Sourced from urllib3's releases.
\n\n\n2.2.2
\n🚀 urllib3 is fundraising for HTTP/2 support
\nurllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
\nThank you for your support.
\nChanges
\n\n
\n- Added the
\nProxy-Authorization
header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect
.- Allowed passing negative integers as
\namt
to read methods ofhttp.client.HTTPResponse
as an alternative toNone
. (#3122)- Fixed return types representing copying actions to use
\ntyping.Self
. (#3363)Full Changelog: https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2
\n2.2.1
\n🚀 urllib3 is fundraising for HTTP/2 support
\nurllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
\nThank you for your support.
\nChanges
\n\n
\n- Fixed issue where
\nInsecureRequestWarning
was emitted for HTTPS connections when using Emscripten. (#3331)- Fixed
\nHTTPConnectionPool.urlopen
to stop automatically casting non-proxy headers toHTTPHeaderDict
. This change was premature as it did not apply to proxy headers andHTTPHeaderDict
does not handle byte header values correctly yet. (#3343)- Changed
\nProtocolError
toInvalidChunkLength
when response terminates before the chunk length is sent. (#2860)- Changed
\nProtocolError
to be more verbose on incomplete reads with excess content. (#3261)2.2.0
\n🖥️ urllib3 now works in the browser
\n:tada: This release adds experimental support for using urllib3 in the browser with Pyodide! :tada:
\nThanks to Joe Marshall (
\n@joemarshall
) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API fromhttp.client
. Please report all bugs to the urllib3 issue tracker.🚀 urllib3 is fundraising for HTTP/2 support
\nurllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
\nThank you for your support.
\nChanges
\n\n
\n\n- Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
\n- Added support for
\nHTTPResponse.read1()
method. (#3186)- Added rudimentary support for HTTP/2. (#3284)
\n- Fixed issue where requests against urls with trailing dots were failing due to SSL errors\nwhen using proxy. (#2244)
\n- Fixed
\nHTTPConnection.proxy_is_verified
andHTTPSConnection.proxy_is_verified
to be always set to a boolean after connecting to a proxy. It could beNone
in some cases previously. (#3130)
... (truncated)
\nSourced from urllib3's changelog.
\n\n\n2.2.2 (2024-06-17)
\n\n
\n- Added the
\nProxy-Authorization
header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect
.- Allowed passing negative integers as
\namt
to read methods ofhttp.client.HTTPResponse
as an alternative toNone
. ([#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122>
__)- Fixed return types representing copying actions to use
\ntyping.Self
. ([#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363>
__)2.2.1 (2024-02-16)
\n\n
\n- Fixed issue where
\nInsecureRequestWarning
was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>
__)- Fixed
\nHTTPConnectionPool.urlopen
to stop automatically casting non-proxy headers toHTTPHeaderDict
. This change was premature as it did not apply to proxy headers andHTTPHeaderDict
does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>
__)- Changed
\nInvalidChunkLength
toProtocolError
when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>
__)- Changed
\nProtocolError
to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>
__)2.2.0 (2024-01-30)
\n\n
\n- Added support for
\nEmscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>
, including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951) <https://github.com/urllib3/urllib3/issues/2951>
)- Added support for
\nHTTPResponse.read1()
method. ([#3186](https://github.com/urllib3/urllib3/issues/3186) <https://github.com/urllib3/urllib3/issues/3186>
__)- Added rudimentary support for HTTP/2. (
\n[#3284](https://github.com/urllib3/urllib3/issues/3284) <https://github.com/urllib3/urllib3/issues/3284>
__)- Fixed issue where requests against urls with trailing dots were failing due to SSL errors\nwhen using proxy. (
\n[#2244](https://github.com/urllib3/urllib3/issues/2244) <https://github.com/urllib3/urllib3/issues/2244>
__)- Fixed
\nHTTPConnection.proxy_is_verified
andHTTPSConnection.proxy_is_verified
\nto be always set to a boolean after connecting to a proxy. It could be\nNone
in some cases previously. ([#3130](https://github.com/urllib3/urllib3/issues/3130) <https://github.com/urllib3/urllib3/issues/3130>
__)- Fixed an issue where
\nheaders
passed in a request withjson=
would be mutated ([#3203](https://github.com/urllib3/urllib3/issues/3203) <https://github.com/urllib3/urllib3/issues/3203>
__)- Fixed
\nHTTPSConnection.is_verified
to be set toFalse
when connecting\nfrom a HTTPS proxy to an HTTP target. It was set toTrue
previously. ([#3267](https://github.com/urllib3/urllib3/issues/3267) <https://github.com/urllib3/urllib3/issues/3267>
__)- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (
\n[#3268](https://github.com/urllib3/urllib3/issues/3268) <https://github.com/urllib3/urllib3/issues/3268>
__)- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (
\n[#3325](https://github.com/urllib3/urllib3/issues/3325) <https://github.com/urllib3/urllib3/issues/3325>
__)- Note for downstream distributors: To run integration tests, you now need to run the tests a second\ntime with the
\n--integration
