search

stencila / hub

☸️ Hub for executable documents
https://hub.stenci.la
Apache License 2.0
31 stars 4 forks source link

chore(deps): update dependency httpx to v0.23.0 [security] #1401

Open renovate[bot] opened 3 months ago

renovate[bot] commented 3 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
httpx (changelog) ==0.19.0 -> ==0.23.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-41945

Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copy_with.

Release Notes

encode/httpx (httpx) ### [`v0.23.0`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0230-23rd-May-2022) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.22.0...0.23.0) ##### Changed - Drop support for Python 3.6. ([#​2097](https://redirect.github.com/encode/httpx/issues/2097)) - Use `utf-8` as the default character set, instead of falling back to `charset-normalizer` for auto-detection. To enable automatic character set detection, see [the documentation](https://www.python-httpx.org/advanced/text-encodings/#using-auto-detection). ([#​2165](https://redirect.github.com/encode/httpx/issues/2165)) ##### Fixed - Fix `URL.copy_with` for some oddly formed URL cases. ([#​2185](https://redirect.github.com/encode/httpx/issues/2185)) - Digest authentication should use case-insensitive comparison for determining which algorithm is being used. ([#​2204](https://redirect.github.com/encode/httpx/issues/2204)) - Fix console markup escaping in command line client. ([#​1866](https://redirect.github.com/encode/httpx/issues/1866)) - When files are used in multipart upload, ensure we always seek to the start of the file. ([#​2065](https://redirect.github.com/encode/httpx/issues/2065)) - Ensure that `iter_bytes` never yields zero-length chunks. ([#​2068](https://redirect.github.com/encode/httpx/issues/2068)) - Preserve `Authorization` header for redirects that are to the same origin, but are an `http`-to-`https` upgrade. ([#​2074](https://redirect.github.com/encode/httpx/issues/2074)) - When responses have binary output, don't print the output to the console in the command line client. Use output like `<16086 bytes of binary data>` instead. ([#​2076](https://redirect.github.com/encode/httpx/issues/2076)) - Fix display of `--proxies` argument in the command line client help. ([#​2125](https://redirect.github.com/encode/httpx/issues/2125)) - Close responses when task cancellations occur during stream reading. ([#​2156](https://redirect.github.com/encode/httpx/issues/2156)) - Fix type error on accessing `.request` on `HTTPError` exceptions. ([#​2158](https://redirect.github.com/encode/httpx/issues/2158)) ### [`v0.22.0`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0220-26th-January-2022) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.21.3...0.22.0) ##### Added - Support for [the SOCKS5 proxy protocol](https://www.python-httpx.org/advanced/proxies/#socks) via [the `socksio` package](https://redirect.github.com/sethmlarson/socksio). ([#​2034](https://redirect.github.com/encode/httpx/issues/2034)) - Support for custom headers in multipart/form-data requests ([#​1936](https://redirect.github.com/encode/httpx/issues/1936)) ##### Fixed - Don't perform unreliable close/warning on `__del__` with unclosed clients. ([#​2026](https://redirect.github.com/encode/httpx/issues/2026)) - Fix `Headers.update(...)` to correctly handle repeated headers ([#​2038](https://redirect.github.com/encode/httpx/issues/2038)) ### [`v0.21.3`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0213-6th-January-2022) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.21.2...0.21.3) ##### Fixed - Fix streaming uploads using `SyncByteStream` or `AsyncByteStream`. Regression in 0.21.2. ([#​2016](https://redirect.github.com/encode/httpx/issues/2016)) ### [`v0.21.2`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0212-5th-January-2022) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.21.1...0.21.2) ##### Fixed - HTTP/2 support for tunnelled proxy cases. ([#​2009](https://redirect.github.com/encode/httpx/issues/2009)) - Improved the speed of large file uploads. ([#​1948](https://redirect.github.com/encode/httpx/issues/1948)) ### [`v0.21.1`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0211-16th-November-2021) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.21.0...0.21.1) ##### Fixed - The `response.url` property is now correctly annotated as `URL`, instead of `Optional[URL]`. ([#​1940](https://redirect.github.com/encode/httpx/issues/1940)) ### [`v0.21.0`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0210-15th-November-2021) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.20.0...0.21.0) The 0.21.0 release integrates against a newly redesigned `httpcore` backend. Both packages ought to automatically update to the required versions, but if you are seeing any issues, you should ensure that you have `httpx==0.21.