urllib3/urllib3 (urllib3)
### [`v2.2.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#222-2024-06-17)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.2.1...2.2.2)
\==================
- Added the `Proxy-Authorization` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`.
- Allowed passing negative integers as `amt` to read methods of `http.client.HTTPResponse` as an alternative to `None`. (`#3122 `\__)
- Fixed return types representing copying actions to use `typing.Self`. (`#3363 `\__)
### [`v2.2.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#221-2024-02-16)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.2.0...2.2.1)
\==================
- Fixed issue where `InsecureRequestWarning` was emitted for HTTPS connections when using Emscripten. (`#3331 `\__)
- Fixed `HTTPConnectionPool.urlopen` to stop automatically casting non-proxy headers to `HTTPHeaderDict`. This change was premature as it did not apply to proxy headers and `HTTPHeaderDict` does not handle byte header values correctly yet. (`#3343 `\__)
- Changed `InvalidChunkLength` to `ProtocolError` when response terminates before the chunk length is sent. (`#2860 `\__)
- Changed `ProtocolError` to be more verbose on incomplete reads with excess content. (`#3261 `\__)
### [`v2.2.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#220-2024-01-30)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.1.0...2.2.0)
\==================
- Added support for `Emscripten and Pyodide `**, including streaming support in cross-origin isolated browser environments where threading is enabled. (`#2951 `**)
- Added support for `HTTPResponse.read1()` method. (`#3186 `\__)
- Added rudimentary support for HTTP/2. (`#3284 `\__)
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy. (`#2244 `\__)
- Fixed `HTTPConnection.proxy_is_verified` and `HTTPSConnection.proxy_is_verified`
to be always set to a boolean after connecting to a proxy. It could be
`None` in some cases previously. (`#3130 `\__)
- Fixed an issue where `headers` passed in a request with `json=` would be mutated (`#3203 `\__)
- Fixed `HTTPSConnection.is_verified` to be set to `False` when connecting
from a HTTPS proxy to an HTTP target. It was set to `True` previously. (`#3267 `\__)
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (`#3268 `\__)
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (`#3325 `\__)
- Note for downstream distributors: To run integration tests, you now need to run the tests a second
time with the `--integration` pytest flag. (`#3181 `\__)
### [`v2.1.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#210-2023-11-13)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.7...2.1.0)
\==================
- Removed support for the deprecated urllib3\[secure] extra. (`#2680 `\__)
- Removed support for the deprecated SecureTransport TLS implementation. (`#2681 `\__)
- Removed support for the end-of-life Python 3.7. (`#3143 `\__)
- Allowed loading CA certificates from memory for proxies. (`#3065 `\__)
- Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding. (`#3174 `\__)
### [`v2.0.7`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#207-2023-10-17)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.6...2.0.7)
\==================
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.
### [`v2.0.6`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#206-2023-10-02)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.5...2.0.6)
\==================
- Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`.
### [`v2.0.5`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#205-2023-09-20)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.4...2.0.5)
\==================
- Allowed pyOpenSSL third-party module without any deprecation warning. (`#3126 `\__)
- Fixed default `blocksize` of `HTTPConnection` classes to match high-level classes. Previously was 8KiB, now 16KiB. (`#3066 `\__)
### [`v2.0.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#204-2023-07-19)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.3...2.0.4)
\==================
- Added support for union operators to `HTTPHeaderDict` (`#2254 `\__)
- Added `BaseHTTPResponse` to `urllib3.__all__` (`#3078 `\__)
- Fixed `urllib3.connection.HTTPConnection` to raise the `http.client.connect` audit event to have the same behavior as the standard library HTTP client (`#2757 `\__)
- Relied on the standard library for checking hostnames in supported PyPy releases (`#3087 `\__)
### [`v2.0.3`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#203-2023-06-07)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.2...2.0.3)
\==================
- Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`#3020 `\__)
- Deprecated URLs which don't have an explicit scheme (`#2950 `\_)
- Fixed response decoding with Zstandard when compressed data is made of several frames. (`#3008 `\__)
- Fixed `assert_hostname=False` to correctly skip hostname check. (`#3051 `\__)
### [`v2.0.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#202-2023-05-03)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.1...2.0.2)
\==================
- Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data
was still available to be read even if the underlying socket is closed. This prevents
a compressed response from being truncated. (`#3009 `\__)
### [`v2.0.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#201-2023-04-30)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.0...2.0.1)
\==================
- Fixed a socket leak when fingerprint or hostname verifications fail. (`#2991 `\__)
- Fixed an error when `HTTPResponse.read(0)` was the first `read` call or when the internal response body buffer was otherwise empty. (`#2998 `\__)
### [`v2.0.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#200-2023-04-26)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.20...2.0.0)
\==================
Read the `v2.0 migration guide `\__ for help upgrading to the latest version of urllib3.
## Removed
- Removed support for Python 2.7, 3.5, and 3.6 (`#883 `**, `#2336 `**).
- Removed fallback on certificate `commonName` in `match_hostname()` function.
This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName`
is used to verify the hostname by default. To enable verifying the hostname against
`commonName` use `SSLContext.hostname_checks_common_name = True` (`#2113 `\__).
- Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL,
wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#2168 `\__).
- Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
When an incompatible OpenSSL version is detected an `ImportError` is raised (`#2168 `\__).
- Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#2082 `\__).
- Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment (`#2044 `\__).
- Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` (`#2086 `\__).
- Removed `urllib3.HTTPResponse.from_httplib` (`#2648 `\__).
- Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used (`#1897 `\__).
- Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API.
