SekouD / lyricsmaster

LyricsMaster is a library for downloading lyrics from multiple lyrics providers.
https://pypi.python.org/pypi/lyricsmaster
MIT License
22 stars 8 forks source link

Scheduled daily dependency update on Saturday #1816

Closed pyup-bot closed 2 months ago

pyup-bot commented 2 months ago

Update urllib3[secure] from 1.25.2 to 2.2.2.

Changelog ### 2.2.2 ``` ================== - Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``. - Allowed passing negative integers as ``amt`` to read methods of ``http.client.HTTPResponse`` as an alternative to ``None``. (`3122 <https://github.com/urllib3/urllib3/issues/3122>`__) - Fixed return types representing copying actions to use ``typing.Self``. (`3363 <https://github.com/urllib3/urllib3/issues/3363>`__) ``` ### 2.2.1 ``` ================== - Fixed issue where ``InsecureRequestWarning`` was emitted for HTTPS connections when using Emscripten. (`3331 <https://github.com/urllib3/urllib3/issues/3331>`__) - Fixed ``HTTPConnectionPool.urlopen`` to stop automatically casting non-proxy headers to ``HTTPHeaderDict``. This change was premature as it did not apply to proxy headers and ``HTTPHeaderDict`` does not handle byte header values correctly yet. (`3343 <https://github.com/urllib3/urllib3/issues/3343>`__) - Changed ``InvalidChunkLength`` to ``ProtocolError`` when response terminates before the chunk length is sent. (`2860 <https://github.com/urllib3/urllib3/issues/2860>`__) - Changed ``ProtocolError`` to be more verbose on incomplete reads with excess content. (`3261 <https://github.com/urllib3/urllib3/issues/3261>`__) ``` ### 2.2.0 ``` ================== - Added support for `Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>`__, including streaming support in cross-origin isolated browser environments where threading is enabled. (`#2951 <https://github.com/urllib3/urllib3/issues/2951>`__) - Added support for ``HTTPResponse.read1()`` method. (`3186 <https://github.com/urllib3/urllib3/issues/3186>`__) - Added rudimentary support for HTTP/2. (`3284 <https://github.com/urllib3/urllib3/issues/3284>`__) - Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (`2244 <https://github.com/urllib3/urllib3/issues/2244>`__) - Fixed ``HTTPConnection.proxy_is_verified`` and ``HTTPSConnection.proxy_is_verified`` to be always set to a boolean after connecting to a proxy. It could be ``None`` in some cases previously. (`3130 <https://github.com/urllib3/urllib3/issues/3130>`__) - Fixed an issue where ``headers`` passed in a request with ``json=`` would be mutated (`3203 <https://github.com/urllib3/urllib3/issues/3203>`__) - Fixed ``HTTPSConnection.is_verified`` to be set to ``False`` when connecting from a HTTPS proxy to an HTTP target. It was set to ``True`` previously. (`3267 <https://github.com/urllib3/urllib3/issues/3267>`__) - Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (`3268 <https://github.com/urllib3/urllib3/issues/3268>`__) - Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (`3325 <https://github.com/urllib3/urllib3/issues/3325>`__) - Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the ``--integration`` pytest flag. (`3181 <https://github.com/urllib3/urllib3/issues/3181>`__) ``` ### 2.1.0 ``` ================== - Removed support for the deprecated urllib3[secure] extra. (`2680 <https://github.com/urllib3/urllib3/issues/2680>`__) - Removed support for the deprecated SecureTransport TLS implementation. (`2681 <https://github.com/urllib3/urllib3/issues/2681>`__) - Removed support for the end-of-life Python 3.7. (`3143 <https://github.com/urllib3/urllib3/issues/3143>`__) - Allowed loading CA certificates from memory for proxies. (`3065 <https://github.com/urllib3/urllib3/issues/3065>`__) - Fixed decoding Gzip-encoded responses which specified ``x-gzip`` content-encoding. (`3174 <https://github.com/urllib3/urllib3/issues/3174>`__) ``` ### 2.0.7 ``` ================== * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. ``` ### 2.0.6 ``` ================== * Added the ``Cookie`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``. ``` ### 2.0.5 ``` ================== - Allowed pyOpenSSL third-party module without any deprecation warning. (`3126 <https://github.com/urllib3/urllib3/issues/3126>`__) - Fixed default ``blocksize`` of ``HTTPConnection`` classes to match high-level classes. Previously was 8KiB, now 16KiB. (`3066 <https://github.com/urllib3/urllib3/issues/3066>`__) ``` ### 2.0.4 ``` ================== - Added support for union operators to ``HTTPHeaderDict`` (`2254 <https://github.com/urllib3/urllib3/issues/2254>`__) - Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`3078 <https://github.com/urllib3/urllib3/issues/3078>`__) - Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client (`2757 <https://github.com/urllib3/urllib3/issues/2757>`__) - Relied on the standard library for checking hostnames in supported PyPy releases (`3087 <https://github.com/urllib3/urllib3/issues/3087>`__) ``` ### 2.0.3 ``` ================== - Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`3020 <https://github.com/urllib3/urllib3/issues/3020>`__) - Deprecated URLs which don't have an explicit scheme (`2950 <https://github.com/urllib3/urllib3/pull/2950>`_) - Fixed response decoding with Zstandard when compressed data is made of several frames. (`3008 <https://github.com/urllib3/urllib3/issues/3008>`__) - Fixed ``assert_hostname=False`` to correctly skip hostname check. (`3051 <https://github.com/urllib3/urllib3/issues/3051>`__) ``` ### 2.0.2 ``` ================== - Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (`3009 <https://github.com/urllib3/urllib3/issues/3009>`__) ``` ### 2.0.1 ``` ================== - Fixed a socket leak when fingerprint or hostname verifications fail. (`2991 <https://github.com/urllib3/urllib3/issues/2991>`__) - Fixed an error when ``HTTPResponse.read(0)`` was the first ``read`` call or when the internal response body buffer was otherwise empty. (`2998 <https://github.com/urllib3/urllib3/issues/2998>`__) ``` ### 2.0.0 ``` ================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`__ for help upgrading to the latest version of