pytest flag. ([#3181](https://github.com/urllib3/urllib3/issues/3181) <https://github.com/urllib3/urllib3/issues/3181>
__)2.1.0 (2023-11-13)
\n\n
\n- Removed support for the deprecated urllib3[secure] extra. (
\n[#2680](https://github.com/urllib3/urllib3/issues/2680) <https://github.com/urllib3/urllib3/issues/2680>
__)- Removed support for the deprecated SecureTransport TLS implementation. (
\n[#2681](https://github.com/urllib3/urllib3/issues/2681) <https://github.com/urllib3/urllib3/issues/2681>
__)- Removed support for the end-of-life Python 3.7. (
\n[#3143](https://github.com/urllib3/urllib3/issues/3143) <https://github.com/urllib3/urllib3/issues/3143>
__)- Allowed loading CA certificates from memory for proxies. (
\n[#3065](https://github.com/urllib3/urllib3/issues/3065) <https://github.com/urllib3/urllib3/issues/3065>
__)- Fixed decoding Gzip-encoded responses which specified
\nx-gzip
content-encoding. ([#3174](https://github.com/urllib3/urllib3/issues/3174) <https://github.com/urllib3/urllib3/issues/3174>
__)
27e2a5c
Release 2.2.2 (#3406)accff72
Merge pull request from GHSA-34jh-p97f-mpxf34be4a5
Pin CFFI to a new release candidate instead of a Git commit (#3398)da41058
Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)b07a669
Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)b8589ec
Measure coverage with v4 of artifact actions (#3394)f3bdc55
Allow triggering CI manually (#3391)5239265
Fix HTTP version in debug log (#3316)b34619f
Bump actions/checkout to 4.1.4 (#3387)9961d14
Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Sourced from zipp's changelog.
\n\n\nv3.19.1
\nBugfixes
\n\n
\n- Improved handling of malformed zip files. (#119)
\nv3.19.0
\nFeatures
\n\n
\n- Implement is_symlink. (#117)
\nv3.18.2
\nNo significant changes.
\nv3.18.1
\nNo significant changes.
\nv3.18.0
\nFeatures
\n\n
\n- Bypass ZipFile.namelist in glob for better performance. (#106)
\n- Refactored glob functionality to support a more generalized solution with support for platform-specific path separators. (#108)
\nBugfixes
\n\n
\n- Add special accounting for pypy when computing the stack level for text encoding warnings. (#114)
\n
6d1cb72
Finalizefd604bd
Merge pull request #120 from jaraco/bugfix/119-malformed-pathsc18417e
Add news fragment.58115d2
Employ SanitizedNames in CompleteDirs. Fixes broken test.564fcc1
Add SanitizedNames mixin.79a309f
Add some assertions about malformed paths.2d015c2
Merge https://github.com/jaraco/skeletona595a0f
Rename extras to align with core metadata spec.608f90a
Finalize3a22d72
Merge pull request #118 from jaraco/feature/is-symlinkSourced from setuptools's changelog.
\n\n\nv70.0.0
\nFeatures
\n\n
\n- Emit a warning when
\n[tools.setuptools]
is present inpyproject.toml
and will be ignored. -- by :user:SnoopJ
(#4150)- Improved
\nAttributeError
error message ifpkg_resources.EntryPoint.require
is called without extras or distribution\nGracefully "do nothing" when trying to activate apkg_resources.Distribution
with aNone
location, rather than raising aTypeError
\n-- by :user:Avasam
(#4262)- Typed the dynamically defined variables from
\npkg_resources
-- by :user:Avasam
(#4267)- Modernized and refactored VCS handling in package_index. (#4332)
\nBugfixes
\n\n
\n- In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
\n- Fix finder template for lenient editable installs of implicit nested namespaces\nconstructed by using
\npackage_dir
to reorganise directory structure. (#4278)- Fix an error with
\nUnicodeDecodeError
handling inpkg_resources
when trying to read files in UTF-8 with a fallback -- by :user:Avasam
(#4348)Improved Documentation
\n\n
\n- Uses RST substitution to put badges in 1 line. (#4312)
\nDeprecations and Removals
\n\n
\n\n- \n
\nFurther adoption of UTF-8 in
\nsetuptools
.\nThis change regards mostly files produced and consumed during the build process\n(e.g. metadata files, script wrappers, automatically updated config files, etc..)\nAlthough precautions were taken to minimize disruptions, some edge cases might\nbe subject to backwards incompatibility.Support for
\n"locale"
encoding is now deprecated. (#4309)- \n
\nRemove
\nsetuptools.convert_path
after long deprecation period.\nThis function was never defined bysetuptools
itself, but rather a\nside-effect of an import for internal usage. (#4322)- \n
\nRemove fallback for customisations of
\ndistutils
'build.sub_command
after long\ndeprecated period.\nUsers are advised to importbuild
directly fromsetuptools.command.build
. (#4322)- \n
\nRemoved
\ntyping_extensions
from vendored dependencies -- by :user:Avasam
(#4324)- \n
\nRemove deprecated
\nsetuptools.dep_util
.\nThe provided alternative issetuptools.modified
. (#4360)
... (truncated)
\n5cbf12a
Workaround for release error in v709c1bcc3
Bump version: 69.5.1 → 70.0.04dc0c31
Remove deprecated setuptools.dep_util
(#4360)6c1ef57
Remove xfail now that test passes. Ref #4371.d14fa01
Add all site-packages dirs when creating simulated environment for test_edita...6b7f7a1
Prevent bin
folders to be taken as extern packages when vendoring (#4370)69141f6
Add doctest for vendorised bin folder2a53cc1
Prevent 'bin' folders to be taken as extern packages7208628
Replace call to deprecated validate_pyproject
command (#4363)96d681a
Remove call to deprecated validate_pyproject commandSourced from requests's releases.