This change was made to ensure that `from urllib3 import request` imported the top-level `request()`
function instead of the `urllib3.request` module (`#2269 `\__).
- Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library (`#2233 `\__).
- Removed the deprecated `urllib3.contrib.ntlmpool` module (`#2339 `\__).
- Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` (`#2168 `\__).
- Removed `urllib3.exceptions.SNIMissingWarning` (`#2168 `\__).
- Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` (`#1985 `\__).
- Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` (`#1985 `\__).
- Removed the `strict` parameter/attribute from `HTTPConnection`, `HTTPSConnection`, `HTTPConnectionPool`, `HTTPSConnectionPool`, and `HTTPResponse` (`#2064 `\__).
## Deprecated
- Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. (`#1543 `**, `#2814 `**).
- Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 (`#2691 `\__).
- Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 (`#2692 `\__).
- Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 (`#2110 `\__).
- Deprecated the `strict` parameter of `PoolManager.connection_from_context()` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#2267 `\__)
- Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 (`#2271 `\__).
- Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` (`#2257 `\__).
- Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 (`#2257 `\__).
- Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor (`#1985 `\__).
- Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` (`#1985 `\__).
## Added
- Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance (`#2150 `\__).
- Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined.
Added support for parsing JSON response bodies with `HTTPResponse.json()` method (`#2243 `\__).
- Added type hints to the `urllib3` module (`#1897 `\__).
- Added `ssl_minimum_version` and `ssl_maximum_version` options which set
`SSLContext.minimum_version` and `SSLContext.maximum_version` (`#2110 `\__).
- Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed.
Added the `zstd` extra which installs the `zstandard` package (`#1992 `\__).
- Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` (`#2083 `\__).
- Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool (`#2197 `\__).
- Added `HTTPHeaderDict` to the top-level `urllib3` namespace (`#2216 `\__).
- Added support for configuring header merging behavior with HTTPHeaderDict
When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate
header values will be repeated. But if `combine=True` is passed into a call to
`HTTPHeaderDict.add`, then the added header value will be merged in with an existing
value into a comma-separated list (`X-My-Header: foo, bar`) (`#2242 `\__).
- Added `NameResolutionError` exception when a DNS error occurs (`#2305 `\__).
- Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` (`#2409 `\__).
- Added a configurable `backoff_max` parameter to the `Retry` class.
If a custom `backoff_max` is provided to the `Retry` class, it
will replace the `Retry.DEFAULT_BACKOFF_MAX` (`#2494 `\__).
- Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI (`#2520 `\__).
- Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to (`#1985 `\__).
- Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` (`#1985 `\__).
- Added optional `backoff_jitter` parameter to `Retry`. (`#2952 `\__)
## Changed
- Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method:
- Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
- Never returns more bytes than requested.
- Can issue any number of system calls: zero, one or multiple.
If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` (`#2128 `\__).
- Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` (`#2648 `\__).
- Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version`
and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed
`SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` (`#2110 `\__).
- Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 (`#2373 `\__).
- Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#2482 `\__).
- Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with
a default value. The new default will be cipher suites configured by the operating system (`#2168 `\__).
- Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#2257 `\__).
- Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` (`#2589 `\__).
- Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` (`#2515 `\__).
- Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses (`#2514 `\__).
- Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance (`#2080 `\__).
- Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` (`#2628 `\__).
- Changed usage of the deprecated `socket.error` to `OSError` (`#2120 `\__).
- Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` (`#1985 `\__).
- Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading
data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` (`#1985 `\__).
- Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) (`#1985 `\__).
- Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`.
- Changed TLS handshakes to use `SSLContext.check_hostname` when possible (`#2452 `\__).
- Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` (`#2537 `\__).
- Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts (`#2348 `\__).
- Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (`#2800 `\__).
## Fixed
- Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (`#1252 `\__).
- Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout.
Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used (`#2645 `\__).
- Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` (`#2118 `\__).
- Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` (`#2213 `\__).
- Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature (`#2272 `\__).
- Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` (`#2277 `\__).
- Fixed a socket leak if `HTTPConnection.connect()` fails (`#2571 `\__).
- Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods (`#2970 `\__)
### [`v1.26.20`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12620-2024-08-29)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.19...1.26.20)
\====================
- Fixed a crash where certain standard library hash functions were absent in
FIPS-compliant environments.
(`#3432 `\__)
- Replaced deprecated dash-separated setuptools entries in `setup.cfg`.
(`#3461 `\__)
- Took into account macOS setting `ECONNRESET` instead of `EPROTOTYPE` in
its newer versions.
(`#3416 `\__)
- Backported changes to our tests and CI configuration from v2.x to support
testing with CPython 3.12 and 3.13.
(`#3436 `\__)
### [`v1.26.19`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12619-2024-06-17)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.18...1.26.19)
\====================
- Added the `Proxy-Authorization` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`.
- Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. (`#3405 `\__)
### [`v1.26.18`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12618-2023-10-17)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.17...1.26.18)
\====================
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.
### [`v1.26.17`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12617-2023-10-02)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.16...1.26.17)
\====================
- Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (`#3139 `\_)
### [`v1.26.16`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#12616-2023-05-23)
[Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.15...1.26.16)
\====================
- Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins
would cause connection pools to be closed while requests are in progress (`#2954 `\_)
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==1.26.15
->==2.2.2
By merging this PR, the issue #8 will be automatically resolved and closed:
Release Notes
urllib3/urllib3 (urllib3)
### [`v2.2.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#222-2024-06-17) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.2.1...2.2.2) \================== - Added the `Proxy-Authorization` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. - Allowed passing negative integers as `amt` to read methods of `http.client.HTTPResponse` as an alternative to `None`. (`#3122