Closed pyup-bot closed 2 days ago
Updated black version The version of 'black', a tool which helps us to standardize our programming code format, was updated. This indicates we're keeping up with latest improvements in code formatting standards.
Updated certifi version The version of 'certifi', a package that provides SSL Certificate verification, was updated. This offers improved security when connecting to other services securely.
Jinja2 version upgraded The version of 'jinja2', a template engine for Python, was updated. This helps improve website functionality and flexibility with the new features and fixes from the latest version.
Updated pygments version 'pygments', a syntax highlighting tool was updated. This will affect the way our code looks, making it easier to read and understand.
Requests version upgraded The 'requests' package, which we use to send HTTP requests, was updated. This improves our interaction with services across the web, potentially offering faster responses and more robust connections.
Updated urllib3 version The 'urllib3' package, which we use to handle HTTP connections, was updated. This might lead to more efficient web communications, such as quicker download and upload speeds and more reliable connections.
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 33.67%. Comparing base (
ad09368
) to head (73020b7
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Closing this in favor of #613
Update black from 22.8.0 to 24.3.0.
Changelog
### 24.3.0 ``` Highlights This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix [CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503). This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher. Stable style - Don't move comments along with delimiters, which could cause crashes (4248) - Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (4270) - Fix a bug where line-ranges exceeding the last code line would not work as expected (4273) Performance - Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes [CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503). (4278) Documentation - Note what happens when `--check` is used with `--quiet` (4236) ``` ### 24.2.0 ``` Stable style - Fixed a bug where comments where mistakenly removed along with redundant parentheses (4218) Preview style - Move the `hug_parens_with_braces_and_square_brackets` feature to the unstable style due to an outstanding crash and proposed formatting tweaks (4198) - Fixed a bug where base expressions caused inconsistent formatting of \*\* in tenary expression (4154) - Checking for newline before adding one on docstring that is almost at the line limit (4185) - Remove redundant parentheses in `case` statement `if` guards (4214). Configuration - Fix issue where _Black_ would ignore input files in the presence of symlinks (4222) - _Black_ now ignores `pyproject.toml` that is missing a `tool.black` section when discovering project root and configuration. Since _Black_ continues to use version control as an indicator of project root, this is expected to primarily change behavior for users in a monorepo setup (desirably). If you wish to preserve previous behavior, simply add an empty `[tool.black]` to the previously discovered `pyproject.toml` (4204) Output - Black will swallow any `SyntaxWarning`s or `DeprecationWarning`s produced by the `ast` module when performing equivalence checks (4189) Integrations - Add a JSONSchema and provide a validate-pyproject entry-point (4181) ``` ### 24.1.1 ``` Bugfix release to fix a bug that made Black unusable on certain file systems with strict limits on path length. Preview style - Consistently add trailing comma on typed parameters (4164) Configuration - Shorten the length of the name of the cache file to fix crashes on file systems that do not support long paths (4176) ``` ### 24.1.0 ``` Highlights This release introduces the new 2024 stable style (4106), stabilizing the following changes: - Add parentheses around `if`-`else` expressions (2278) - Dummy class and function implementations consisting only of `...` are formatted more compactly (3796) - If an assignment statement is too long, we now prefer splitting on the right-hand side (3368) - Hex codes in Unicode escape sequences are now standardized to lowercase (2916) - Allow empty first lines at the beginning of most blocks (3967, 4061) - Add parentheses around long type annotations (3899) - Enforce newline after module docstrings (3932, 4028) - Fix incorrect magic trailing comma handling in return types (3916) - Remove blank lines before class docstrings (3692) - Wrap multiple context managers in parentheses if combined in a single `with` statement (3489) - Fix bug in line length calculations for power operations (3942) - Add trailing commas to collection literals even if there's a comment after the last entry (3393) - When using `--skip-magic-trailing-comma` or `-C`, trailing commas are stripped from subscript expressions with more than 1 element (3209) - Add extra blank lines in stubs in a few cases (3564, 3862) - Accept raw strings as docstrings (3947) - Split long lines in case blocks (4024) - Stop removing spaces from walrus operators within subscripts (3823) - Fix incorrect formatting of certain async statements (3609) - Allow combining ` fmt: skip` with other comments (3959) There are already a few improvements in the `--preview` style, which are slated for the 2025 stable style. Try them out and [share your feedback](https://github.com/psf/black/issues). In the past, the preview style has included some features that we were not able to stabilize. This year, we're adding a separate `--unstable` style for features with known problems. Now, the `--preview` style only includes features that we actually expect to make it into next year's stable style. Stable style Several bug fixes were made in features that are moved to the stable style in this release: - Fix comment handling when parenthesising conditional expressions (4134) - Fix bug where spaces were not added around parenthesized walruses in subscripts, unlike other binary operators (4109) - Remove empty lines before docstrings in async functions (4132) - Address a missing case in the change to allow empty lines at the beginning of all blocks, except immediately before a docstring (4130) - For stubs, fix logic to enforce empty line after nested classes with bodies (4141) Preview style - Add `--unstable` style, covering preview