urllib3. Removed ------- * Removed support for Python 2.7, 3.5, and 3.6 (`883 <https://github.com/urllib3/urllib3/issues/883>`__, `#2336 <https://github.com/urllib3/urllib3/issues/2336>`__). * Removed fallback on certificate ``commonName`` in ``match_hostname()`` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName`` is used to verify the hostname by default. To enable verifying the hostname against ``commonName`` use ``SSLContext.hostname_checks_common_name = True`` (`2113 <https://github.com/urllib3/urllib3/issues/2113>`__). * Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ``ImportError`` is raised (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`2082 <https://github.com/urllib3/urllib3/issues/2082>`__). * Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment (`2044 <https://github.com/urllib3/urllib3/issues/2044>`__). * Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` (`2086 <https://github.com/urllib3/urllib3/issues/2086>`__). * Removed ``urllib3.HTTPResponse.from_httplib`` (`2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used (`1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API. This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()`` function instead of the ``urllib3.request`` module (`2269 <https://github.com/urllib3/urllib3/issues/2269>`__). * Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library (`2233 <https://github.com/urllib3/urllib3/issues/2233>`__). * Removed the deprecated ``urllib3.contrib.ntlmpool`` module (`2339 <https://github.com/urllib3/urllib3/issues/2339>`__). * Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed ``urllib3.exceptions.SNIMissingWarning`` (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed the ``strict`` parameter/attribute from ``HTTPConnection``, ``HTTPSConnection``, ``HTTPConnectionPool``, ``HTTPSConnectionPool``, and ``HTTPResponse`` (`2064 <https://github.com/urllib3/urllib3/issues/2064>`__). Deprecated ---------- * Deprecated ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` which will be removed in urllib3 v2.1.0. Instead use ``HTTPResponse.headers`` and ``HTTPResponse.headers.get(name, default)``. (`1543 <https://github.com/urllib3/urllib3/issues/1543>`__, `#2814 <https://github.com/urllib3/urllib3/issues/2814>`__). * Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 (`2691 <https://github.com/urllib3/urllib3/issues/2691>`__). * Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 (`2692 <https://github.com/urllib3/urllib3/issues/2692>`__). * Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Deprecated the ``strict`` parameter of ``PoolManager.connection_from_context()`` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`2267 <https://github.com/urllib3/urllib3/issues/2267>`__) * Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 (`2271 <https://github.com/urllib3/urllib3/issues/2271>`__). * Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Added ----- * Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance (`2150 <https://github.com/urllib3/urllib3/issues/2150>`__). * Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined. Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method (`2243 <https://github.com/urllib3/urllib3/issues/2243>`__). * Added type hints to the ``urllib3`` module (`1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed. Added the ``zstd`` extra which installs the ``zstandard`` package (`1992 <https://github.com/urllib3/urllib3/issues/1992>`__). * Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` (`2083 <https://github.com/urllib3/urllib3/issues/2083>`__). * Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool (`2197 <https://github.com/urllib3/urllib3/issues/2197>`__). * Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace (`2216 <https://github.com/urllib3/urllib3/issues/2216>`__). * Added support for configuring header merging behavior with HTTPHeaderDict When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate header values will be repeated. But if ``combine=True`` is passed into a call to ``HTTPHeaderDict.add``, then the added header value will be merged in with an existing value into a comma-separated list (``X-My-Header: foo, bar``) (`2242 <https://github.com/urllib3/urllib3/issues/2242>`__). * Added ``NameResolutionError`` exception when a DNS error occurs (`2305 <https://github.com/urllib3/urllib3/issues/2305>`__). * Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` (`2409 <https://github.com/urllib3/urllib3/issues/2409>`__). * Added a configurable ``backoff_max`` parameter to the ``Retry`` class. If a custom ``backoff_max`` is provided to the ``Retry`` class, it will replace the ``Retry.DEFAULT_BACKOFF_MAX`` (`2494 <https://github.com/urllib3/urllib3/issues/2494>`__). * Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI (`2520 <https://github.com/urllib3/urllib3/issues/2520>`__). * Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added optional ``backoff_jitter`` parameter to ``Retry``. (`2952 <https://github.com/urllib3/urllib3/issues/2952>`__) Changed ------- * Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method: * Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). * Never returns more bytes than requested. * Can issue any number of system calls: zero, one or multiple. If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` (`2128 <https://github.com/urllib3/urllib3/issues/2128>`__). * Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` (`2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` values. Regardless of ``ssl_version`` passed ``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 (`2373 <https://github.com/urllib3/urllib3/issues/2373>`__). * Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`2482 <https://github.com/urllib3/urllib3/pull/2482>`__). * Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` (`2589 <https://github.com/urllib3/urllib3/issues/2589>`__). * Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` (`2515 <https://github.com/urllib3/urllib3/issues/2515>`__). * Changed ``enforce_content_length`` default to True, preventing silent data loss when reading streamed responses (`2514 <https://github.com/urllib3/urllib3/issues/2514>`__). * Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance (`2080 <https://github.com/urllib3/urllib3/issues/2080>`__). * Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` (`2628 <https://github.com/urllib3/urllib3/issues/2628>`__). * Changed usage of the deprecated ``socket.error`` to ``OSError`` (`2120 <https://github.com/urllib3/urllib3/issues/2120>`__). * Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``. * Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible (`2452 <https://github.com/urllib3/urllib3/pull/2452>`__). * Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` (`2537 <https://github.com/urllib3/urllib3/pull/2537>`__). * Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts (`2348 <https://github.com/urllib3/urllib3/pull/2348>`__). * Changed ``HTTPResponse.read()`` to raise an error when calling with ``decode_content=False`` after using ``decode_content=True`` to prevent data loss (`2800 <https://github.com/urllib3/urllib3/issues/2800>`__). Fixed ----- * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`1252 <https://github.com/urllib3/urllib3/issues/1252>`__). * Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used (`2645 <https://github.com/urllib3/urllib3/issues/2645>`__). * Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` (`2118 <https://github.com/urllib3/urllib3/issues/2118>`__). * Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` (`2213 <https://github.com/urllib3/urllib3/issues/2213>`__). * Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature (`2272 <https://github.com/urllib3/urllib3/issues/2272>`__). * Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` (`2277 <https://github.com/urllib3/urllib3/issues/2277>`__). * Fixed a socket leak if ``HTTPConnection.connect()`` fails (`2571 <https://github.com/urllib3/urllib3/pull/2571>`__). * Fixed ``urllib3.contrib.pyopenssl.WrappedSocket`` and ``urllib3.contrib.securetransport.WrappedSocket`` close methods (`2970 <https://github.com/urllib3/urllib3/issues/2970>`__) ``` ### 1.26.20 ``` ==================== * Fixed a crash where certain standard library hash functions were absent in FIPS-compliant environments. (`3432 <https://github.com/urllib3/urllib3/issues/3432>`__) * Replaced deprecated dash-separated setuptools entries in ``setup.cfg``. (`3461 <https://github.com/urllib3/urllib3/pull/3461>`__) * Took into account macOS setting ``ECONNRESET`` instead of ``EPROTOTYPE`` in its newer versions. (`3416 <https://github.com/urllib3/urllib3/pull/3416>`__) * Backported changes to our tests and CI configuration from v2.x to support testing with CPython 3.12 and 3.13. (`3436 <https://github.com/urllib3/urllib3/pull/3436>`__) ``` ### 1.26.19 ``` ==================== * Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``. * Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. (`3405 <https://github.com/urllib3/urllib3/issues/3405>`__) ``` ### 1.26.18 ``` ==================== * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. ``` ### 1.26.17 ``` ==================== * Added the ``Cookie`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``. (`3139 <https://github.com/urllib3/urllib3/pull/3139>`_) ``` ### 1.26.16 ``` ==================== * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`2954 <https://github.com/urllib3/urllib3/pull/2954>`_) ``` ### 1.26.15 ``` ==================== * Fix socket timeout value when ``HTTPConnection`` is reused (`2645 <https://github.com/urllib3/urllib3/issues/2645>`__) * Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (`2899 <https://github.com/urllib3/urllib3/issues/2899>`__) * Fix IDNA handling of '\x80' byte (`2901 <https://github.com/urllib3/urllib3/issues/2901>`__) ``` ### 1.26.14 ``` ==================== * Fixed parsing of port 0 (zero) returning None, instead of 0. (`2850 <https://github.com/urllib3/urllib3/issues/2850>`__) * Removed deprecated getheaders() calls in contrib module. Fixed the type hint of ``PoolKey.key_retries`` by adding ``bool`` to the union. (`2865 <https://github.com/urllib3/urllib3/issues/2865>`__) ``` ### 1.26.13 ``` ==================== * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods. * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. * Fixed a deprecation warning when using cryptography v39.0.0. * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. ``` ### 1.26.12 ``` ==================== * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_ for justification and info on how to migrate. ``` ### 1.26.11 ``` ==================== * Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would raise an ``OverflowError`` on Python 3.9 and earlier. ``` ### 1.26.10 ``` ==================== * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. ``` ### 1.26.9 ``` =================== * Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``. This change does not impact behavior of urllib3, only which dependencies are installed. * Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception. * Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool`` when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL. ``` ### 1.26.8 ``` =================== * Added extra message to ``urllib3.exceptions.ProxyError`` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. * Added a mention of the size of the connection pool when discarding a connection due to the pool being full. * Added explicit support for Python 3.11. * Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0. * Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname`` to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors. * Fixed absolute imports, all imports are now relative. ``` ### 1.26.7 ``` =================== * Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. (Issue 2400) * Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching. (Issue 2240) ``` ### 1.26.6 ``` =================== * Deprecated the ``urllib3.contrib.ntlmpool`` module. urllib3 is not able to support it properly due to `reasons listed in this issue <https://github.com/urllib3/urllib3/issues/2282>`_. If you are a user of this module please leave a comment. * Changed ``HTTPConnection.request_chunked()`` to not