Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Disabling individual integrations is now much easier. Instead of disabling all automatically enabled integrations and specifying the ones you want to keep, you can now use the new disabled_integrations config option to provide a list of integrations to disable:
import sentry_sdk
from sentry_sdk.integrations.flask import FlaskIntegration
sentry_sdk.init(
# Do not use the Flask integration even if Flask is installed.
disabled_integrations=[
FlaskIntegration(),
],
)
Use operation name as transaction name in Strawberry (#3294) by @sentrivana
WSGI integrations respect SCRIPT_NAME env variable (#2622) by @sarvaSanjay
Make Django DB spans have origin auto.db.django (#3319) by @antonpirker
Disabling individual integrations is now much easier.
Instead of disabling all automatically enabled integrations and specifying the ones
you want to keep, you can now use the new
disabled_integrations
config option to provide a list of integrations to disable:
import sentry_sdk
from sentry_sdk.integrations.flask import FlaskIntegration
sentry_sdk.init(
# Do not use the Flask integration even if Flask is installed.
disabled_integrations=[
FlaskIntegration(),
],
)
Use operation name as transaction name in Strawberry (#3294) by @sentrivana
WSGI integrations respect SCRIPT_NAME env variable (#2622) by @sarvaSanjay
Make Django DB spans have origin auto.db.django (#3319) by @antonpirker
Deprecated OpenSSL.crypto.X509Req, OpenSSL.crypto.load_certificate_request, OpenSSL.crypto.dump_certificate_request. Instead, cryptography.x509.CertificateSigningRequest, cryptography.x509.CertificateSigningRequestBuilder, cryptography.x509.load_der_x509_csr, or cryptography.x509.load_pem_x509_csr should be used.
Changes:
^^^^^^^^
Added type hints for the SSL module.
[#1308](https://github.com/pyca/pyopenssl/issues/1308) <https://github.com/pyca/pyopenssl/pull/1308>_.
Changed OpenSSL.crypto.PKey.from_cryptography_key to accept public and private EC, ED25519, ED448 keys.
[#1310](https://github.com/pyca/pyopenssl/issues/1310) <https://github.com/pyca/pyopenssl/pull/1310>_.
#12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.
-- by RonnyPfannschmidt{.interpreted-text role="user"}
8.3.1
pytest 8.3.1 (2024-07-20)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
8.3.0
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.
See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.
-- by lovetheguitar{.interpreted-text role="user"}
#12567: Added --no-fold-skipped command line option.
If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
2109_: maxfile and maxpath fields were removed from the namedtuple
returned by disk_partitions()_. Reason: on network filesystems (NFS) this
can potentially take a very long time to complete.
2366_, [Windows]: log debug message when using slower process APIs.
2375_, [macOS]: provide arm64 wheels. (patch by Matthieu Darbois)
2396_: process_iter()_ no longer pre-emptively checks whether PIDs have
been reused. This makes process_iter()_ around 20x times faster.
2396_: a new psutil.process_iter.cache_clear() API can be used the clear
process_iter()_ internal cache.
2401_, Support building with free-threaded CPython 3.13. (patch by Sam Gross)
2407_: Process.connections()_ was renamed to Process.net_connections()_.
The old name is still available, but it's deprecated (triggers a
DeprecationWarning) and will be removed in the future.
2425_: [Linux]: provide aarch64 wheels. (patch by Matthieu Darbois / Ben Raz)
Bug fixes
2250_, [NetBSD]: Process.cmdline()_ sometimes fail with EBUSY. It usually
happens for long cmdlines with lots of arguments. In this case retry getting
the cmdline for up to 50 times, and return an empty list as last resort.
2254_, [Linux]: offline cpus raise NotImplementedError in cpu_freq() (patch
by Shade Gladden)
2272_: Add pickle support to psutil Exceptions.
2359_, [Windows], [CRITICAL]: pid_exists()_ disagrees with Process_ on
whether a pid exists when ERROR_ACCESS_DENIED.
2360_, [macOS]: can't compile on macOS < 10.13. (patch by Ryan Schmidt)
2362_, [macOS]: can't compile on macOS 10.11. (patch by Ryan Schmidt)
2365_, [macOS]: can't compile on macOS < 10.9. (patch by Ryan Schmidt)
2395_, [OpenBSD]: pid_exists()_ erroneously return True if the argument is
a thread ID (TID) instead of a PID (process ID).
2412_, [macOS]: can't compile on macOS 10.4 PowerPC due to missing MNT_
constants.
Porting notes
Version 6.0.0 introduces some changes which affect backward compatibility:
2109_: the namedtuple returned by disk_partitions()_' no longer has
maxfile and maxpath fields.