features that have known problems that would block them from going into the stable style. Also add the `--enable-unstable-feature` flag; for example, use `--enable-unstable-feature hug_parens_with_braces_and_square_brackets` to apply this preview feature throughout 2024, even if a later Black release downgrades the feature to unstable (4096) - Format module docstrings the same as class and function docstrings (4095) - Fix crash when using a walrus in a dictionary (4155) - Fix unnecessary parentheses when wrapping long dicts (4135) - Stop normalizing spaces before ` fmt: skip` comments (4146) Configuration - Print warning when configuration in `pyproject.toml` contains an invalid key (4165) - Fix symlink handling, properly ignoring symlinks that point outside of root (4161) - Fix cache mtime logic that resulted in false positive cache hits (4128) - Remove the long-deprecated `--experimental-string-processing` flag. This feature can currently be enabled with `--preview --enable-unstable-feature string_processing`. (4096) Integrations - Revert the change to run Black's pre-commit integration only on specific git hooks (3940) for better compatibility with older versions of pre-commit (4137) ``` ### 23.12.1 ``` Packaging - Fixed a bug that included dependencies from the `d` extra by default (4108) ``` ### 23.12.0 ``` Highlights It's almost 2024, which means it's time for a new edition of _Black_'s stable style! Together with this release, we'll put out an alpha release 24.1a1 showcasing the draft 2024 stable style, which we'll finalize in the January release. Please try it out and [share your feedback](https://github.com/psf/black/issues/4042). This release (23.12.0) will still produce the 2023 style. Most but not all of the changes in `--preview` mode will be in the 2024 stable style. Stable style - Fix bug where ` fmt: off` automatically dedents when used with the `--line-ranges` option, even when it is not within the specified line range. (4084) - Fix feature detection for parenthesized context managers (4104) Preview style - Prefer more equal signs before a break when splitting chained assignments (4010) - Standalone form feed characters at the module level are no longer removed (4021) - Additional cases of immediately nested tuples, lists, and dictionaries are now indented less (4012) - Allow empty lines at the beginning of all blocks, except immediately before a docstring (4060) - Fix crash in preview mode when using a short `--line-length` (4086) - Keep suites consisting of only an ellipsis on their own lines if they are not functions or class definitions (4066) (4103) Configuration - `--line-ranges` now skips _Black_'s internal stability check in `--safe` mode. This avoids a crash on rare inputs that have many unformatted same-content lines. (4034) Packaging - Upgrade to mypy 1.7.1 (4049) (4069) - Faster compiled wheels are now available for CPython 3.12 (4070) Integrations - Enable 3.12 CI (4035) - Build docker images in parallel (4054) - Build docker images with 3.12 (4055) ``` ### 23.11.0 ``` Highlights - Support formatting ranges of lines with the new `--line-ranges` command-line option (4020) Stable style - Fix crash on formatting bytes strings that look like docstrings (4003) - Fix crash when whitespace followed a backslash before newline in a docstring (4008) - Fix standalone comments inside complex blocks crashing Black (4016) - Fix crash on formatting code like `await (a ** b)` (3994) - No longer treat leading f-strings as docstrings. This matches Python's behaviour and fixes a crash (4019) Preview style - Multiline dicts and lists that are the sole argument to a function are now indented less (3964) - Multiline unpacked dicts and lists as the sole argument to a function are now also indented less (3992) - In f-string debug expressions, quote types that are visible in the final string are now preserved (4005) - Fix a bug where long `case` blocks were not split into multiple lines. Also enable general trailing comma rules on `case` blocks (4024) - Keep requiring two empty lines between module-level docstring and first function or class definition (4028) - Add support for single-line format skip with other comments on the same line (3959) Configuration - Consistently apply force exclusion logic before resolving symlinks (4015) - Fix a bug in the matching of absolute path names in `--include` (3976) Performance - Fix mypyc builds on arm64 on macOS (4017) Integrations - Black's pre-commit integration will now run only on git hooks appropriate for a code formatter (3940) ``` ### 23.10.1 ``` Highlights - Maintenance release to get a fix out for GitHub Action edge case (3957) Preview style - Fix merging implicit multiline strings that have inline comments (3956) - Allow empty first line after block open before a comment or compound statement (3967) Packaging - Change Dockerfile to hatch + compile black (3965) Integrations - The summary output for GitHub workflows is now suppressible using the `summary` parameter. (3958) - Fix the action failing when Black check doesn't pass (3957) Documentation - It is known Windows documentation CI is broken https://github.com/psf/black/issues/3968 ``` ### 23.10.0 ``` Stable style - Fix comments getting removed from inside parenthesized strings (3909) Preview style - Fix long lines with power operators getting split before the line length (3942) - Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (3899) - Magic trailing commas are now respected in return types. (3916) - Require one empty line after module-level docstrings. (3932) - Treat raw triple-quoted strings as docstrings (3947) Configuration - Fix cache versioning logic when `BLACK_CACHE_DIR` is set (3937) Parser - Fix bug where attributes named `type` were not accepted inside `match` statements (3950) - Add support for PEP 695 type aliases containing lambdas and other unusual expressions (3949) Output - Black no longer attempts to provide special errors for attempting to format Python 2 code (3933) - Black will more consistently print stacktraces on internal errors in verbose mode (3938) Integrations - The action output displayed in the job summary is now wrapped in Markdown (3914) ``` ### 23.9.1 ``` Due to various issues, the previous release (23.9.0) did not include compiled mypyc wheels, which make Black significantly faster. These issues have now been fixed, and this release should come with compiled wheels once