erroneously emit multiple ``Transfer-Encoding`` headers in the case that one is already specified. * Fixed typo in deprecation message to recommend ``Retry.DEFAULT_ALLOWED_METHODS``. ``` ### 1.26.5 ``` =================== * Fixed deprecation warnings emitted in Python 3.10. * Updated vendored ``six`` library to 1.16.0. * Improved performance of URL parser when splitting the authority component. ``` ### 1.26.4 ``` =================== * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. ``` ### 1.26.3 ``` =================== * Fixed bytes and string comparison issue with headers (Pull 2141) * Changed ``ProxySchemeUnknown`` error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull 2107) ``` ### 1.26.2 ``` =================== * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't be imported properly on Python 2.7.8 and earlier (Pull 2052) ``` ### 1.26.1 ``` =================== * Fixed an issue where two ``User-Agent`` headers would be sent if a ``User-Agent`` header key is passed as ``bytes`` (Pull 2047) ``` ### 1.26.0 ``` =================== * **NOTE: urllib3 v2.0 will drop support for Python 2**. `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. * Added support for HTTPS proxies contacting HTTPS servers (Pull 1923, Pull 1806) * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull 2002) **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` (Pull 2000) **Starting in urllib3 v2.0: Deprecated options will be removed** * Added default ``User-Agent`` header to every request (Pull 1750) * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, and ``Host`` headers from being automatically emitted with requests (Pull 2018) * Collapse ``transfer-encoding: chunked`` request data and framing into the same ``socket.send()`` call (Pull 1906) * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull 1894) * Properly terminate SecureTransport connections when CA verification fails (Pull 1977) * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` to SecureTransport (Pull 1903) * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull 1970) * Suppress ``BrokenPipeError`` when writing request body after the server has closed the socket (Pull 1524) * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") into an ``urllib3.exceptions.SSLError`` (Pull 1939) ``` ### 1.25.11 ``` ==================== * Fix retry backoff time parsed from ``Retry-After`` header when given in the HTTP date format. The HTTP date was parsed as the local timezone rather than accounting for the timezone in the HTTP date (typically UTC) (Pull 1932, Pull 1935, Pull 1938, Pull 1949) * Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` environment variable was set to the empty string. Now ``SSLContext.keylog_file`` is not set in this situation (Pull 2016) ``` ### 1.25.10 ``` ==================== * Added support for ``SSLKEYLOGFILE`` environment variable for logging TLS session keys with use with programs like Wireshark for decrypting captured web traffic (Pull 1867) * Fixed loading of SecureTransport libraries on macOS Big Sur due to the new dynamic linker cache (Pull 1905) * Collapse chunked request bodies data and framing into one call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull 1906) * Don't insert ``None`` into ``ConnectionPool`` if the pool was empty when requesting a connection (Pull 1866) * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull 1858) ``` ### 1.25.9 ``` =================== * Added ``InvalidProxyConfigurationWarning`` which is raised when erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently support connecting to HTTPS proxies but will soon be able to and we would like users to migrate properly without much breakage. See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ for more information on how to fix your proxy config. (Pull 1851) * Drain connection after ``PoolManager`` redirect (Pull 1817) * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull 1812) * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull 1805) * Allow the CA certificate data to be passed as a string (Pull 1804) * Raise ``ValueError`` if method contains control characters (Pull 1800) * Add ``__repr__`` to ``Timeout`` (Pull 1795) ``` ### 1.25.8 ``` =================== * Drop support for EOL Python 3.4 (Pull 1774) * Optimize _encode_invalid_chars (Pull 1787) ``` ### 1.25.7 ``` =================== * Preserve ``chunked`` parameter on retries (Pull 1715, Pull 1734) * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull 1704, Issue 1470) * Fix issue where URL fragment was sent within the request target. (Pull 1732) * Fix issue where an empty query section in a URL would fail to parse. (Pull 1732) * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull 1703) ``` ### 1.25.6 ``` =================== * Fix issue where tilde (``~``) characters were incorrectly percent-encoded in the path. (Pull 1692) ``` ### 1.25.5 ``` =================== * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. (Issue 1682) ``` ### 1.25.4 ``` =================== * Propagate Retry-After header settings to subsequent retries. (Pull 1607) * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull 1607) * Remove dependency on ``rfc3986`` for URL parsing. * Fix issue where URLs containing invalid characters within ``Url.auth`` would raise an exception instead of percent-encoding those characters. * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses work well with BufferedReaders and other ``io`` module features. (Pull 1652) * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull 1673) ``` ### 1.25.3 ``` =================== * Change ``HTTPSConnection`` to load system CA certificates when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are unspecified. (Pull 1608, Issue 1603) * Upgrade bundled rfc3986 to v1.3.2. (Pull 1609, Issue 1605) ```
Links - PyPI: https://pypi.org/project/urllib3 - Changelog: https://data.safetycli.com/changelogs/urllib3/

Update gevent from 1.4.0 to 24.2.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/gevent - Changelog: https://data.safetycli.com/changelogs/gevent/ - Homepage: http://www.gevent.org/

Update lxml from 4.3.3 to 5.3.0.