2396_: process_iter()_ no longer pre-emptively checks whether PIDs have
been reused. If you want to check for PID reusage you are supposed to use
Process.is_running()_ against the yielded Process_ instances. That will
also automatically remove reused PIDs from process_iter()_ internal cache.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dependencies group with 7 updates in the / directory:
2.31.02.32.32.1.12.12.07.1.07.2.124.1.024.2.14.1.55.1.08.2.08.3.25.9.86.0.0Updates
requestsfrom 2.31.0 to 2.32.3Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
0e322afv2.32.3e188799Don't create default SSLContext if ssl module isn't present (#6724)145b539Merge pull request #6716 from sigmavirus24/bug/6715b1d73ddDon't use default SSLContext with custom poolmanager kwargs6badbacUpdate HISTORY.mda62a2d3Allow for overriding of specific pool key params88dce9dv2.32.2c98e4d1Merge pull request #6710 from nateprewitt/api_rename92075b3Add deprecation warningaa1461bMove _get_connection to get_connection_with_tls_contextUpdates
sentry-sdkfrom 2.1.1 to 2.12.0Release notes
Sourced from sentry-sdk's releases.
... (truncated)
Changelog
Sourced from sentry-sdk's changelog.
... (truncated)
Commits
441c0f7Updated changelogab3eb1frelease: 2.12.0f8e5d2fAdd span data to the transactions trace context (#3374)0f3e5dbci: Remove Django setuptools pinb658e4bfeat(integrations): Add async support forai_trackdecoratorfc5db4fref(otel): Remove experimental autoinstrumentation (#3239)6bb2081build(deps): bump checkouts/data-schemas from0feb234to6d2c435(#3369)2ce6677tests: Test with Django 5.1 RC (#3370)bd293e5Expose the scope getters to top level API and use them everywhere (#3357)c9765cdci: Workaround bug preventing Django test runs (#3371)Updates
importlib-metadatafrom 7.1.0 to 7.2.1Changelog
Sourced from importlib-metadata's changelog.
Commits
b76931dFinalize48d2a85Merge pull request #482 from dan-blanchard/fix-relative-tob94b42eAdd news fragmente4d1dccRemove additional method in SimplePath.07a2a44Revert "Fix mypy failure that has nothing to do with this PR"b815aeeMark compat code as uncovered.52ce982Merge branch 'main' into fix-relative-to1584b96Update wrapper to rely on 'relative_to(walk_up=True)' on Python 3.12 and comp...08d74ccMove _relative_to compatibility to a compat module.e8998d9Merge https://github.com/jaraco/skeletonUpdates
pyopensslfrom 24.1.0 to 24.2.1Changelog
Sourced from pyopenssl's changelog.
Commits
8dd945724.2.1 (#1320)19f093emake changelog vanilla rst (#1319)e265b28Prepare for 24.2.0 release (#1318)6943ee5Deprecate CSR support in pyOpenSSL (#1316)01b9b56Add more type definitions forSSLmodule, check with mypy (#1313)cdcb48bPrune redundant:rtype:from SSL module (#1315)b86914dFixruffinvocation (#1314)caa1ab3Update changelog for PR #1308 and #1310 (#1311)9a21055Allow loading EC, ED25519, ED448 public keys from cryptography (#1310)9eaa107Add type annotations for theSSLmodule (#1308)Updates
jupyterhubfrom 4.1.5 to 5.1.0Commits
cdc2151Bump to 5.1.0b4a06eaadd 4.1.6 changelog5fcaaacMerge pull request #4848 from minrk/prep-5104ea8fcbregen rest-apica7df63Merge commit from fork759a4f0update 5.1 changelog2a89495Merge pull request #4856 from jfrost-mo/secure_context_for_login671c8abMerge pull request #4860 from krassowski/pass-kwargs-to-server-initialize49aaf50Passkwargsdown toinitialize()call of the server0c20f3eShow insecure login warning when not in a secure contextUpdates
pytestfrom 8.2.0 to 8.3.2Release notes
Sourced from pytest's releases.
... (truncated)
Commits
bbcec9cPrepare release version 8.3.278fe8b6Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...238bad2Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-envae6034aMerge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...31337abMerge pull request #12640 from pytest-dev/update-userca3070bMerge pull request #12637 from pytest-dev/release-8.3.1de98446Prepare release version 8.3.1bd0a042Merge pull request #12636 from pytest-dev/update-release-notes664325bdoc/changelog: update 8.3.0 notes19d225dMerge pull request #12635 from pytest-dev/release-8.3.0Updates
psutilfrom 5.9.8 to 6.0.0Changelog
Sourced from psutil's changelog.
... (truncated)
Commits
3d5522arelease5b30ef4Add aarch64 manylinux wheels (#2425)1d092e7test subprocesses: sleep() with an interval of 0.1 to make the test process m...5f80c12Fix #2412, [macOS]: can't compile on macOS 10.4 PowerPC due to missingMNT_...89b6096process_iter(): use another global var to keep track of reused PIDs9421bf8openbsd: skip test if cmdline() returns [] due to EBUSY4b1a054Fix #2250 / NetBSD / cmdline: retry on EBUSY. (#2421)20be5aeruff: enable and fix 'unused variable' rule5530985chore(ci): update actions (#2417)1c7cb0aDon't build with limited API for 3.13 free-threaded build (#2402)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show