again. There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12 wheels in a future release as soon as the mypyc bug is fixed. Packaging - Upgrade to mypy 1.5.1 (3864) Performance - Store raw tuples instead of NamedTuples in Black's cache, improving performance and decreasing the size of the cache (3877) ``` ### 23.9.0 ``` Preview style - More concise formatting for dummy implementations (3796) - In stub files, add a blank line between a statement with a body (e.g an `if sys.version_info > (3, x):`) and a function definition on the same level (3862) - Fix a bug whereby spaces were removed from walrus operators within subscript(3823) Configuration - Black now applies exclusion and ignore logic before resolving symlinks (3846) Performance - Avoid importing `IPython` if notebook cells do not contain magics (3782) - Improve caching by comparing file hashes as fallback for mtime and size (3821) _Blackd_ - Fix an issue in `blackd` with single character input (3558) Integrations - Black now has an [official pre-commit mirror](https://github.com/psf/black-pre-commit-mirror). Swapping `https://github.com/psf/black` to `https://github.com/psf/black-pre-commit-mirror` in your `.pre-commit-config.yaml` will make Black about 2x faster (3828) - The `.black.env` folder specified by `ENV_PATH` will now be removed on the completion of the GitHub Action (3759) ``` ### 23.7.0 ``` Highlights - Runtime support for Python 3.7 has been removed. Formatting 3.7 code will still be supported until further notice (3765) Stable style - Fix a bug where an illegal trailing comma was added to return type annotations using PEP 604 unions (3735) - Fix several bugs and crashes where comments in stub files were removed or mishandled under some circumstances (3745) - Fix a crash with multi-line magic comments like `type: ignore` within parentheses (3740) - Fix error in AST validation when _Black_ removes trailing whitespace in a type comment (3773) Preview style - Implicitly concatenated strings used as function args are no longer wrapped inside parentheses (3640) - Remove blank lines between a class definition and its docstring (3692) Configuration - The `--workers` argument to _Black_ can now be specified via the `BLACK_NUM_WORKERS` environment variable (3743) - `.pytest_cache`, `.ruff_cache` and `.vscode` are now excluded by default (3691) - Fix _Black_ not honouring `pyproject.toml` settings when running `--stdin-filename` and the `pyproject.toml` found isn't in the current working directory (3719) - _Black_ will now error if `exclude` and `extend-exclude` have invalid data types in `pyproject.toml`, instead of silently doing the wrong thing (3764) Packaging - Upgrade mypyc from 0.991 to 1.3 (3697) - Remove patching of Click that mitigated errors on Python 3.6 with `LANG=C` (3768) Parser - Add support for the new PEP 695 syntax in Python 3.12 (3703) Performance - Speed up _Black_ significantly when the cache is full (3751) - Avoid importing `IPython` in a case where we wouldn't need it (3748) Output - Use aware UTC datetimes internally, avoids deprecation warning on Python 3.12 (3728) - Change verbose logging to exactly mirror _Black_'s logic for source discovery (3749) _Blackd_ - The `blackd` argument parser now shows the default values for options in their help text (3712) Integrations - Black is now tested with [`PYTHONWARNDEFAULTENCODING = 1`](https://docs.python.org/3/library/io.html#io-encoding-warning) (3763) - Update GitHub Action to display black output in the job summary (3688) Documentation - Add a CITATION.cff file to the root of the repository, containing metadata on how to cite this software (3723) - Update the _classes_ and _exceptions_ documentation in Developer reference to match the latest code base (3755) ``` ### 23.3.0 ``` Highlights This release fixes a longstanding confusing behavior in Black's GitHub action, where the version of the action did not determine the version of Black being run (issue 3382). In addition, there is a small bug fix around imports and a number of improvements to the preview style. Please try out the [preview style](https://black.readthedocs.io/en/stable/the_black_code_style/future_style.html#preview-style) with `black --preview` and tell us your feedback. All changes in the preview style are expected to become part of Black's stable style in January 2024. Stable style - Import lines with ` fmt: skip` and ` fmt: off` no longer have an extra blank line added when they are right after another import line (3610) Preview style - Add trailing commas to collection literals even if there's a comment after the last entry (3393) - `async def`, `async for`, and `async with` statements are now formatted consistently compared to their non-async version. (3609) - `with` statements that contain two context managers will be consistently wrapped in parentheses (3589) - Let string splitters respect [East Asian Width](https://www.unicode.org/reports/tr11/) (3445) - Now long string literals can be split after East Asian commas and periods (`、` U+3001 IDEOGRAPHIC COMMA, `。` U+3002 IDEOGRAPHIC FULL STOP, & `,` U+FF0C FULLWIDTH COMMA) besides before spaces (3445) - For stubs, enforce one blank line after a nested class with a body other than just `...` (3564) - Improve handling of multiline strings by changing line split behavior (1879) Parser - Added support for formatting files with invalid type comments (3594) Integrations - Update GitHub Action to use the version of Black equivalent to action's version if version input is not specified (3543) - Fix missing Python binary path in autoload script for vim (3508) Documentation - Document that only the most recent release is supported for security issues; vulnerabilities should be reported through Tidelift (3612) ``` ### 23.1.0 ``` Highlights This is the first release of 2023, and following our [stability policy](https://black.readthedocs.io/en/stable/the_black_code_style/index.html#stability-policy), it comes with a number of improvements to our stable style, including improvements to empty line handling, removal of redundant parentheses in several contexts, and output that highlights implicitly concatenated strings better. There are also many changes to the preview style; try out `black --preview` and give us feedback to help us set the stable style for next year. In addition to style changes, Black now automatically infers the supported Python versions from your `pyproject.toml` file, removing the need to set Black's target versions separately. Stable style - Introduce the 2023 stable style, which incorporates most aspects of last year's preview style (3418). Specific changes: - Enforce empty lines before classes and functions with sticky leading comments (3302) (22.12.0) - Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (3348) (22.12.0) - Implicitly concatenated strings used as function args are now wrapped inside parentheses (3307) (22.12.0) - Correctly handle trailing commas that are inside a line's leading non-nested parens (3370) (22.12.0) - `--skip-string-normalization` / `-S` now prevents docstring prefixes from being normalized as expected (3168) (since 22.8.0) - When using `--skip-magic-trailing-comma` or `-C`, trailing commas are stripped from subscript expressions with more than 1 element (3209) (22.8.0) - Implicitly concatenated strings inside a list, set, or tuple are now wrapped inside parentheses (3162) (22.8.0) - Fix a string merging/split issue when a comment is present in the middle of implicitly concatenated strings on its own line (3227) (22.8.0) - Docstring quotes are no longer moved if it would violate the line length limit (3044, 3430) (22.6.0) - Parentheses around return annotations are now managed (2990) (22.6.0) - Remove unnecessary parentheses around awaited objects (2991) (22.6.0) - Remove unnecessary parentheses in `with` statements (2926) (22.6.0) - Remove trailing newlines after code block open (3035) (22.6.0) - Code cell separators `%%` are now standardised to ` %%` (2919) (22.3.0) - Remove unnecessary parentheses from `except` statements (2939) (22.3.0) - Remove unnecessary parentheses from tuple unpacking in `for` loops (2945) (22.3.0) - Avoid magic-trailing-comma in single-element subscripts (2942) (22.3.0) - Fix a crash when a colon line is marked between ` fmt: off` and ` fmt: on` (3439) Preview style - Format hex codes in unicode escape sequences in string literals (2916) - Add parentheses around `if`-`else` expressions (2278) - Improve performance on large expressions that contain many strings (3467) - Fix a crash in preview style with assert + parenthesized string (3415) - Fix crashes in preview style with walrus operators used in function return annotations and except clauses (3423) - Fix a crash in preview advanced string processing where mixed implicitly concatenated regular and f-strings start with an empty span (3463) - Fix a crash in preview advanced string processing where a standalone comment is placed before a dict's value (3469) - Fix an issue where extra empty lines are added when a decorator has ` fmt: skip` applied or there is a standalone comment between decorators (3470) - Do not put the closing quotes in a docstring on a separate line, even if the line is too long (3430) - Long values in dict literals are now wrapped in parentheses; correspondingly unnecessary parentheses around short values in dict literals are now removed; long string lambda values are now wrapped in parentheses (3440) - Fix two crashes in preview style involving edge cases with docstrings (3451) - Exclude string type annotations from improved string processing; fix crash when the return type annotation is stringified and spans across multiple lines (3462) - Wrap multiple context managers in parentheses when targeting Python 3.9+ (3489) - Fix several crashes in preview style with walrus operators used in `with` statements or tuples (3473) - Fix an invalid quote escaping bug in f-string expressions where it produced invalid code. Implicitly concatenated f-strings with different quotes can now be merged or quote-normalized by changing the quotes used in expressions. (3509) - Fix crash on `await (yield)` when Black is compiled with mypyc (3533) Configuration - Black now tries to infer its `--target-version` from the project metadata specified in `pyproject.toml` (3219) Packaging - Upgrade mypyc from `0.971` to `0.991` so mypycified _Black_ can be built on armv7 (3380) - This also fixes some crashes while using compiled Black with a debug build of CPython - Drop specific support for the `tomli` requirement on 3.11 alpha releases, working around a bug that would cause the requirement not to be installed on any non-final Python releases (3448) - Black now depends on `packaging` version `22.0` or later. This is required for new functionality that needs to parse part of the project metadata (3219) Output - Calling `black --help` multiple times will return the same help contents each time (3516) - Verbose logging now shows the values of `pyproject.toml` configuration variables (3392) - Fix false symlink detection messages in verbose output due to using an incorrect relative path to the project root (3385) Integrations - Move 3.11 CI to normal flow now that all dependencies support 3.11 (3446) - Docker: Add new `latest_prerelease` tag automation to follow latest black alpha release on docker images (3465) Documentation - Expand `vim-plug` installation instructions to offer more explicit options (3468) ``` ### 22.12.0 ``` Preview style - Enforce empty lines before classes and functions with sticky leading comments (3302) - Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (3348) - Implicitly concatenated strings used as function args are now wrapped inside parentheses (3307) - For assignment statements, prefer splitting the right hand side if the left hand side fits on a single line (3368) - Correctly handle trailing commas that are inside a line's leading non-nested parens (3370) Configuration - Fix incorrectly applied `.gitignore` rules by considering the `.gitignore` location and the relative path to the target file (3338) - Fix incorrectly ignoring `.gitignore` presence when more than one source directory is specified (3336) Parser - Parsing support has been added for walruses inside generator expression that are passed as function args (for example, `any(match := my_re.match(text) for text in texts)`) (3327). Integrations - Vim plugin: Optionally allow using the system installation of Black via `let g:black_use_virtualenv = 0`(3309) ``` ### 22.10.0 ``` Highlights - Runtime support for Python 3.6 has been removed. Formatting 3.6 code will still be supported until further notice. Stable style - Fix a crash when ` fmt: on` is used on a different block level than ` fmt: off` (3281) Preview style - Fix a crash when formatting some dicts with parenthesis-wrapped