Changelog ### 5.3.0 ``` ================== Features added -------------- * GH421: Nested ``CDATA`` sections are no longer rejected but split on output to represent ``]]>`` correctly. Patch by Gertjan Klein. Bugs fixed ---------- * LP2060160: Attribute values serialised differently in ``xmlfile.element()`` and ``xmlfile.write()``. * LP2058177: The ISO-Schematron implementation could fail on unknown prefixes. Patch by David Lakin. Other changes ------------- * LP2067707: The ``strip_cdata`` option in ``HTMLParser()`` turned out to be useless and is now deprecated. * Binary wheels use the library versions libxml2 2.12.9 and libxslt 1.1.42. * Windows binary wheels use the library versions libxml2 2.11.8 and libxslt 1.1.39. * Built with Cython 3.0.11. ``` ### 5.2.2 ``` ================== Bugs fixed ---------- * GH417: The ``test_feed_parser`` test could fail if ``lxml_html_clean`` was not installed. It is now skipped in that case. * LP2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2. * If libxml2 uses iconv, the compile time version is available as `etree.ICONV_COMPILED_VERSION`. ``` ### 5.2.1 ``` ================== Bugs fixed ---------- * LP2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", but with SSE 4.2 enabled. * LP2059977: ``Element.iterfind("//absolute_path")`` failed with a ``SyntaxError`` where it should have issued a warning. * GH416: The documentation build was using the non-standard ``which`` command. Patch by Michał Górny. ``` ### 5.2.0 ``` ================== Other changes ------------- * LP1958539: The ``lxml.html.clean`` implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library: https://github.com/fedora-python/lxml_html_clean Projects that use lxml without "lxml.html.clean" will not notice any difference, except that they won't have potentially vulnerable code installed. The module is available as an "extra" setuptools dependency "lxml[html_clean]", so that Projects that need "lxml.html.clean" will need to switch their requirements from "lxml" to "lxml[html_clean]", or install the new library themselves. * The minimum CPU architecture for the Linux x86 binary wheels was upgraded to "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added. * Built with Cython 3.0.10. ``` ### 5.1.2 ``` ================== Bugs fixed ---------- * LP2059977: ``Element.iterfind("//absolute_path")`` failed with a ``SyntaxError`` where it should have issued a warning. ``` ### 5.1.1 ``` ================== Bugs fixed ---------- * LP2048920: ``iterlinks()`` in ``lxml.html`` rejected ``bytes`` input in 5.1.0. * High source line numbers from the parser are no longer truncated (up to a C ``long``) when using libxml2 2.11 or later. Other changes ------------- * GH407: A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok. * Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39. * Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39. * Built with Cython 3.0.9. ``` ### 5.1.0 ``` ================== Features added -------------- * Parsing ASCII strings is slightly faster. Bugs fixed ---------- * GH349: The HTML ``Cleaner()`` interpreted an accidentally provided string parameter for the ``host_whitelist`` as list of characters and silently failed to reject any hosts. Passing a non-collection is now rejected. Other changes ------------- * Support for Python 2.7 and Python versions < 3.6 was removed. * The wheel build was migrated to use ``cibuildwheel``. Patch by Primož Godec. ``` ### 5.0.2 ``` ================== Other changes ------------- * GH407: A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok. * Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39. * Built with Cython 3.0.9. ``` ### 5.0.1 ``` ================== Bugs fixed ---------- * LP2046208: Parsing non-BMP Python Unicode strings could fail on macOS. * LP2044225: When incrementally parsing broken HTML, reporting start events on missing structural tags failed and could lead to subsequent exceptions. * LP2045435: Some (not all) issues with stricter C compilers were resolved. * The binary wheels in the 5.0.0 release did not validate cleanly (but installed ok). .. _latest_release: ``` ### 5.0.0 ``` ================== Features added -------------- * Character escaping in ``C14N2`` serialisation now uses a single pass over the text instead of searching for each unescaped character separately. * Early support for Python 3.13a2 was added. Bugs fixed ---------- * LP1976304: The ``Element.addnext()`` method previously inserted the new element before existing tail text. The tail text of both sibling elements now stays on the respective elements. * LP1980767, GH379: ``TreeBuilder.close()`` could fail with a ``TypeError`` after parsing incorrect input. Original patch by Enrico Minack. * ``Element.itertext(with_tail=False)`` returned the tail text of comments and processing instructions, despite the explicit option. * GH370: A crash with recent libxml2 2.11.x versions was resolved. Patch by Michael Schlenker. * A compile problem with recent libxml2 2.12.x versions was resolved. * The internal exception handling in C callbacks was improved for Cython 3.0. * The exception declarations of ``xmlInputReadCallback``, ``xmlInputCloseCallback``, ``xmlOutputWriteCallback`` and ``xmlOutputCloseCallback`` in ``tree.pxd`` were corrected to prevent running Python code or calling into the C-API with a live exception set. * GH385: The long deprecated ``unittest.m̀akeSuite()`` function is no longer used. Patch by Miro Hrončok. * LP1522052: A file-system specific test is now optional and should no longer fail on systems that don't support it. * GH392: Some tests were adapted for libxml2 2.13. Patch by Nick Wellnhofer. * Contains all fixes from lxml 4.9.4. Other changes ------------- * LP1742885: lxml no longer expands external entities (XXE) by default to prevent the security risk of loading arbitrary files and URLs. If this feature is needed, it can be enabled in a backwards compatible way by using a parser with the option ``resolve_entities=True``. The new default is ``resolve_entities='internal'``. * With libxml2 2.10.4 and later (as provided by the lxml 5.0 binary wheels), parsing HTML tags with "prefixes" no longer builds a namespace dictionary in ``nsmap`` but considers the ``prefix:name`` string the actual tag name. With older libxml2 versions, since 2.9.11, the prefix was removed. Before that, the prefix was parsed as XML prefix. lxml 5.0 