Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).
Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.
There is a single change since 4.12.0rc1:
Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and
3.9 that meant that
isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a
different result in some situations depending on whether or not a profiling
function had been set using sys.setprofile. Patch by Alex Waygood.
Changes included in 4.12.0rc1:
Improve the implementation of type parameter defaults (PEP 696)
Backport the typing.NoDefault sentinel object from Python 3.13.
TypeVars, ParamSpecs and TypeVarTuples without default values now have
their __default__ attribute set to this sentinel value.
TypeVars, ParamSpecs and TypeVarTuples now have a has_default()
method, matching typing.TypeVar, typing.ParamSpec and
typing.TypeVarTuple on Python 3.13+.
TypeVars, ParamSpecs and TypeVarTuples with default=None passed to
their constructors now have their __default__ attribute set to None
at runtime rather than types.NoneType.
Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python
3.13.0b1 and newer.
Backport CPython PR #118774,
allowing type parameters without default values to follow those with
default values in some type parameter lists. Patch by Alex Waygood,
backporting a CPython PR by Jelle Zijlstra.
It is now disallowed to use a TypeVar with a default value after a
TypeVarTuple in a type parameter list. This matches the CPython
implementation of PEP 696 on Python 3.13+.
Fix bug in PEP-696 implementation where a default value for a ParamSpec
would be cast to a tuple if a list was provided.
Patch by Alex Waygood.
Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
__static_attributes__ attribute to all classes in Python,
which broke some assumptions made by the implementation of
typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new
__firstlineno__ attribute to all classes.
Fix AttributeError when using typing_extensions.runtime_checkable
in combination with typing.Protocol on Python 3.12.2 or newer.
Patch by Alex Waygood.
At runtime, assert_never now includes the repr of the argument
This release is mostly the same as 4.12.0rc1 but fixes one more
longstanding bug.
Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and
3.9 that meant that
isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a
different result in some situations depending on whether or not a profiling
function had been set using sys.setprofile. Patch by Alex Waygood.
Release 4.12.0rc1 (May 16, 2024)
This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).
Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.
Full changelog:
Improve the implementation of type parameter defaults (PEP 696)
Backport the typing.NoDefault sentinel object from Python 3.13.
TypeVars, ParamSpecs and TypeVarTuples without default values now have
their __default__ attribute set to this sentinel value.
TypeVars, ParamSpecs and TypeVarTuples now have a has_default()
method, matching typing.TypeVar, typing.ParamSpec and
typing.TypeVarTuple on Python 3.13+.
TypeVars, ParamSpecs and TypeVarTuples with default=None passed to
their constructors now have their __default__ attribute set to None
at runtime rather than types.NoneType.
Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python
3.13.0b1 and newer.
Backport CPython PR #118774,
allowing type parameters without default values to follow those with
default values in some type parameter lists. Patch by Alex Waygood,
backporting a CPython PR by Jelle Zijlstra.
It is now disallowed to use a TypeVar with a default value after a
TypeVarTuple in a type parameter list. This matches the CPython
implementation of PEP 696 on Python 3.13+.
Fix bug in PEP-696 implementation where a default value for a ParamSpec
would be cast to a tuple if a list was provided.
Patch by Alex Waygood.
Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
__static_attributes__ attribute to all classes in Python,
which broke some assumptions made by the implementation of
typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new
__firstlineno__ attribute to all classes.
Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.
Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791. Thanks to Daniel Diniz for helping to diagnose the problem.
Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779. This is now fixed.
Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.
In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz.
Python 3.13.0b1 is supported.
Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe. Closes issue 1787.
Performance improvements for combining data files, especially when measuring
line coverage. A few different quadratic behaviors were eliminated. In one
extreme case of combining 700+ data files, the time dropped from more than
three hours to seven minutes. Thanks for Kraken Tech for funding the fix.
Performance improvements for generating HTML reports, with a side benefit of
reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for
helping to diagnose the problem.
Fix: nested matches of exclude patterns could exclude too much code, as
reported in issue 1779_. This is now fixed.
Changed: previously, coverage.py would consider a module docstring to be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never counted
as executable statements. This can change coverage.py's count of the number
of statements in a file, which can slightly change the coverage percentage
reported.
In the HTML report, the filter term and "hide covered" checkbox settings are
remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.
Python 3.13.0b1 is supported.
Fix: parsing error handling is improved to ensure bizarre source files are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.
#12334: Support for Python 3.13 (beta1 at the time of writing).
Bug Fixes
#12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
#12191: Keyboard interrupts and system exits are now properly handled during the test collection.
#12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
#12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.
Trivial/Internal Changes
#12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.
Silence deprecation warnings about unclosed event loops that occurred with certain CPython patch releases #817
Known issues
As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the minor-and-patch group with 10 updates:
0.6.00.7.01.1.11.1.22.7.12.7.22.18.22.18.32.32.02.32.34.11.04.12.07.5.17.5.34.2.14.2.28.2.08.2.10.23.60.23.7Updates
annotated-typesfrom 0.6.0 to 0.7.0Release notes
Sourced from annotated-types's releases.