long string keys (3262) Configuration - `.ipynb_checkpoints` directories are now excluded by default (3293) - Add `--skip-source-first-line` / `-x` option to ignore the first line of source code while formatting (3299) Packaging - Executables made with PyInstaller will no longer crash when formatting several files at once on macOS. Native x86-64 executables for macOS are available once again. (3275) - Hatchling is now used as the build backend. This will not have any effect for users who install Black with its wheels from PyPI. (3233) - Faster compiled wheels are now available for CPython 3.11 (3276) _Blackd_ - Windows style (CRLF) newlines will be preserved (3257). Integrations - Vim plugin: add flag (`g:black_preview`) to enable/disable the preview style (3246) - Update GitHub Action to support formatting of Jupyter Notebook files via a `jupyter` option (3282) - Update GitHub Action to support use of version specifiers (e.g. `<23`) for Black version (3265) ```Links
- PyPI: https://pypi.org/project/black - Changelog: https://data.safetycli.com/changelogs/black/Update certifi from 2022.9.24 to 2024.2.2.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/certifi - Repo: https://github.com/certifi/python-certifiUpdate jinja2 from 3.1.2 to 3.1.3.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/jinja2 - Homepage: https://palletsprojects.com/p/jinja/Update pygments from 2.13.0 to 2.17.2.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/pygmentsUpdate requests from 2.28.1 to 2.31.0.
Changelog
### 2.31.0 ``` ------------------- **Security** - Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of `Proxy-Authorization` headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:passproxy:8080), Requests will construct a `Proxy-Authorization` header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the `Proxy-Authorization` header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are *strongly* encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q) and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681). ``` ### 2.30.0 ``` ------------------- **Dependencies** - ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading. Users who wish to stay on urllib3 1.x can pin to `urllib3<2`. ``` ### 2.29.0 ``` ------------------- **Improvements** - Requests now defers chunked requests to the urllib3 implementation to improve standardization. (6226) - Requests relaxes header component requirements to support bytes/str subclasses. (6356) ``` ### 2.28.2 ``` ------------------- **Dependencies** - Requests now supports charset\_normalizer 3.x. (6261) **Bugfixes** - Updated MissingSchema exception to suggest https scheme rather than http. (6188) ```Links
- PyPI: https://pypi.org/project/requests - Changelog: https://data.safetycli.com/changelogs/requests/ - Docs: https://requests.readthedocs.ioUpdate urllib3 from 1.26.11 to 2.2.1.
Changelog
### 2.2.1 ``` 🚀 urllib3 is fundraising for HTTP/2 support [urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul. Thank you for your support. Changes - Fixed issue where `InsecureRequestWarning` was emitted for HTTPS connections when using Emscripten. (3331) - Fixed `HTTPConnectionPool.urlopen` to stop automatically casting non-proxy headers to `HTTPHeaderDict`. This change was premature as it did not apply to proxy headers and `HTTPHeaderDict` does not handle byte header values correctly yet. (3343) - Changed `ProtocolError` to `InvalidChunkLength` when response terminates before the chunk length is sent. (2860) - Changed `ProtocolError` to be more verbose on incomplete reads with excess content. (3261) ``` ### 2.2.0 ``` 🖥️ urllib3 now works in the browser :tada: **This release adds experimental support for [using urllib3 in the browser with Pyodide](https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html)!** :tada: Thanks to Joe Marshall (joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from `http.client`. Please report all bugs to the [urllib3 issue tracker](https://github.com/urllib3/urllib3/issues). 🚀 urllib3 is fundraising for HTTP/2 support [urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul. Thank you for your support. Changes - Added support for [Emscripten and Pyodide](https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html), including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951)) - Added support for `HTTPResponse.read1()` method. ([3186](https://github.com/urllib3/urllib3/issues/3186)) - Added rudimentary support for HTTP/2. ([3284](https://github.com/urllib3/urllib3/issues/3284)) - Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. ([2244](https://github.com/urllib3/urllib3/issues/2244)) - Fixed `HTTPConnection.proxy_is_verified` and `HTTPSConnection.proxy_is_verified` to be always set to a boolean after connecting to a proxy. It could be `None` in some cases previously. ([3130](https://github.com/urllib3/urllib3/issues/3130)) - Fixed an issue where `headers` passed in a request with `json=` would be mutated ([3203](https://github.com/urllib3/urllib3/issues/3203)) - Fixed `HTTPSConnection.is_verified` to be set to `False` when connecting from a HTTPS proxy to an HTTP target. It was set to `True` previously. ([3267](https://github.com/urllib3/urllib3/issues/3267)) - Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([3268](https://github.com/urllib3/urllib3/issues/3268)) - Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([3325](https://github.com/urllib3/urllib3/issues/3325)) Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the `--integration` pytest flag. ([3181](https://github.com/urllib3/urllib3/issues/3181)) ``` ### 2.1.0 ``` Read the [v2 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3. Removals - Removed support for the deprecated urllib3[secure] extra. ([2680](https://github.com/urllib3/urllib3/issues/2680)) - Removed support for the deprecated SecureTransport TLS implementation. ([2681](https://github.com/urllib3/urllib3/issues/2681)) - Removed support for the end-of-life Python 3.7. ([3143](https://github.com/urllib3/urllib3/issues/3143)) Bugfixes - Allowed loading CA certificates from memory for proxies. ([3065](https://github.com/urllib3/urllib3/issues/3065)) - Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding. ([3174](https://github.com/urllib3/urllib3/issues/3174)) ``` ### 2.0.7 ``` * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4) ``` ### 2.0.6 ``` * Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (GHSA-v845-jxx5-vc9f) ``` ### 