does not try to hide this difference but now changes the ElementPath implementation to let ``element.find("part1:part2")`` search for the tag ``part1:part2`` in documents parsed as HTML, instead of looking only for ``part2``. * LP2024343: The validation of the schema file itself is now optional in the ISO-Schematron implementation. This was done because some lxml distributions discard the RNG validation schema file due to licensing issues. The validation can now always be disabled with ``Schematron(..., validate_schema=False)``. It is enabled by default if available and disabled otherwise. The module constant ``lxml.isoschematron.schematron_schema_valid_supported`` can be used to detect whether schema file validation is available. * Some redundant and long deprecated methods were removed: ``parser.setElementClassLookup()``, ``xslt_transform.apply()``, ``xpath.evaluate()``. * Some incorrect declarations were removed from ``python.pxd``. In general, this file should not be used by external Cython code. Use the C-API declarations provided by Cython itself instead. * Binary wheels use the library versions libxml2 2.12.3 and libxslt 1.1.39. * Built with Cython 3.0.7, updated to follow recent changes in Cython 3.1-dev. ``` ### 4.9.4 ``` ================== Bugs fixed ---------- * LP2046398: Inserting/replacing an ancestor into a node's children could loop indefinitely. * LP1980767, GH379: ``TreeBuilder.close()`` could fail with a ``TypeError`` after parsing incorrect input. Original patch by Enrico Minack. * LP1522052: A file-system specific test is now optional and should no longer fail on systems that don't support it. Other changes ------------- * Wheels include zlib 1.3, libxml2 2.10.3 and libxslt 1.1.39 (zlib 1.2.12, libxml2 2.10.3 and libxslt 1.1.37 on Windows). * Built with Cython 0.29.37. ``` ### 4.9.3 ``` ================== Bugs fixed ---------- * LP2008911: ``lxml.objectify`` accepted non-decimal numbers like ``²²²`` as integers. * A memory leak in ``lxml.html.clean`` was resolved by switching to Cython 0.29.34+. * GH348: URL checking in the HTML cleaner was improved. Patch by Tim McCormack. * GH371, GH373: Some regex strings were changed to raw strings to fix Python warnings. Patches by Jakub Wilk and Anthony Sottile. Other changes ------------- * Wheels include zlib 1.2.13, libxml2 2.10.3 and libxslt 1.1.38 (zlib 1.2.12, libxml2 2.10.3 and libxslt 1.1.37 on Windows). * Built with Cython 0.29.36 to adapt to changes in Python 3.12. ``` ### 4.9.2 ``` ================== Bugs fixed ---------- * CVE-2022-2309: A Bug in libxml2 2.9.1[0-4] could let namespace declarations from a failed parser run leak into later parser runs. This bug was worked around in lxml and resolved in libxml2 2.10.0. https://gitlab.gnome.org/GNOME/libxml2/-/issues/378 Other changes ------------- * LP1981760: ``Element.attrib`` now registers as ``collections.abc.MutableMapping``. * lxml now has a static build setup for macOS on ARM64 machines (not used for building wheels). Patch by Quentin Leffray. ``` ### 4.9.1 ``` ================== Bugs fixed ---------- * A crash was resolved when using ``iterwalk()`` (or ``canonicalize()``) after parsing certain incorrect input. Note that ``iterwalk()`` can crash on *valid* input parsed with the same parser *after* failing to parse the incorrect input. ``` ### 4.9.0 ``` ================== Bugs fixed ---------- * GH341: The mixin inheritance order in ``lxml.html`` was corrected. Patch by xmo-odoo. Other changes ------------- * Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12. * Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows). * GH343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower. ``` ### 4.8.0 ``` ================== Features added -------------- * GH337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen. * The ``ElementMaker`` now supports ``QName`` values as tags, which always override the default namespace of the factory. Bugs fixed ---------- * GH338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively. Patch by Tobias Deiminger. Other changes ------------- * Built with Cython 0.29.28. ``` ### 4.7.1 ``` ================== Features added -------------- * Chunked Unicode string parsing via ``parser.feed()`` now encodes the input data to the native UTF-8 encoding directly, instead of going through ``Py_UNICODE`` / ``wchar_t`` encoding first, which previously required duplicate recoding in most cases. Bugs fixed ---------- * The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/lxmlpython.org/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/ * ``lxml.objectify`` previously accepted non-XML numbers with underscores (like "1_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again. * LP1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt). Other changes ------------- * Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows). ``` ### 4.7.0 ``` ================== * Release retracted due to missing files in lxml/includes/. ``` ### 4.6.5 ``` ================== Bugs fixed ---------- * A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images (CVE-2021-43818). * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs (CVE-2021-43818). ``` ### 4.6.4 ``` ================== Features added -------------- * GH317: A new property ``system_url`` was added to DTD entities. Patch by Thirdegree. * GH314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars. Patch by Isaac Jurado. ``` ### 4.6.3 ``` ================== Bugs fixed ---------- * A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 ``formaction`` attribute. ``` ### 4.6.2 ``` ================== Bugs fixed ---------- * A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. ``` ### 4.6.1 ``` ================== Bugs fixed ---------- * A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. ``` ### 4.6.0 ``` ================== Features added -------------- * GH310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields. Patch by Aidan Woolley. * ``lxml.html.InputGetter`` has a new ``.items()`` method to ease processing all input fields. * ``lxml.html.InputGetter.keys()`` now returns the field names in document order. * GH-309: The API documentation is now generated using ``sphinx-apidoc``. Patch by Chris Mayo. Bugs fixed ---------- * LP1869455: C14N 2.0 serialisation failed for unprefixed attributes when a default namespace was defined. * ``TreeBuilder.close()`` raised ``AssertionError`` in