bc65d27ba214d2eda) Use comprehensions whenever possible - [`2c6a842`](https://github.com/psf/requests/commit/2c6a8426aebd853966747f2c851f551c583cb21a) Merge pull request [#4827](https://github-redirect.dependabot.com/requests/requests/issues/4827) from webmaven/patch-1 - [`30be889`](https://github.com/psf/requests/commit/30be889651e7034eaa56edaf5794d68ffbfde9ed) CVE URLs update: www sub-subdomain no longer valid - [`a6cd380`](https://github.com/psf/requests/commit/a6cd380c640087218695bc7c62311a4843777e43) Merge pull request [#4765](https://github-redirect.dependabot.com/requests/requests/issues/4765) from requests/encapsulate_urllib3_exc - [`bbdbcc8`](https://github.com/psf/requests/commit/bbdbcc8f0553f112ff68b0950b4128bd8af000fc) wrap url parsing exceptions from urllib3's PoolManager - [`ff0c325`](https://github.com/psf/requests/commit/ff0c325014f817095de35013d385e137b111d6e8) Merge pull request [#4805](https://github-redirect.dependabot.com/requests/requests/issues/4805) from jdufresne/https - [`b0ad249`](https://github.com/psf/requests/commit/b0ad2499c8641d29affc90f565e6628d333d2a96) Prefer https:// for URLs throughout project - Additional commits viewable in [compare view](https://github.com/requests/requests/compare/v2.13.0...v2.20.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Data4Democracy/nyc-accessibility/network/alerts).