urllib3/urllib3 (urllib3)
### [`v2.0.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#204-2023-07-19)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.3...2.0.4)
\==================
- Added support for union operators to `HTTPHeaderDict` (`#2254 `\__)
- Added `BaseHTTPResponse` to `urllib3.__all__` (`#3078 `\__)
- Fixed `urllib3.connection.HTTPConnection` to raise the `http.client.connect` audit event to have the same behavior as the standard library HTTP client (`#2757 `\__)
- Relied on the standard library for checking hostnames in supported PyPy releases (`#3087 `\__)
### [`v2.0.3`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#203-2023-06-07)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.2...2.0.3)
\==================
- Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`#3020 `\__)
- Deprecated URLs which don't have an explicit scheme (`#2950 `\_)
- Fixed response decoding with Zstandard when compressed data is made of several frames. (`#3008 `\__)
- Fixed `assert_hostname=False` to correctly skip hostname check. (`#3051 `\__)
### [`v2.0.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#202-2023-05-03)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.1...2.0.2)
\==================
- Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data
was still available to be read even if the underlying socket is closed. This prevents
a compressed response from being truncated. (`#3009 `\__)
### [`v2.0.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#201-2023-04-30)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.0...2.0.1)
\==================
- Fixed a socket leak when fingerprint or hostname verifications fail. (`#2991 `\__)
- Fixed an error when `HTTPResponse.read(0)` was the first `read` call or when the internal response body buffer was otherwise empty. (`#2998 `\__)
### [`v2.0.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#200-2023-04-26)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.16...2.0.0)
\==================
Read the `v2.0 migration guide `\__ for help upgrading to the latest version of urllib3.
## Removed
- Removed support for Python 2.7, 3.5, and 3.6 (`#883 `**, `#2336 `**).
- Removed fallback on certificate `commonName` in `match_hostname()` function.
This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName`
is used to verify the hostname by default. To enable verifying the hostname against
`commonName` use `SSLContext.hostname_checks_common_name = True` (`#2113 `\__).
- Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL,
wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#2168 `\__).
- Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
When an incompatible OpenSSL version is detected an `ImportError` is raised (`#2168 `\__).
- Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#2082 `\__).
- Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment (`#2044 `\__).
- Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` (`#2086 `\__).
- Removed `urllib3.HTTPResponse.from_httplib` (`#2648 `\__).
- Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used (`#1897 `\__).
- Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API.
This change was made to ensure that `from urllib3 import request` imported the top-level `request()`
function instead of the `urllib3.request` module (`#2269 `\__).
- Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library (`#2233 `\__).
- Removed the deprecated `urllib3.contrib.ntlmpool` module (`#2339 `\__).
- Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` (`#2168 `\__).
- Removed `urllib3.exceptions.SNIMissingWarning` (`#2168 `\__).
- Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` (`#1985 `\__).
- Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` (`#1985 `\__).
- Removed the `strict` parameter/attribute from `HTTPConnection`, `HTTPSConnection`, `HTTPConnectionPool`, `HTTPSConnectionPool`, and `HTTPResponse` (`#2064 `\__).
## Deprecated
- Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. (`#1543 `**, `#2814 `**).
- Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 (`#2691 `\__).
- Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 (`#2692 `\__).
- Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 (`#2110 `\__).
- Deprecated the `strict` parameter of `PoolManager.connection_from_context()` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#2267 `\__)
- Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 (`#2271 `\__).
- Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` (`#2257 `\__).
- Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 (`#2257 `\__).
- Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor (`#1985 `\__).
- Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` (`#1985 `\__).
## Added
- Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance (`#2150 `\__).
- Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined.
Added support for parsing JSON response bodies with `HTTPResponse.json()` method (`#2243 `\__).
- Added type hints to the `urllib3` module (`#1897 `\__).
- Added `ssl_minimum_version` and `ssl_maximum_version` options which set
`SSLContext.minimum_version` and `SSLContext.maximum_version` (`#2110 `\__).
- Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed.
Added the `zstd` extra which installs the `zstandard` package (`#1992 `\__).
- Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` (`#2083 `\__).
- Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool (`#2197 `\__).
- Added `HTTPHeaderDict` to the top-level `urllib3` namespace (`#2216 `\__).
- Added support for configuring header merging behavior with HTTPHeaderDict
When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate
header values will be repeated. But if `combine=True` is passed into a call to
`HTTPHeaderDict.add`, then the added header value will be merged in with an existing
value into a comma-separated list (`X-My-Header: foo, bar`) (`#2242 `\__).
- Added `NameResolutionError` exception when a DNS error occurs (`#2305 `\__).
- Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` (`#2409 `\__).
- Added a configurable `backoff_max` parameter to the `Retry` class.
If a custom `backoff_max` is provided to the `Retry` class, it
will replace the `Retry.DEFAULT_BACKOFF_MAX` (`#2494 `\__).
- Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI (`#2520 `\__).
- Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to (`#1985 `\__).
- Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` (`#1985 `\__).
- Added optional `backoff_jitter` parameter to `Retry`. (`#2952 `\__)
## Changed
- Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method:
- Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
- Never returns more bytes than requested.
- Can issue any number of system calls: zero, one or multiple.
If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` (`#2128 `\__).
- Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` (`#2648 `\__).
- Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version`
and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed
`SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` (`#2110 `\__).
- Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 (`#2373 `\__).
- Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#2482 `\__).
- Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with
a default value. The new default will be cipher suites configured by the operating system (`#2168 `\__).
- Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#2257 `\__).
- Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` (`#2589 `\__).
- Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` (`#2515 `\__).
- Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses (`#2514 `\__).
- Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance (`#2080 `\__).
- Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` (`#2628 `\__).
- Changed usage of the deprecated `socket.error` to `OSError` (`#2120 `\__).
- Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` (`#1985 `\__).
- Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading
data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` (`#1985 `\__).
- Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) (`#1985 `\__).
- Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`.
- Changed TLS handshakes to use `SSLContext.check_hostname` when possible (`#2452 `\__).
- Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` (`#2537 `\__).
- Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts (`#2348 `\__).
- Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (`#2800 `\__).
## Fixed
- Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (`#1252 `\__).
- Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout.
Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used (`#2645 `\__).
- Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` (`#2118 `\__).
- Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` (`#2213 `\__).
- Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature (`#2272 `\__).
- Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` (`#2277 `\__).
- Fixed a socket leak if `HTTPConnection.connect()` fails (`#2571 `\__).
- Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods (`#2970 `\__)
### [`v1.26.16`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12616-2023-05-23)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.15...1.26.16)
\====================
- Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins
would cause connection pools to be closed while requests are in progress (`#2954 `\_)
### [`v1.26.15`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12615-2023-03-10)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.14...1.26.15)
\====================
- Fix socket timeout value when `HTTPConnection` is reused (`#2645 `\__)
- Remove "!" character from the unreserved characters in IPv6 Zone ID parsing
(`#2899 `\__)
- Fix IDNA handling of '\x80' byte (`#2901 `\__)
### [`v1.26.14`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12614-2023-01-11)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.13...1.26.14)
\====================
- Fixed parsing of port 0 (zero) returning None, instead of 0. (`#2850 `\__)
- Removed deprecated getheaders() calls in contrib module. Fixed the type hint of `PoolKey.key_retries` by adding `bool` to the union. (`#2865 `\__)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==1.26.13->==2.0.4Release Notes
urllib3/urllib3 (urllib3)
### [`v2.0.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#204-2023-07-19) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.3...2.0.4) \================== - Added support for union operators to `HTTPHeaderDict` (`#2254Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.