2.0.5 ``` - Allowed pyOpenSSL third-party module without any deprecation warning. [3126](https://github.com/urllib3/urllib3/issues/3126) - Fixed default ``blocksize`` of ``HTTPConnection`` classes to match high-level classes. Previously was 8KiB, now 16KiB. [3066](https://github.com/urllib3/urllib3/issues/3066>) ``` ### 2.0.4 ``` - Added support for union operators to ``HTTPHeaderDict`` (2254) - Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (3078) - Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client (2757) - Relied on the standard library for checking hostnames in supported PyPy releases (3087) ``` ### 2.0.3 ``` - Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. [3020](https://github.com/urllib3/urllib3/issues/3020) - Deprecated URLs which don't have an explicit scheme [2950](https://github.com/urllib3/urllib3/pull/2950) - Fixed response decoding with Zstandard when compressed data is made of several frames. [3008](https://github.com/urllib3/urllib3/issues/3008) - Fixed ``assert_hostname=False`` to correctly skip hostname check. [3051](https://github.com/urllib3/urllib3/issues/3051) ``` ### 2.0.2 ``` * Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (https://github.com/urllib3/urllib3/issues/3009) ``` ### 2.0.1 ``` - Fixed a socket leak when fingerprint or hostname verifications fail. (2991) - Fixed an error when ``HTTPResponse.read(0)`` was the first ``read`` call or when the internal response body buffer was otherwise empty. (2998) ``` ### 2.0.0 ``` Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3. Removed - Removed support for Python 2.7, 3.5, and 3.6 ([883](https://github.com/urllib3/urllib3/issues/883), [#2336](https://github.com/urllib3/urllib3/issues/2336)). - Removed fallback on certificate `commonName` in `match_hostname()` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName` is used to verify the hostname by default. To enable verifying the hostname against `commonName` use `SSLContext.hostname_checks_common_name = True` ([2113](https://github.com/urllib3/urllib3/issues/2113)). - Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([2168](https://github.com/urllib3/urllib3/issues/2168)). - Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an `ImportError` is raised ([2168](https://github.com/urllib3/urllib3/issues/2168)). - Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([2082](https://github.com/urllib3/urllib3/issues/2082)). - Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment ([2044](https://github.com/urllib3/urllib3/issues/2044)). - Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` ([2086](https://github.com/urllib3/urllib3/issues/2086)). - Removed `urllib3.HTTPResponse.from_httplib` ([2648](https://github.com/urllib3/urllib3/issues/2648)). - Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used ([1897](https://github.com/urllib3/urllib3/issues/1897)). - Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API. This change was made to ensure that `from urllib3 import request` imported the top-level `request()` function instead of the `urllib3.request` module ([2269](https://github.com/urllib3/urllib3/issues/2269)). - Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library ([2233](https://github.com/urllib3/urllib3/issues/2233)). - Removed the deprecated `urllib3.contrib.ntlmpool` module ([2339](https://github.com/urllib3/urllib3/issues/2339)). - Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` ([2168](https://github.com/urllib3/urllib3/issues/2168)). - Removed `urllib3.exceptions.SNIMissingWarning` ([2168](https://github.com/urllib3/urllib3/issues/2168)). - Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` ([1985](https://github.com/urllib3/urllib3/issues/1985)). Deprecated - Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. ([1543](https://github.com/urllib3/urllib3/issues/1543), [#2814](https://github.com/urllib3/urllib3/issues/2814)). - Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 ([2691](https://github.com/urllib3/urllib3/issues/2691)). - Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 ([2692](https://github.com/urllib3/urllib3/issues/2692)). - Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 ([2110](https://github.com/urllib3/urllib3/issues/2110)). - Deprecated the `strict` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 ([2267](https://github.com/urllib3/urllib3/issues/2267)) - Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 ([2271](https://github.com/urllib3/urllib3/issues/2271)). - Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` ([2257](https://github.com/urllib3/urllib3/issues/2257)). - Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 ([2257](https://github.com/urllib3/urllib3/issues/2257)). - Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` ([1985](https://github.com/urllib3/urllib3/issues/1985)). Added - Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance ([2150](https://github.com/urllib3/urllib3/issues/2150)). - Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined. Added support for parsing JSON response bodies with `HTTPResponse.json()` method ([2243](https://github.com/urllib3/urllib3/issues/2243)). - Added type hints to the `urllib3` module ([1897](https://github.com/urllib3/urllib3/issues/1897)). - Added `ssl_minimum_version` and `ssl_maximum_version` options which set `SSLContext.minimum_version` and `SSLContext.maximum_version` ([2110](https://github.com/urllib3/urllib3/issues/2110)). - Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed. Added the `zstd` extra which installs the `zstandard` package ([1992](https://github.com/urllib3/urllib3/issues/1992)). - Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` ([2083](https://github.com/urllib3/urllib3/issues/2083)). - Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool ([2197](https://github.com/urllib3/urllib3/issues/2197)). - Added `HTTPHeaderDict` to the top-level `urllib3` namespace ([2216](https://github.com/urllib3/urllib3/issues/2216)). - Added support for configuring header merging behavior with HTTPHeaderDict When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate header values will be repeated. But if `combine=True` is passed into a call to `HTTPHeaderDict.add`, then the added header value will be merged in with an existing value into a comma-separated list (`X-My-Header: foo, bar`) ([2242](https://github.com/urllib3/urllib3/issues/2242)). - Added `NameResolutionError` exception when a DNS error occurs ([2305](https://github.com/urllib3/urllib3/issues/2305)). - Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` ([2409](https://github.com/urllib3/urllib3/issues/2409)). - Added a configurable `backoff_max` parameter to the `Retry` class. If a custom `backoff_max` is provided to the `Retry` class, it will replace the `Retry.DEFAULT_BACKOFF_MAX` ([2494](https://github.com/urllib3/urllib3/issues/2494)). - Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI ([2520](https://github.com/urllib3/urllib3/issues/2520)). - Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Added optional `backoff_jitter` parameter to `Retry`. ([2952](https://github.com/urllib3/urllib3/issues/2952)) Changed - Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method: - Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). - Never returns more bytes than requested. - Can issue any number of system calls: zero, one or multiple. If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` ([2128](https://github.com/urllib3/urllib3/issues/2128)). - Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` ([2648](https://github.com/urllib3/urllib3/issues/2648)). - Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version` and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed `SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` ([2110](https://github.com/urllib3/urllib3/issues/2110)). - Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 ([2373](https://github.com/urllib3/urllib3/issues/2373)). - Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([2482](https://github.com/urllib3/urllib3/pull/2482)). - Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system ([2168](https://github.com/urllib3/urllib3/issues/2168)). - Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded ([2257](https://github.com/urllib3/urllib3/issues/2257)). - Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` ([2589](https://github.com/urllib3/urllib3/issues/2589)). - Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` ([2515](https://github.com/urllib3/urllib3/issues/2515)). - Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses ([2514](https://github.com/urllib3/urllib3/issues/2514)). - Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance ([2080](https://github.com/urllib3/urllib3/issues/2080)). - Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` ([2628](https://github.com/urllib3/urllib3/issues/2628)). - Changed usage of the deprecated `socket.error` to `OSError` ([2120](https://github.com/urllib3/urllib3/issues/2120)). - Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) ([1985](https://github.com/urllib3/urllib3/issues/1985)). - Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`. - Changed TLS handshakes to use `SSLContext.check_hostname` when possible ([2452](https://github.com/urllib3/urllib3/pull/2452)). - Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` ([2537](https://github.com/urllib3/urllib3/pull/2537)). - Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts ([2348](https://github.com/urllib3/urllib3/pull/2348)). - Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss ([2800](https://github.com/urllib3/urllib3/issues/2800)). Fixed - Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress ([1252](https://github.com/urllib3/urllib3/issues/1252)). - Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used ([2645](https://github.com/urllib3/urllib3/issues/2645)). - Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` ([2118](https://github.com/urllib3/urllib3/issues/2118)). - Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` ([2213](https://github.com/urllib3/urllib3/issues/2213)). - Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature ([2272](https://github.com/urllib3/urllib3/issues/2272)). - Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` ([2277](https://github.com/urllib3/urllib3/issues/2277)). - Fixed a socket leak if `HTTPConnection.connect()` fails ([2571](https://github.com/urllib3/urllib3/pull/2571)). - Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods ([2970](https://github.com/urllib3/urllib3/issues/2970)) ``` ### 2.0.0a4 ``` - Removed the `setup.py` shim, `python setup.py install` will print `[Errno 2] No such file or directory` instead of a warning to use pip ([2975](https://github.com/urllib3/urllib3/issues/2975)) - Added optional `backoff_jitter` parameter to `Retry` ([2952](https://github.com/urllib3/urllib3/issues/2952)) - Fixed URL encoding by removing \'!\' from the \'unreserved\' character set specified in RFC 3986 ([2899](https://github.com/urllib3/urllib3/issues/2899)) - Fixed a sign error in a check for whether a character is in the ASCII range ([2901](https://github.com/urllib3/urllib3/issues/2901)) - Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods ([2970](https://github.com/urllib3/urllib3/issues/2970)) ``` ### 2.0.0a3 ``` **Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.** - Fixed logging error when using `add_stderr_logger` (2839) - Fixed parsing of port 0 (zero) returning None, instead of 0 (2850) - Fixed the type hint of `PoolKey.key_retries` by adding `bool` to the union (2865) ``` ### 2.0.0a2 ``` **Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.** * Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (https://github.com/urllib3/urllib3/issues/2800). * Changed `HTTPResponse.getheaders()` and `.getheader()` to previous behavior in 1.26.x. Instead we are deprecating these methods in favor of `HTTPResponse.headers.items()` and `HTTPResponse.headers.get()`. Both deprecated methods will be removed in v2.1.0 (https://github.com/urllib3/urllib3/issues/2814) * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. (https://github.com/urllib3/urllib3/pull/2806) * Fixed deprecation warning when using cryptography v39.0.0. This fix requires using pyOpenSSL>=17.1.0 and cryptography>=1.9. (https://github.com/urllib3/urllib3/pull/2829) ``` ### 2.0.0a1 ``` **Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3!