some error cases where it should have raised ``XMLSyntaxError``. It now raises a combined exception to keep up backwards compatibility, while switching to ``XMLSyntaxError`` as an interface. ``` ### 4.5.2 ``` ================== Bugs fixed ---------- * ``Cleaner()`` now validates that only known configuration options can be set. * LP1882606: ``Cleaner.clean_html()`` discarded comments and PIs regardless of the corresponding configuration option, if ``remove_unknown_tags`` was set. * LP1880251: Instead of globally overwriting the document loader in libxml2, lxml now sets it per parser run, which improves the interoperability with other users of libxml2 such as libxmlsec. * LP1881960: Fix build in CPython 3.10 by using Cython 0.29.21. * The setup options "--with-xml2-config" and "--with-xslt-config" were accidentally renamed to "--xml2-config" and "--xslt-config" in 4.5.1 and are now available again. ``` ### 4.5.1 ``` ================== Bugs fixed ---------- * LP1570388: Fix failures when serialising documents larger than 2GB in some cases. * LP1865141, GH298: ``QName`` values were not accepted by the ``el.iter()`` method. Patch by xmo-odoo. * LP1863413, GH297: The build failed to detect libraries on Linux that are only configured via pkg-config. Patch by Hugh McMaster. ``` ### 4.5.0 ``` ================== Features added -------------- * A new function ``indent()`` was added to insert tail whitespace for pretty-printing an XML tree. Bugs fixed ---------- * LP1857794: Tail text of nodes that get removed from a document using item deletion disappeared silently instead of sticking with the node that was removed. Other changes ------------- * MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS explicitly to override it. * Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34. * LP1840234: The package version number is now available as ``lxml.__version__``. ``` ### 4.4.3 ``` ================== Bugs fixed ---------- * LP1844674: ``itertext()`` was missing tail text of comments and PIs since 4.4.0. ``` ### 4.4.2 ``` ================== Bugs fixed ---------- * LP1835708: ``ElementInclude`` incorrectly rejected repeated non-recursive includes as recursive. Patch by Rainer Hausdorf. ``` ### 4.4.1 ``` ================== Bugs fixed ---------- * LP1838252: The order of an OrderedDict was lost in 4.4.0 when passing it as attrib mapping during element creation. * LP1838521: The package metadata now lists the supported Python versions. ``` ### 4.4.0 ``` ================== Features added -------------- * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to clear everything but the tail text. This is helpful in some document-style use cases and for clearing the current element in ``iterparse()`` and pull parsing. * When creating attributes or namespaces from a dict in Python 3.6+, lxml now preserves the original insertion order of that dict, instead of always sorting the items by name. A similar change was made for ElementTree in CPython 3.8. See https://bugs.python.org/issue34160 * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method. * GH269: Read-only elements in XSLT were missing the ``nsmap`` property. Original patch by Jan Pazdziora. * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth`` argument to prevent content explosion. It is limited to 6 by default. * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()`` callback methods to listen to namespace declarations. * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to pass factories for creating comments and processing instructions, as well as flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the tree when set to false. * A `C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>`_ implementation was added as ``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and a ``c14n2`` serialisation method. Bugs fixed ---------- * When writing to file paths that contain the URL escape character '%', the file path could wrongly be mangled by URL unescaping and thus write to a different file or directory. Code that writes to file paths that are provided by untrusted sources, but that must work with previous versions of lxml, should best either reject paths that contain '%' characters, or otherwise make sure that the path does not contain maliciously injected '%XX' URL hex escapes for paths like '../'. * Assigning to Element child slices with negative step could insert the slice at the wrong position, starting too far on the left. * Assigning to Element child slices with overly large step size could take very long, regardless of the length of the actual slice. * Assigning to Element child slices of the wrong size could sometimes fail to raise a ValueError (like a list assignment would) and instead assign outside of the original slice bounds or leave parts of it unreplaced. * The ``comment`` and ``pi`` events in ``iterwalk()`` were never triggered, and instead, comments and processing instructions in the tree were reported as ``start`` elements. Also, when walking an ElementTree (as opposed to its root element), comments and PIs outside of the root element are now reported. * LP1827833: The RelaxNG compact syntax support was broken with recent versions of ``rnc2rng``. * LP1758553: The HTML elements ``source`` and ``track`` were added to the list of empty tags in ``lxml.html.defs``. * Registering a prefix other than "xml" for the XML namespace is now rejected. * Failing to write XSLT output to a file could raise a misleading exception. It now raises ``IOError``. Other changes ------------- * Support for Python 3.4 was removed. * When using ``Element.find*()`` with prefix-namespace mappings, the empty string is now accepted to define a default namespace, in addition to the previously supported ``None`` prefix. Empty strings are more convenient since they keep all prefix keys in a namespace dict strings, which simplifies sorting etc. * The ``ElementTree.write_c14n()`` method has been deprecated in favour of the long preferred ``ElementTree.write(f, method="c14n")``. It will be removed in a future release. ``` ### 4.3.5 ``` ================== * Rebuilt with Cython 0.29.13 to support Python 3.8. ``` ### 4.3.4 ``` ================== * Rebuilt with Cython 0.29.10 to support Python 3.8. ```
Links - PyPI: https://pypi.org/project/lxml - Changelog: https://data.safetycli.com/changelogs/lxml/ - Homepage: https://lxml.de/

Update click from 7.0 to 8.1.7.