*` and `httpcore==0.14.*` installed. ##### Added - The command-line client will now display connection information when `-v/--verbose` is used. - The command-line client will now display server certificate information when `-v/--verbose` is used. - The command-line client is now able to properly detect if the outgoing request should be formatted as HTTP/1.1 or HTTP/2, based on the result of the HTTP/2 negotiation. ##### Removed - Curio support is no longer currently included. Please get in touch if you require this, so that we can assess priorities. ### [`v0.20.0`](https://redirect.github.com/encode/httpx/blob/HEAD/CHANGELOG.md#0200-13th-October-2021) [Compare Source](https://redirect.github.com/encode/httpx/compare/0.19.0...0.20.0) The 0.20.0 release adds an integrated command-line client, and also includes some design changes. The most notable of these is that redirect responses are no longer automatically followed, unless specifically requested. This design decision prioritises a more explicit approach to redirects, in order to avoid code that unintentionally issues multiple requests as a result of misconfigured URLs. For example, previously a client configured to send requests to `http://api.github.com/` would end up sending every API request twice, as each request would be redirected to `https://api.github.com/`. If you do want auto-redirect behaviour, you can enable this either by configuring the client instance with `Client(follow_redirects=True)`, or on a per-request basis, with `.get(..., follow_redirects=True)`. This change is a classic trade-off between convenience and precision, with no "right" answer. See [discussion #​1785](https://redirect.github.com/encode/httpx/discussions/1785) for more context. The other major design change is an update to the Transport API, which is the low-level interface against which requests are sent. Previously this interface used only primitive datastructures, like so... ```python (status_code, headers, stream, extensions) = transport.handle_request(method, url, headers, stream, extensions) try ... finally: stream.close() ``` Now the interface is much simpler... ```python response = transport.handle_request(request) try ... finally: response.close() ``` ##### Changed - The `allow_redirects` flag is now `follow_redirects` and defaults to `False`. - The `raise_for_status()` method will now raise an exception for any responses except those with 2xx status codes. Previously only 4xx and 5xx status codes would result in an exception. - The low-level transport API changes to the much simpler `response = transport.handle_request(request)`. - The `client.send()` method no longer accepts a `timeout=...` argument, but the `client.build_request()` does. This required by the signature change of the Transport API. The request timeout configuration is now stored on the request instance, as `request.extensions['timeout']`. ##### Added - Added the `httpx` command-line client. - Response instances now include `.is_informational`, `.is_success`, `.is_redirect`, `.is_client_error`, and `.is_server_error` properties for checking 1xx, 2xx, 3xx, 4xx, and 5xx response types. Note that the behaviour of `.is_redirect` is slightly different in that it now returns True for all 3xx responses, in order to allow for a consistent set of properties onto the different HTTP status code types. The `response.has_redirect_location` location may be used to determine responses with properly formed URL redirects. ##### Fixed - `response.iter_bytes()` no longer raises a ValueError when called on a response with no content. (Pull [#​1827](https://redirect.github.com/encode/httpx/issues/1827)) - The `'wsgi.error'` configuration now defaults to `sys.stderr`, and is corrected to be a `TextIO` interface, not a `BytesIO` interface. Additionally, the WSGITransport now accepts a `wsgi_error` configuration. (Pull [#​1828](https://redirect.github.com/encode/httpx/issues/1828)) - Follow the WSGI spec by properly closing the iterable returned by the application. (Pull [#​1830](https://redirect.github.com/encode/httpx/issues/1830))

Configuration

πŸ“… Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.