zheminzhou / SPARSE

Strain Prediction and Analysis with Representative SEquence
https://www.biorxiv.org/content/biorxiv/early/2017/11/07/215707.full.pdf
GNU General Public License v3.0
18 stars 4 forks source link

Update urllib3 to 2.0.3 #531

Open pyup-bot opened 1 year ago

pyup-bot commented 1 year ago

This PR updates urllib3 from 1.24.1 to 2.0.3.

Changelog ### 2.0.3 ``` ================== - Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`3020 <https://github.com/urllib3/urllib3/issues/3020>`__) - Deprecated URLs which don't have an explicit scheme (`2950 <https://github.com/urllib3/urllib3/pull/2950>`_) - Fixed response decoding with Zstandard when compressed data is made of several frames. (`3008 <https://github.com/urllib3/urllib3/issues/3008>`__) - Fixed ``assert_hostname=False`` to correctly skip hostname check. (`3051 <https://github.com/urllib3/urllib3/issues/3051>`__) ``` ### 2.0.2 ``` ================== - Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (`3009 <https://github.com/urllib3/urllib3/issues/3009>`__) ``` ### 2.0.1 ``` ================== - Fixed a socket leak when fingerprint or hostname verifications fail. (`2991 <https://github.com/urllib3/urllib3/issues/2991>`__) - Fixed an error when ``HTTPResponse.read(0)`` was the first ``read`` call or when the internal response body buffer was otherwise empty. (`2998 <https://github.com/urllib3/urllib3/issues/2998>`__) ``` ### 2.0.0 ``` ================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`__ for help upgrading to the latest version of urllib3. Removed ------- * Removed support for Python 2.7, 3.5, and 3.6 (`883 <https://github.com/urllib3/urllib3/issues/883>`__, `#2336 <https://github.com/urllib3/urllib3/issues/2336>`__). * Removed fallback on certificate ``commonName`` in ``match_hostname()`` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName`` is used to verify the hostname by default. To enable verifying the hostname against ``commonName`` use ``SSLContext.hostname_checks_common_name = True`` (`2113 <https://github.com/urllib3/urllib3/issues/2113>`__). * Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ``ImportError`` is raised (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`2082 <https://github.com/urllib3/urllib3/issues/2082>`__). * Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment (`2044 <https://github.com/urllib3/urllib3/issues/2044>`__). * Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` (`2086 <https://github.com/urllib3/urllib3/issues/2086>`__). * Removed ``urllib3.HTTPResponse.from_httplib`` (`2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used (`1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API. This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()`` function instead of the ``urllib3.request`` module (`2269 <https://github.com/urllib3/urllib3/issues/2269>`__). * Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library (`2233 <https://github.com/urllib3/urllib3/issues/2233>`__). * Removed the deprecated ``urllib3.contrib.ntlmpool`` module (`2339 <https://github.com/urllib3/urllib3/issues/2339>`__). * Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed ``urllib3.exceptions.SNIMissingWarning`` (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed the ``strict`` parameter/attribute from ``HTTPConnection``, ``HTTPSConnection``, ``HTTPConnectionPool``, ``HTTPSConnectionPool``, and ``HTTPResponse`` (`2064 <https://github.com/urllib3/urllib3/issues/2064>`__). Deprecated ---------- * Deprecated ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` which will be removed in urllib3 v2.1.0. Instead use ``HTTPResponse.headers`` and ``HTTPResponse.headers.get(name, default)``. (`1543 <https://github.com/urllib3/urllib3/issues/1543>`__, `#2814 <https://github.com/urllib3/urllib3/issues/2814>`__). * Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 (`2691 <https://github.com/urllib3/urllib3/issues/2691>`__). * Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 (`2692 <https://github.com/urllib3/urllib3/issues/2692>`__). * Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Deprecated the ``strict`` parameter of ``PoolManager.connection_from_context()`` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`2267 <https://github.com/urllib3/urllib3/issues/2267>`__) * Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 (`2271 <https://github.com/urllib3/urllib3/issues/2271>`__). * Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Added ----- * Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance (`2150 <https://github.com/urllib3/urllib3/issues/2150>`__). * Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined. Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method (`2243 <https://github.com/urllib3/urllib3/issues/2243>`__). * Added type hints to the ``urllib3`` module (`1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed. Added the ``zstd`` extra which installs the ``zstandard`` package (`1992 <https://github.com/urllib3/urllib3/issues/1992>`__). * Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` (`2083 <https://github.com/urllib3/urllib3/issues/2083>`__). * Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool (`2197 <https://github.com/urllib3/urllib3/issues/2197>`__). * Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace (`2216 <https://github.com/urllib3/urllib3/issues/2216>`__). * Added support for configuring header merging behavior with HTTPHeaderDict When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate header values will be repeated. But if ``combine=True`` is passed into a call to ``HTTPHeaderDict.add``, then the added header value will be merged in with an existing value into a comma-separated list (``X-My-Header: foo, bar``) (`2242 <https://github.com/urllib3/urllib3/issues/2242>`__). * Added ``NameResolutionError`` exception when a DNS error occurs (`2305 <https://github.com/urllib3/urllib3/issues/2305>`__). * Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` (`2409 <https://github.com/urllib3/urllib3/issues/2409>`__). * Added a configurable ``backoff_max`` parameter to the ``Retry`` class. If a custom ``backoff_max`` is provided to the ``Retry`` class, it will replace the ``Retry.DEFAULT_BACKOFF_MAX`` (`2494 <https://github.com/urllib3/urllib3/issues/2494>`__). * Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI (`2520 <https://github.com/urllib3/urllib3/issues/2520>`__). * Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added optional ``backoff_jitter`` parameter to ``Retry``. (`2952 <https://github.com/urllib3/urllib3/issues/2952>`__) Changed ------- * Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method: * Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). * Never returns more bytes than requested. * Can issue any number of system calls: zero, one or multiple. If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` (`2128 <https://github.com/urllib3/urllib3/issues/2128>`__). * Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` (`2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` values. Regardless of ``ssl_version`` passed ``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 (`2373 <https://github.com/urllib3/urllib3/issues/2373>`__). * Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`2482 <https://github.com/urllib3/urllib3/pull/2482>`__). * Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` (`2589 <https://github.com/urllib3/urllib3/issues/2589>`__). * Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` (`2515 <https://github.com/urllib3/urllib3/issues/2515>`__). * Changed ``enforce_content_length`` default to True, preventing silent data loss when reading streamed responses (`2514 <https://github.com/urllib3/urllib3/issues/2514>`__). * Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance (`2080 <https://github.com/urllib3/urllib3/issues/2080>`__). * Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` (`2628 <https://github.com/urllib3/urllib3/issues/2628>`__). * Changed usage of the deprecated ``socket.error`` to ``OSError`` (`2120 <https://github.com/urllib3/urllib3/issues/2120>`__). * Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``. * Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible (`2452 <https://github.com/urllib3/urllib3/pull/2452>`__). * Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` (`2537 <https://github.com/urllib3/urllib3/pull/2537>`__). * Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts (`2348 <https://github.com/urllib3/urllib3/pull/2348>`__). * Changed ``HTTPResponse.read()`` to raise an error when calling with ``decode_content=False`` after using ``decode_content=True`` to prevent data loss (`2800 <https://github.com/urllib3/urllib3/issues/2800>`__). Fixed ----- * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`1252 <https://github.com/urllib3/urllib3/issues/1252>`__). * Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used (`2645 <https://github.com/urllib3/urllib3/issues/2645>`__). * Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` (`2118 <https://github.com/urllib3/urllib3/issues/2118>`__). * Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` (`2213 <https://github.com/urllib3/urllib3/issues/2213>`__). * Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature (`2272 <https://github.com/urllib3/urllib3/issues/2272>`__). * Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` (`2277 <https://github.com/urllib3/urllib3/issues/2277>`__). * Fixed a socket leak if ``HTTPConnection.connect()`` fails (`2571 <https://github.com/urllib3/urllib3/pull/2571>`__). * Fixed ``urllib3.contrib.pyopenssl.WrappedSocket`` and ``urllib3.contrib.securetransport.WrappedSocket`` close methods (`2970 <https://github.com/urllib3/urllib3/issues/2970>`__) ``` ### 1.26.16 ``` ==================== * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`2954 <https://github.com/urllib3/urllib3/pull/2954>`_) ``` ### 1.26.15 ``` ==================== * Fix socket timeout value when ``HTTPConnection`` is reused (`2645 <https://github.com/urllib3/urllib3/issues/2645>`__) * Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (`2899 <https://github.com/urllib3/urllib3/issues/2899>`__) * Fix IDNA handling of '\x80' byte (`2901 <https://github.com/urllib3/urllib3/issues/2901>`__) ``` ### 1.26.14 ``` ==================== * Fixed parsing of port 0 (zero) returning None, instead of 0. (`2850 <https://github.com/urllib3/urllib3/issues/2850>`__) * Removed deprecated getheaders() calls in contrib module. Fixed the type hint of ``PoolKey.key_retries`` by adding ``bool`` to the union. (`2865 <https://github.com/urllib3/urllib3/issues/2865>`__) ``` ### 1.26.13 ``` ==================== * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods. * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. * Fixed a deprecation warning when using cryptography v39.0.0. * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. ``` ### 1.26.12 ``` ==================== * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_ for justification and info on how to migrate. ``` ### 1.26.11 ``` ==================== * Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would raise an ``OverflowError`` on Python 3.9 and earlier. ``` ### 1.26.10 ``` ==================== * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. ``` ### 1.26.9 ``` =================== * Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``. This change does not impact behavior of urllib3, only which dependencies are installed. * Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception. * Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool`` when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL. ``` ### 1.26.8 ``` =================== * Added extra message to ``urllib3.exceptions.ProxyError`` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. * Added a mention of the size of the connection pool when discarding a connection due to the pool being full. * Added explicit support for Python 3.11. * Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0. * Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname`` to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors. * Fixed absolute imports, all imports are now relative. ``` ### 1.26.7 ``` =================== * Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. (Issue 2400) * Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching. (Issue 2240) ``` ### 1.26.6 ``` =================== * Deprecated the ``urllib3.contrib.ntlmpool`` module. urllib3 is not able to support it properly due to `reasons listed in this issue <https://github.com/urllib3/urllib3/issues/2282>`_. If you are a user of this module please leave a comment. * Changed ``HTTPConnection.request_chunked()`` to not erroneously emit multiple ``Transfer-Encoding`` headers in the case that one is already specified. * Fixed typo in deprecation message to recommend ``Retry.DEFAULT_ALLOWED_METHODS``. ``` ### 1.26.5 ``` =================== * Fixed deprecation warnings emitted in Python 3.10. * Updated vendored ``six`` library to 1.16.0. * Improved performance of URL parser when splitting the authority component. ``` ### 1.26.4 ``` =================== * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. ``` ### 1.26.3 ``` =================== * Fixed bytes and string comparison issue with headers (Pull 2141) * Changed ``ProxySchemeUnknown`` error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull 2107) ``` ### 1.26.2 ``` =================== * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't be imported properly on Python 2.7.8 and earlier (Pull 2052) ``` ### 1.26.1 ``` =================== * Fixed an issue where two ``User-Agent`` headers would be sent if a ``User-Agent`` header key is passed as ``bytes`` (Pull 2047) ``` ### 1.26.0 ``` =================== * **NOTE: urllib3 v2.0 will drop support for Python 2**. `Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_. * Added support for HTTPS proxies contacting HTTPS servers (Pull 1923, Pull 1806) * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull 2002) **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` (Pull 2000) **Starting in urllib3 v2.0: Deprecated options will be removed** * Added default ``User-Agent`` header to every request (Pull 1750) * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, and ``Host`` headers from being automatically emitted with requests (Pull 2018) * Collapse ``transfer-encoding: chunked`` request data and framing into the same ``socket.send()`` call (Pull 1906) * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull 1894) * Properly terminate SecureTransport connections when CA verification fails (Pull 1977) * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` to SecureTransport (Pull 1903) * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull 1970) * Suppress ``BrokenPipeError`` when writing request body after the server has closed the socket (Pull 1524) * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") into an ``urllib3.exceptions.SSLError`` (Pull 1939) ``` ### 1.25.11 ``` ==================== * Fix retry backoff time parsed from ``Retry-After`` header when given in the HTTP date format. The HTTP date was parsed as the