Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).
Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.
There is a single change since 4.12.0rc1:
Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and
3.9 that meant that
isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a
different result in some situations depending on whether or not a profiling
function had been set using sys.setprofile. Patch by Alex Waygood.
Changes included in 4.12.0rc1:
Improve the implementation of type parameter defaults (PEP 696)
Backport the typing.NoDefault sentinel object from Python 3.13.
TypeVars, ParamSpecs and TypeVarTuples without default values now have
their __default__ attribute set to this sentinel value.
TypeVars, ParamSpecs and TypeVarTuples now have a has_default()
method, matching typing.TypeVar, typing.ParamSpec and
typing.TypeVarTuple on Python 3.13+.
TypeVars, ParamSpecs and TypeVarTuples with default=None passed to
their constructors now have their __default__ attribute set to None
at runtime rather than types.NoneType.
Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python
3.13.0b1 and newer.
Backport CPython PR #118774,
allowing type parameters without default values to follow those with
default values in some type parameter lists. Patch by Alex Waygood,
backporting a CPython PR by Jelle Zijlstra.
It is now disallowed to use a TypeVar with a default value after a
TypeVarTuple in a type parameter list. This matches the CPython
implementation of PEP 696 on Python 3.13+.
Fix bug in PEP-696 implementation where a default value for a ParamSpec
would be cast to a tuple if a list was provided.
Patch by Alex Waygood.
Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
__static_attributes__ attribute to all classes in Python,
which broke some assumptions made by the implementation of
typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new
__firstlineno__ attribute to all classes.
Fix AttributeError when using typing_extensions.runtime_checkable
in combination with typing.Protocol on Python 3.12.2 or newer.
Patch by Alex Waygood.
At runtime, assert_never now includes the repr of the argument
This release is mostly the same as 4.12.0rc1 but fixes one more
longstanding bug.
Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and
3.9 that meant that
isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a
different result in some situations depending on whether or not a profiling
function had been set using sys.setprofile. Patch by Alex Waygood.
Release 4.12.0rc1 (May 16, 2024)
This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).
Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.
Full changelog:
Improve the implementation of type parameter defaults (PEP 696)
Backport the typing.NoDefault sentinel object from Python 3.13.
TypeVars, ParamSpecs and TypeVarTuples without default values now have
their __default__ attribute set to this sentinel value.
TypeVars, ParamSpecs and TypeVarTuples now have a has_default()
method, matching typing.TypeVar, typing.ParamSpec and
typing.TypeVarTuple on Python 3.13+.
TypeVars, ParamSpecs and TypeVarTuples with default=None passed to
their constructors now have their __default__ attribute set to None
at runtime rather than types.NoneType.
Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python
3.13.0b1 and newer.
Backport CPython PR #118774,
allowing type parameters without default values to follow those with
default values in some type parameter lists. Patch by Alex Waygood,
backporting a CPython PR by Jelle Zijlstra.
It is now disallowed to use a TypeVar with a default value after a
TypeVarTuple in a type parameter list. This matches the CPython
implementation of PEP 696 on Python 3.13+.
Fix bug in PEP-696 implementation where a default value for a ParamSpec
would be cast to a tuple if a list was provided.
Patch by Alex Waygood.
Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
__static_attributes__ attribute to all classes in Python,
which broke some assumptions made by the implementation of
typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new
__firstlineno__ attribute to all classes.
Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.
Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791. Thanks to Daniel Diniz for helping to diagnose the problem.
Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779. This is now fixed.
Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.
In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz.
Python 3.13.0b1 is supported.
Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe. Closes issue 1787.
Performance improvements for combining data files, especially when measuring
line coverage. A few different quadratic behaviors were eliminated. In one
extreme case of combining 700+ data files, the time dropped from more than
three hours to seven minutes. Thanks for Kraken Tech for funding the fix.
Performance improvements for generating HTML reports, with a side benefit of
reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for
helping to diagnose the problem.
Fix: nested matches of exclude patterns could exclude too much code, as
reported in issue 1779_. This is now fixed.
Changed: previously, coverage.py would consider a module docstring to be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never counted
as executable statements. This can change coverage.py's count of the number
of statements in a file, which can slightly change the coverage percentage
reported.
In the HTML report, the filter term and "hide covered" checkbox settings are
remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.
Python 3.13.0b1 is supported.
Fix: parsing error handling is improved to ensure bizarre source files are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.
#12334: Support for Python 3.13 (beta1 at the time of writing).
Bug Fixes
#12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
#12191: Keyboard interrupts and system exits are now properly handled during the test collection.
#12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
#12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.
Trivial/Internal Changes
#12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.
Silence deprecation warnings about unclosed event loops that occurred with certain CPython patch releases #817
Known issues
As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the minor-and-patch group with 10 updates:
0.6.0
0.7.0
1.1.1
1.1.2
2.7.1
2.7.2
2.18.2
2.18.3
2.32.0
2.32.3
4.11.0
4.12.0
7.5.1
7.5.3
4.2.1
4.2.2
8.2.0
8.2.1
0.23.6
0.23.7
Updates
annotated-types
from 0.6.0 to 0.7.0Release notes
Sourced from annotated-types's releases.
