🐛 Fix unhandled growing memory for internal server errors, refactor dependencies with yield and except to require raising again as in regular Python. PR #11191 by @tiangolo.
This is a breaking change (and only slightly) if you used dependencies with yield, used except in those dependencies, and didn't raise again.
This was reported internally by @rushilsrivastava as a memory leak when the server had unhandled exceptions that would produce internal server errors, the memory allocated before that point would not be released.
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)
Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>__)
Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>__)
Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>__)
Changed ProtocolError to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>__)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the back-end group in /api with 5 updates:
5.3.2
5.3.3
0.109.2
0.110.0
2.2.0
2.2.1
3.6.1
3.6.2
0.26.0
0.27.0
Updates
cachetools
from 5.3.2 to 5.3.3Changelog
Sourced from cachetools's changelog.
Commits
1fcadea
Bump copyright year and version.2b0a7cb
Bump copyright year.d566834
LICENSE: update the year4a284ca
Merge branch 'kuraga-get-rid-of-operator-usage'86ff2f0
Merge branch 'get-rid-of-operator-usage' of https://github.com/kuraga/cacheto...2862109
Bump actions/setup-python from 4.7.1 to 5.0.04c5d179
Bump actions/checkout from 4.1.0 to 4.1.198453e8
Get rid ofoperator
usaged991ac7
Add cacheing reference.Updates
fastapi
from 0.109.2 to 0.110.0Release notes
Sourced from fastapi's releases.
... (truncated)
Commits
e40747f
🔖 Release version 0.110.032b56a8
📝 Update release notesb6b0f2a
📝 Update release notesbf771bd
🐛 Fix unhandled growing memory for internal server errors, refactor dependenc...6336604
📝 Update release notescb93874
📝 Update release notes9210e6a
🌐 Add German translation fordocs/de/docs/reference/background.md
(#10820)dec45c5
🌐 Add German translation fordocs/de/docs/reference/templating.md
(#10842)5da35ff
📝 Update release notes626b066
🌐 Add German translation fordocs/de/docs/external-links.md
(#10852)Updates
urllib3
from 2.2.0 to 2.2.1Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
54d6edf
Release 2.2.149b2dda
Stop casting request headers to HTTPHeaderDict (#3344)e22f651
Fix docstring of retries parameterfa54179
Distinguish between truncated and excess content in response (#3273)cfe52f9
Fix InsecureRequestWarning for HTTPS Emscripten requests (#3333)25155d7
Ensure no remote connections during testing (#3328)12f9233
Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (#3340)9929d3c
Add nox session to start local Pyodide consoleaa8d3dd
Fix ssl_version tests for upcoming migration to pytest 823f2287
Remove TODO about informational responses (#3319)Updates
pre-commit
from 3.6.1 to 3.6.2Release notes
Sourced from pre-commit's releases.
Changelog
Sourced from pre-commit's changelog.
Commits
e525726
v3.6.23187538
Merge pull request #3130 from pre-commit/golang-build-during-commit-a61d9c95
fix building golang hooks duringcommit --all
Updates
httpx
from 0.26.0 to 0.27.0Release notes
Sourced from httpx's releases.
Changelog
Sourced from httpx's changelog.
Commits
326b943
Version 0.27.0 (#3095)3faa4a8
Improve 'Custom transports' docs (#3081)c51af4b
Extensions docs (#3080)cabd1c0
Deprecateapp=...
in favor of explicitWSGITransport
/ASGITransport
. (#3...6f46152
Bump the python-packages group with 6 updates (#3077)37a2901
Mention NO_PROXY environment variable on Advanced Usage page (#3066)371b6e9
Use__future__.annotations
(#3068)4f6edf3
testparse_header_links
via public api (#3061)c7cd6aa
testobfuscate_sensitive_headers
via public api (#3063)15f9253
Drop outdated section (#3057)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show