Commits
0735cd3Prepare for 0.7.0 release (#70)0757d41Improve handling of GroupedMetadata (First try) (#69)99dbac8AddUnittype (#65)89e3d2eFix IsDigit -> IsDigits (#63)59a50d1Correct misstatement in README (#62)6693037suggested fix on typo (#60)195e340add URLs topyproject.toml(#58)657ded9Allowtzinfoobjects forTimezone(#56)Updates
createrepo-cfrom 1.1.1 to 1.1.2Updates
pydanticfrom 2.7.1 to 2.7.2Release notes
Sourced from pydantic's releases.
Changelog
Sourced from pydantic's changelog.
Commits
70ac7a0fix version08d6ed2Merge branch '2.7' of https://github.com/pydantic/pydantic into 2.742f544afix versiona20da212.7.2 prep (#9515)f42ae9bLogfire annoucement (#9362)451f780Replace__spec__.parentwith__package__(#9331)Updates
pydantic-corefrom 2.18.2 to 2.18.3Release notes
Sourced from pydantic-core's releases.
Commits
fd26293tests: use zoneinfo instead of pytz (#1304)5228721Prep for 2.18.3 Release (#1301)a762041Fix generate_self_schema for Python 3.12+ (#1299)0dcf82aadd test for 1298 (#1300)88a8a30fix case of checking truthiness ofNotImplemented(#1298)2415f42uuid: allow str subclass as input (#1296)f04418bsupport big ints in literals and enums (#1297)727deeeFix str subclass validation for enums (#1273)b777774fix: keyword only non default argument (#1290)0f8445edefer to PyO3 i64 extraction to avoid implicit integer casts (#1288)Updates
requestsfrom 2.32.0 to 2.32.3Release notes
Sourced from requests's releases.
Changelog
Sourced from requests's changelog.
Commits
0e322afv2.32.3e188799Don't create default SSLContext if ssl module isn't present (#6724)145b539Merge pull request #6716 from sigmavirus24/bug/6715b1d73ddDon't use default SSLContext with custom poolmanager kwargs6badbacUpdate HISTORY.mda62a2d3Allow for overriding of specific pool key params88dce9dv2.32.2c98e4d1Merge pull request #6710 from nateprewitt/api_rename92075b3Add deprecation warningaa1461bMove _get_connection to get_connection_with_tls_contextUpdates
typing-extensionsfrom 4.11.0 to 4.12.0Release notes
Sourced from typing-extensions's releases.
... (truncated)
Changelog
Sourced from typing-extensions's changelog.
... (truncated)
Commits
f90a8dcPrepare release 4.12.0 (#408)118e1a6Make sureisinstance(typing_extensions.ParamSpec("P"), typing.TypeVar)is u...910141aAdd security documentation (#403)0dbc7c9Prepare release 4.12.0rc1 (#402)1da5d3dUpdate actions/setup-python (#401)72298f04.12.0a2 (#400)465ba78Fix publish workflow (#399)21fde1fPrepare releaes 4.12.0a1 (#398)63d8277Add workflow for Trusted Publishing (#395)074d053Backport PEP-696 specialisation on Python >=3.11.1 (#397)Updates
coverage[toml]from 7.5.1 to 7.5.3Release notes
Sourced from coverage[toml]'s releases.
Changelog
Sourced from coverage[toml]'s changelog.
Commits
f310d7edocs: sample HTML for 7.5.3a51d52fdocs: prep for 7.5.3b666f3aperf: it's faster in all versions if we don't cache tokenize #1791a2b4929docs: changelog entry forcombineperformance improvementsb9aff50perf: don't read full line_bits table each timec45ebacperf: cache alias mapping390cb97perf: avoid quadratic behavior when combining line coveraged3caf53docs(build): tweaks to howto909e887build: bump version242adeabuild: don't claim pre-alpha-1 in classifiersUpdates
platformdirsfrom 4.2.1 to 4.2.2Release notes
Sourced from platformdirs's releases.
Commits
5ec69d8Fix android detection when python4android is present (#277)dbf360f[pre-commit.ci] pre-commit autoupdate (#280)b318012[pre-commit.ci] pre-commit autoupdate (#279)120a441[pre-commit.ci] pre-commit autoupdate (#278)Updates
pytestfrom 8.2.0 to 8.2.1Release notes
Sourced from pytest's releases.
Commits
66ff8dfPrepare release version 8.2.13ffcfd1Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x0b28313[8.2.x] Add Python 3.13 (beta) supportf3dd93a[8.2.x] Attest package provenance (#12335)bb5a125[8.2.x] Spelling (#12331)f179bf2Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x2b671b5[8.2.x] cacheprovider: fix.pytest_cachenot being world-readable65ab7cbMerge pull request #12324 from pytest-dev/backport-12320-to-8.2.x4d5fb7dMerge pull request #12319 from pytest-dev/backport-12311-to-8.2.xcbe5996[8.2.x] changelog: document unittest 8.2 change as breakingUpdates
pytest-asynciofrom 0.23.6 to 0.23.7Release notes
Sourced from pytest-asyncio's releases.
Commits
eb63d5adocs: Prepared for release of v0.23.7.da04a7aBuild(deps): Bump exceptiongroup in /dependencies/default00c667aBuild(deps): Bump pytest from 8.1.1 to 8.2.0 in /dependencies/default3bd9cd8[docs] Add changelog entry.15544f0Revert GitHub Actions and Tox changes.6316b28Deduplicate simplefilter snippet.3ffdfc5asyncio.run(port_afinalizer())0107fd7Remove extra space.3bf700aFix GH Action mapping.d15dc31Fix 3109/3108 typo.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show