Commits
0735cd3
Prepare for 0.7.0 release (#70)0757d41
Improve handling of GroupedMetadata (First try) (#69)99dbac8
AddUnit
type (#65)89e3d2e
Fix IsDigit -> IsDigits (#63)59a50d1
Correct misstatement in README (#62)6693037
suggested fix on typo (#60)195e340
add URLs topyproject.toml
(#58)657ded9
Allowtzinfo
objects forTimezone
(#56)Updates
createrepo-c
from 1.1.1 to 1.1.2Updates
pydantic
from 2.7.1 to 2.7.2Release notes
Sourced from pydantic's releases.
Changelog
Sourced from pydantic's changelog.
Commits
70ac7a0
fix version08d6ed2
Merge branch '2.7' of https://github.com/pydantic/pydantic into 2.742f544a
fix versiona20da21
2.7.2 prep (#9515)f42ae9b
Logfire annoucement (#9362)451f780
Replace__spec__.parent
with__package__
(#9331)Updates
pydantic-core
from 2.18.2 to 2.18.3Release notes
Sourced from pydantic-core's releases.
Commits
fd26293
tests: use zoneinfo instead of pytz (#1304)5228721
Prep for 2.18.3 Release (#1301)a762041
Fix generate_self_schema for Python 3.12+ (#1299)0dcf82a
add test for 1298 (#1300)88a8a30
fix case of checking truthiness ofNotImplemented
(#1298)2415f42
uuid: allow str subclass as input (#1296)f04418b
support big ints in literals and enums (#1297)727deee
Fix str subclass validation for enums (#1273)b777774
fix: keyword only non default argument (#1290)0f8445e
defer to PyO3 i64 extraction to avoid implicit integer casts (#1288)Updates
requests
from 2.32.0 to 2.32.3Release notes
Sourced from requests's releases.
Changelog
Sourced from requests's changelog.
Commits
0e322af
v2.32.3e188799
Don't create default SSLContext if ssl module isn't present (#6724)145b539
Merge pull request #6716 from sigmavirus24/bug/6715b1d73dd
Don't use default SSLContext with custom poolmanager kwargs6badbac
Update HISTORY.mda62a2d3
Allow for overriding of specific pool key params88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_contextUpdates
typing-extensions
from 4.11.0 to 4.12.0Release notes
Sourced from typing-extensions's releases.
... (truncated)
Changelog
Sourced from typing-extensions's changelog.
... (truncated)
Commits
f90a8dc
Prepare release 4.12.0 (#408)118e1a6
Make sureisinstance(typing_extensions.ParamSpec("P"), typing.TypeVar)
is u...910141a
Add security documentation (#403)0dbc7c9
Prepare release 4.12.0rc1 (#402)1da5d3d
Update actions/setup-python (#401)72298f0
4.12.0a2 (#400)465ba78
Fix publish workflow (#399)21fde1f
Prepare releaes 4.12.0a1 (#398)63d8277
Add workflow for Trusted Publishing (#395)074d053
Backport PEP-696 specialisation on Python >=3.11.1 (#397)Updates
coverage[toml]
from 7.5.1 to 7.5.3Release notes
Sourced from coverage[toml]'s releases.
Changelog
Sourced from coverage[toml]'s changelog.
Commits
f310d7e
docs: sample HTML for 7.5.3a51d52f
docs: prep for 7.5.3b666f3a
perf: it's faster in all versions if we don't cache tokenize #1791a2b4929
docs: changelog entry forcombine
performance improvementsb9aff50
perf: don't read full line_bits table each timec45ebac
perf: cache alias mapping390cb97
perf: avoid quadratic behavior when combining line coveraged3caf53
docs(build): tweaks to howto909e887
build: bump version242adea
build: don't claim pre-alpha-1 in classifiersUpdates
platformdirs
from 4.2.1 to 4.2.2Release notes
Sourced from platformdirs's releases.
Commits
5ec69d8
Fix android detection when python4android is present (#277)dbf360f
[pre-commit.ci] pre-commit autoupdate (#280)b318012
[pre-commit.ci] pre-commit autoupdate (#279)120a441
[pre-commit.ci] pre-commit autoupdate (#278)Updates
pytest
from 8.2.0 to 8.2.1Release notes
Sourced from pytest's releases.
Commits
66ff8df
Prepare release version 8.2.13ffcfd1
Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x0b28313
[8.2.x] Add Python 3.13 (beta) supportf3dd93a
[8.2.x] Attest package provenance (#12335)bb5a125
[8.2.x] Spelling (#12331)f179bf2
Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x2b671b5
[8.2.x] cacheprovider: fix.pytest_cache
not being world-readable65ab7cb
Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x4d5fb7d
Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.xcbe5996
[8.2.x] changelog: document unittest 8.2 change as breakingUpdates
pytest-asyncio
from 0.23.6 to 0.23.7Release notes
Sourced from pytest-asyncio's releases.
Commits
eb63d5a
docs: Prepared for release of v0.23.7.da04a7a
Build(deps): Bump exceptiongroup in /dependencies/default00c667a
Build(deps): Bump pytest from 8.1.1 to 8.2.0 in /dependencies/default3bd9cd8
[docs] Add changelog entry.15544f0
Revert GitHub Actions and Tox changes.6316b28
Deduplicate simplefilter snippet.3ffdfc5
asyncio.run(port_afinalizer())0107fd7
Remove extra space.3bf700a
Fix GH Action mapping.d15dc31
Fix 3109/3108 typo.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show