\n\n\nv2.32.2
\n2.32.2 (2024-05-21)
\nDeprecations
\n\n
\n- \n
\nTo provide a more stable migration for custom HTTPAdapters impacted\nby the CVE changes in 2.32.0, we've renamed
\n_get_connection
to\na new public API,get_connection_with_tls_context
. Existing custom\nHTTPAdapters will need to migrate their code to use this new API.\nget_connection
is considered deprecated in all versions of Requests>=2.32.0.A minimal (2-line) example has been provided in the linked PR to ease\nmigration, but we strongly urge users to evaluate if their custom adapter\nis subject to the same issue described in CVE-2024-35195. (#6710)
\nv2.32.1
\n2.32.1 (2024-05-20)
\nBugfixes
\n\n
\n- Add missing test certs to the sdist distributed on PyPI.
\nv2.32.0
\n2.32.0 (2024-05-20)
\n🐍 PYCON US 2024 EDITION 🐍
\nSecurity
\n\n
\n- Fixed an issue where setting
\nverify=False
on the first request from a\nSession will cause subsequent requests to the same origin to also ignore\ncert verification, regardless of the value ofverify
.\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\n\n
\n- \n
verify=True
now reuses a global SSLContext which should improve\nrequest time variance between first and subsequent requests. It should\nalso minimize certificate load time on Windows systems when using a Python\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\n(
\nchardet
orcharset_normalizer
) when repackaged or vendored.\nThis enablespip
and other projects to minimize their vendoring\nsurface area. TheResponse.text()
andapparent_encoding
APIs\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\n\n\n
... (truncated)
\nSourced from requests's changelog.
\n\n\n2.32.2 (2024-05-21)
\nDeprecations
\n\n
\n- \n
\nTo provide a more stable migration for custom HTTPAdapters impacted\nby the CVE changes in 2.32.0, we've renamed
\n_get_connection
to\na new public API,get_connection_with_tls_context
. Existing custom\nHTTPAdapters will need to migrate their code to use this new API.\nget_connection
is considered deprecated in all versions of Requests>=2.32.0.A minimal (2-line) example has been provided in the linked PR to ease\nmigration, but we strongly urge users to evaluate if their custom adapter\nis subject to the same issue described in CVE-2024-35195. (#6710)
\n2.32.1 (2024-05-20)
\nBugfixes
\n\n
\n- Add missing test certs to the sdist distributed on PyPI.
\n2.32.0 (2024-05-20)
\nSecurity
\n\n
\n- Fixed an issue where setting
\nverify=False
on the first request from a\nSession will cause subsequent requests to the same origin to also ignore\ncert verification, regardless of the value ofverify
.\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\n\n
\n- \n
verify=True
now reuses a global SSLContext which should improve\nrequest time variance between first and subsequent requests. It should\nalso minimize certificate load time on Windows systems when using a Python\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\n(
\nchardet
orcharset_normalizer
) when repackaged or vendored.\nThis enablespip
and other projects to minimize their vendoring\nsurface area. TheResponse.text()
andapparent_encoding
APIs\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\n\n
\n- Fixed bug in length detection where emoji length was incorrectly\ncalculated in the request content-length. (#6589)
\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\n- Fixed bug where an extra leading
\n/
(path separator) could lead\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\n\n
... (truncated)
\n88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_context970e8ce
v2.32.1d6ebc4a
v2.32.09a40d12
Avoid reloading root certificates to improve concurrent performance (#6667)0c030f7
Merge pull request #6702 from nateprewitt/no_char_detection555b870
Allow character detection dependencies to be optional in post-packaging stepsd6dded3
Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test