local timezone rather than accounting for the timezone in the HTTP date (typically UTC) (Pull 1932, Pull 1935, Pull 1938, Pull 1949) * Fix issue where an error would be raised when the ``SSLKEYLOGFILE`` environment variable was set to the empty string. Now ``SSLContext.keylog_file`` is not set in this situation (Pull 2016) ``` ### 1.25.10 ``` ==================== * Added support for ``SSLKEYLOGFILE`` environment variable for logging TLS session keys with use with programs like Wireshark for decrypting captured web traffic (Pull 1867) * Fixed loading of SecureTransport libraries on macOS Big Sur due to the new dynamic linker cache (Pull 1905) * Collapse chunked request bodies data and framing into one call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull 1906) * Don't insert ``None`` into ``ConnectionPool`` if the pool was empty when requesting a connection (Pull 1866) * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull 1858) ``` ### 1.25.9 ``` =================== * Added ``InvalidProxyConfigurationWarning`` which is raised when erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently support connecting to HTTPS proxies but will soon be able to and we would like users to migrate properly without much breakage. See `this GitHub issue <https://github.com/urllib3/urllib3/issues/1850>`_ for more information on how to fix your proxy config. (Pull 1851) * Drain connection after ``PoolManager`` redirect (Pull 1817) * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull 1812) * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull 1805) * Allow the CA certificate data to be passed as a string (Pull 1804) * Raise ``ValueError`` if method contains control characters (Pull 1800) * Add ``__repr__`` to ``Timeout`` (Pull 1795) ``` ### 1.25.8 ``` =================== * Drop support for EOL Python 3.4 (Pull 1774) * Optimize _encode_invalid_chars (Pull 1787) ``` ### 1.25.7 ``` =================== * Preserve ``chunked`` parameter on retries (Pull 1715, Pull 1734) * Allow unset ``SERVER_SOFTWARE`` in App Engine (Pull 1704, Issue 1470) * Fix issue where URL fragment was sent within the request target. (Pull 1732) * Fix issue where an empty query section in a URL would fail to parse. (Pull 1732) * Remove TLS 1.3 support in SecureTransport due to Apple removing support (Pull 1703) ``` ### 1.25.6 ``` =================== * Fix issue where tilde (``~``) characters were incorrectly percent-encoded in the path. (Pull 1692) ``` ### 1.25.5 ``` =================== * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``. (Issue 1682) ``` ### 1.25.4 ``` =================== * Propagate Retry-After header settings to subsequent retries. (Pull 1607) * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull 1607) * Remove dependency on ``rfc3986`` for URL parsing. * Fix issue where URLs containing invalid characters within ``Url.auth`` would raise an exception instead of percent-encoding those characters. * Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses work well with BufferedReaders and other ``io`` module features. (Pull 1652) * Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()`` (Pull 1673) ``` ### 1.25.3 ``` =================== * Change ``HTTPSConnection`` to load system CA certificates when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are unspecified. (Pull 1608, Issue 1603) * Upgrade bundled rfc3986 to v1.3.2. (Pull 1609, Issue 1605) ``` ### 1.25.2 ``` =================== * Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull 1583) * Change ``parse_url`` to percent-encode invalid characters within the path, query, and target components. (Pull 1586) ``` ### 1.25.1 ``` =================== * Add support for Google's ``Brotli`` package. (Pull 1572, Pull 1579) * Upgrade bundled rfc3986 to v1.3.1 (Pull 1578) ``` ### 1.25 ``` ================= * Require and validate certificates by default when using HTTPS (Pull 1507) * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull 1487) * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull 1489) * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` implementations. (Pull 1496) * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue 303, Pull 1492) * Fixed issue where OpenSSL would block if an encrypted client private key was given and no password was given. Instead an ``SSLError`` is raised. (Pull 1489) * Added support for Brotli content encoding. It is enabled automatically if ``brotlipy`` package is installed which can be requested with ``urllib3[brotli]`` extra. (Pull 1532) * Drop ciphers using DSS key exchange from default TLS cipher suites. Improve default ciphers when using SecureTransport. (Pull 1496) * Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue 1483) ``` ### 1.24.3 ``` =================== * Apply fix for CVE-2019-9740. (Pull 1591) ``` ### 1.24.2 ``` =================== * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue 1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue 1269) ```
Links - PyPI: https://pypi.org/project/urllib3 - Changelog: https://pyup.io/changelogs/urllib3/