Changelog ### 8.1.7 ``` ------------- Released 2023-08-17 - Fix issue with regex flags in shell completion. :issue:`2581` - Bash version detection issues a warning instead of an error. :issue:`2574` - Fix issue with completion script for Fish shell. :issue:`2567` ``` ### 8.1.6 ``` ------------- Released 2023-07-18 - Fix an issue with type hints for ``click.group()``. :issue:`2558` ``` ### 8.1.5 ``` ------------- Released 2023-07-13 - Fix an issue with type hints for ``click.command()``, ``click.option()``, and other decorators. Introduce typing tests. :issue:`2558` ``` ### 8.1.4 ``` ------------- Released 2023-07-06 - Replace all ``typing.Dict`` occurrences to ``typing.MutableMapping`` for parameter hints. :issue:`2255` - Improve type hinting for decorators and give all generic types parameters. :issue:`2398` - Fix return value and type signature of `shell_completion.add_completion_class` function. :pr:`2421` - Bash version detection doesn't fail on Windows. :issue:`2461` - Completion works if there is a dot (``.``) in the program name. :issue:`2166` - Improve type annotations for pyright type checker. :issue:`2268` - Improve responsiveness of ``click.clear()``. :issue:`2284` - Improve command name detection when using Shiv or PEX. :issue:`2332` - Avoid showing empty lines if command help text is empty. :issue:`2368` - ZSH completion script works when loaded from ``fpath``. :issue:`2344`. - ``EOFError`` and ``KeyboardInterrupt`` tracebacks are not suppressed when ``standalone_mode`` is disabled. :issue:`2380` - ``group.command`` does not fail if the group was created with a custom ``command_class``. :issue:`2416` - ``multiple=True`` is allowed for flag options again and does not require setting ``default=()``. :issue:`2246, 2292, 2295` - Make the decorators returned by ``argument()`` and ``option()`` reusable when the ``cls`` parameter is used. :issue:`2294` - Don't fail when writing filenames to streams with strict errors. Replace invalid bytes with the replacement character (``�``). :issue:`2395` - Remove unnecessary attempt to detect MSYS2 environment. :issue:`2355` - Remove outdated and unnecessary detection of App Engine environment. :pr:`2554` - ``echo()`` does not fail when no streams are attached, such as with ``pythonw`` on Windows. :issue:`2415` - Argument with ``expose_value=False`` do not cause completion to fail. :issue:`2336` ``` ### 8.1.3 ``` ------------- Released 2022-04-28 - Use verbose form of ``typing.Callable`` for ``command`` and ``group``. :issue:`2255` - Show error when attempting to create an option with ``multiple=True, is_flag=True``. Use ``count`` instead. :issue:`2246` ``` ### 8.1.2 ``` ------------- Released 2022-03-31 - Fix error message for readable path check that was mixed up with the executable check. :pr:`2236` - Restore parameter order for ``Path``, placing the ``executable`` parameter at the end. It is recommended to use keyword arguments instead of positional arguments. :issue:`2235` ``` ### 8.1.1 ``` ------------- Released 2022-03-30 - Fix an issue with decorator typing that caused type checking to report that a command was not callable. :issue:`2227` ``` ### 8.1.0 ``` ------------- Released 2022-03-28 - Drop support for Python 3.6. :pr:`2129` - Remove previously deprecated code. :pr:`2130` - ``Group.resultcallback`` is renamed to ``result_callback``. - ``autocompletion`` parameter to ``Command`` is renamed to ``shell_complete``. - ``get_terminal_size`` is removed, use ``shutil.get_terminal_size`` instead. - ``get_os_args`` is removed, use ``sys.argv[1:]`` instead. - Rely on :pep:`538` and :pep:`540` to handle selecting UTF-8 encoding instead of ASCII. Click's locale encoding detection is removed. :issue:`2198` - Single options boolean flags with ``show_default=True`` only show the default if it is ``True``. :issue:`1971` - The ``command`` and ``group`` decorators can be applied with or without parentheses. :issue:`1359` - The ``Path`` type can check whether the target is executable. :issue:`1961` - ``Command.show_default`` overrides ``Context.show_default``, instead of the other way around. :issue:`1963` - Parameter decorators and ``group`` handles ``cls=None`` the same as not passing ``cls``. ``option`` handles ``help=None`` the same as not passing ``help``. :issue:`1959` - A flag option with ``required=True`` requires that the flag is passed instead of choosing the implicit default value. :issue:`1978` - Indentation in help text passed to ``Option`` and ``Command`` is cleaned the same as using the ``option`` and ``command`` decorators does. A command's ``epilog`` and ``short_help`` are also processed. :issue:`1985` - Store unprocessed ``Command.help``, ``epilog`` and ``short_help`` strings. Processing is only done when formatting help text for output. :issue:`2149` - Allow empty str input for ``prompt()`` when ``confirmation_prompt=True`` and ``default=""``. :issue:`2157` - Windows glob pattern expansion doesn't fail if a value is an invalid pattern. :issue:`2195` - It's possible to pass a list of ``params`` to ``command``. Any params defined with decorators are appended to the passed params. :issue:`2131`. - ``command`` decorator is annotated as returning the correct type if a ``cls`` argument is used. :issue:`2211` - A ``Group`` with ``invoke_without_command=True`` and ``chain=False`` will invoke its result callback with the group function's return value. :issue:`2124` - ``to_info_dict`` will not fail if a ``ParamType`` doesn't define a ``name``. :issue:`2168` - Shell completion prioritize
pyup-bot commented 2 months ago

Closing this in favor of #1817