** Added * Added type hints to the ``urllib3`` module ([1897](https://github.com/urllib3/urllib3/issues/1897)). * Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` ([2110](https://github.com/urllib3/urllib3/issues/2110)). * Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed. Added the ``zstd`` extra which installs the ``zstandard`` package ([1992](https://github.com/urllib3/urllib3/issues/1992)). * Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` ([2083](https://github.com/urllib3/urllib3/issues/2083)). * Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance ([2150](https://github.com/urllib3/urllib3/issues/2150)). * Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool ([2197](https://github.com/urllib3/urllib3/issues/2197)). * Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace ([2216](https://github.com/urllib3/urllib3/issues/2216)). * Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined. Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method ([2243](https://github.com/urllib3/urllib3/issues/2243)). * Added support for configuring header merging behavior with HTTPHeaderDict When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate header values will be repeated. But if ``combine=True`` is passed into a call to ``HTTPHeaderDict.add``, then the added header value will be merged in with an existing value into a comma-separated list (``X-My-Header: foo, bar``) ([2242](https://github.com/urllib3/urllib3/issues/2242)). * Added ``NameResolutionError`` exception when a DNS error occurs ([2305](https://github.com/urllib3/urllib3/issues/2305)). * Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` ([2409](https://github.com/urllib3/urllib3/issues/2409)). * Added a configurable ``backoff_max`` parameter to the ``Retry`` class. If a custom ``backoff_max`` is provided to the ``Retry`` class, it will replace the ``Retry.DEFAULT_BACKOFF_MAX`` ([2494](https://github.com/urllib3/urllib3/issues/2494)). * Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI ([2520](https://github.com/urllib3/urllib3/issues/2520)). * Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to ([1985](https://github.com/urllib3/urllib3/issues/1985)). * Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` ([1985](https://github.com/urllib3/urllib3/issues/1985)). Removed * Removed support for Python 2.7, 3.5, and 3.6 ([883](https://github.com/urllib3/urllib3/issues/883), [#2336](https://github.com/urllib3/urllib3/issues/2336)). * Removed fallback on certificate ``commonName`` in ``match_hostname()`` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName`` is used to verify the hostname by default. To enable verifying the hostname against ``commonName`` use ``SSLContext.hostname_checks_common_name = True`` ([2113](https://github.com/urllib3/urllib3/issues/2113)). * Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([2168](https://github.com/urllib3/urllib3/issues/2168)). * Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ``ImportError`` is raised ([2168](https://github.com/urllib3/urllib3/issues/2168)). * Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([2082](https://github.com/urllib3/urllib3/issues/2082)). * Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment ([2044](https://github.com/urllib3/urllib3/issues/2044)). * Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` ([2086](https://github.com/urllib3/urllib3/issues/2086)). * Removed ``urllib3.HTTPResponse.from_httplib`` ([2648](https://github.com/urllib3/urllib3/issues/2648)). * Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used ([1897](https://github.com/urllib3/urllib3/issues/1897)). * Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API. This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()`` function instead of the ``urllib3.request`` module ([2269](https://github.com/urllib3/urllib3/issues/2269)). * Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library ([2233](https://github.com/urllib3/urllib3/issues/2233)). * Removed the deprecated ``urllib3.contrib.ntlmpool`` module ([2339](https://github.com/urllib3/urllib3/issues/2339)). * Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` ([2168](https://github.com/urllib3/urllib3/issues/2168)). * Removed ``urllib3.exceptions.SNIMissingWarning`` ([2168](https://github.com/urllib3/urllib3/issues/2168)). * Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` ([1985](https://github.com/urllib3/urllib3/issues/1985)). * Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` ([1985](https://github.com/urllib3/urllib3/issues/1985)). Changed * Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method: * Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). * Never returns more bytes than requested. * Can issue any number of system calls: zero, one or multiple. If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` ([2128](https://github.com/urllib3/urllib3/issues/2128)). * Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` values. Regardless of ``ssl_version`` passed ``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` ([2110](https://github.com/urllib3/urllib3/issues/2110)). * Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 ([2373](https://github.com/urllib3/urllib3/issues/2373)). * Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([2482](https://github.com/urllib3/urllib3/pull/2482)). * Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system ([2168](https://github.com/urllib3/urllib3/issues/2168)). * Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded ([2257](https://github.com/urllib3/urllib3/issues/2257)). * Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` ([2648](https://github.com/urllib3/urllib3/issues/2648)). * Changed return type of ``HTTPResponse.getheaders()`` method to return a list of key-value tuples to match CPython ([1543](https://github.com/urllib3/urllib3/issues/1543)). * Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` ([2589](https://github.com/urllib3/urllib3/issues/2589)). * Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` ([2515](https://github.com/urllib3/urllib3/issues/2515)). * Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses ([2514](https://github.com/urllib3/urllib3/issues/2514)). * Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance ([2080](https://github.com/urllib3/urllib3/issues/2080)). * Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` ([2628](https://github.com/urllib3/urllib3/issues/2628)). * Changed usage of the deprecated ``socket.error`` to ``OSError`` ([2120](https://github.com/urllib3/urllib3/issues/2120)). * Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` ([1985](https://github.com/urllib3/urllib3/issues/1985)). * Changed ``urllib3.util.is_connection_dropped()`` to use ``HTTPConnection.is_connected`` ([1985](https://github.com/urllib3/urllib3/issues/1985)). * Changed ``HTTPConnection.g