Cookies specified as a dict were sent to every domain, not just the domain of the request, potentially exposing them on redirect. See GHSA-fhpf-pp6p-55qc. #339
treq 21.5.0
Features
PEP 517/518 build-system metadata is now provided in pyproject.toml. (#329)
Bugfixes
treq.testing.StubTreq now persists twisted.web.server.Session instances between requests. (#327)
Improved Documentation
The dependency on Sphinx required to build the documentation has been moved from the dev extra to the new docs extra. (#296)
Deprecations and Removals
Support for Python 2.7 and 3.5 has been dropped. treq no longer depends on six or mock. (#318)
treq 21.1.0
Features
Support for Python 3.9: treq is now tested with CPython 3.9. (#305)
The auth parameter now accepts arbitrary text and bytes for usernames and passwords. Text is encoded as UTF-8, per RFC 7617. Previously only ASCII was allowed. (#268)
treq produces a more helpful exception when passed a tuple of the wrong size in the files parameter. (#299)
Bugfixes
The params argument once more accepts non-ASCII bytes, fixing a regression first introduced in treq 20.4.1. (#303)
treq request APIs no longer mutates a http_headers.Headers passed as the headers parameter when the auth parameter is also passed. (#314)
The agent returned by treq.auth.add_auth() and treq.auth.add_basic_auth() is now marked to provide twisted.web.iweb.IAgent. (#312)
treq's package metadata has been updated to require six >= 1.13, noting a dependency introduced in treq 20.9.0. (#295)
Cookies specified as a dict were sent to every domain, not just the domain of the request, potentially exposing them on redirect. See GHSA-fhpf-pp6p-55qc <https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc>_. ([#339](https://github.com/twisted/treq/issues/339) <https://github.com/twisted/treq/issues/339>__)
21.5.0 (2021-05-24)
Features
PEP 517/518 build-system metadata is now provided in pyproject.toml. ([#329](https://github.com/twisted/treq/issues/329) <https://github.com/twisted/treq/issues/329>__)
Bugfixes
treq.testing.StubTreq now persists twisted.web.server.Session instances between requests. ([#327](https://github.com/twisted/treq/issues/327) <https://github.com/twisted/treq/issues/327>__)
Improved Documentation
The dependency on Sphinx required to build the documentation has been moved from the dev extra to the new docs extra. ([#296](https://github.com/twisted/treq/issues/296) <https://github.com/twisted/treq/issues/296>__)
Deprecations and Removals
Support for Python 2.7 and 3.5 has been dropped. treq no longer depends on six or mock. ([#318](https://github.com/twisted/treq/issues/318) <https://github.com/twisted/treq/issues/318>__)
21.1.0 (2021-01-14)
Features
Support for Python 3.9: treq is now tested with CPython 3.9. ([#305](https://github.com/twisted/treq/issues/305) <https://github.com/twisted/treq/issues/305>__)
The auth parameter now accepts arbitrary text and bytes for usernames and passwords. Text is encoded as UTF-8, per :rfc:7617. Previously only ASCII was allowed. ([#268](https://github.com/twisted/treq/issues/268) <https://github.com/twisted/treq/issues/268>__)
treq produces a more helpful exception when passed a tuple of the wrong size in the files parameter. ([#299](https://github.com/twisted/treq/issues/299) <https://github.com/twisted/treq/issues/299>__)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ggaughan/pipe2py/network/alerts).
Bumps treq from 0.2.1 to 22.1.0.
Release notes
Sourced from treq's releases.
... (truncated)
Changelog
Sourced from treq's changelog.
... (truncated)
Commits
82f01e6Release 22.1.01da6022Merge pull request from GHSA-fhpf-pp6p-55qcb1c33caAdd change fragment8e2c4d9flake894af36enetscapeda59847scope cookies by defaultd89d553Merge pull request #337 from JamieSlome/mastere6fd81cbuild: apply patch to master branch60bffdeCreate SECURITY.md3d33835Merge pull request #277 from twisted/parallel-coverageDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ggaughan/pipe2py/network/alerts).