Sourced from requests's\r\nreleases.
\r\n\r\n\r\nv2.32.0
\r\n2.32.0 (2024-05-20)
\r\n🐍 PYCON US 2024 EDITION 🐍
\r\nSecurity
\r\n\r\n
\r\n- Fixed an issue where setting
\r\nverify=False
on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value ofverify
.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\r\n\r\n
\r\n- \r\n
verify=True
now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\r\n(
\r\nchardet
orcharset_normalizer
) when\r\nrepackaged or vendored.\r\nThis enablespip
and other projects to minimize their\r\nvendoring\r\nsurface area. TheResponse.text()
and\r\napparent_encoding
APIs\r\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\r\n\r\n
\r\n- Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
\r\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\r\n- Fixed bug where an extra leading
\r\n/
(path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\r\n\r\n
\r\n- Requests has officially added support for CPython 3.12 (#6503)
\r\n- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
\r\n- Requests has officially dropped support for CPython 3.7 (#6642)
\r\n- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
\r\nDocumentation
\r\n\r\n
\r\n- Various typo fixes and doc improvements.
\r\nPackaging
\r\n\r\n
\r\n- Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly
\r\nrequests
) is\r\nnow located\r\ninsrc/requests
in the Requests sdist. (#6506)- Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing
\r\nhatchling
. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.New Contributors
\r\n\r\n
\r\n\r\n- \r\n
@matthewarmand
\r\nmade their first contribution in psf/requests#6258- \r\n
@cpzt
made their\r\nfirst contribution in psf/requests#6456
... (truncated)
\r\nSourced from requests's\r\nchangelog.
\r\n\r\n\r\n2.32.0 (2024-05-20)
\r\nSecurity
\r\n\r\n
\r\n- Fixed an issue where setting
\r\nverify=False
on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value ofverify
.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\r\n\r\n
\r\n- \r\n
verify=True
now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\r\n(
\r\nchardet
orcharset_normalizer
) when\r\nrepackaged or vendored.\r\nThis enablespip
and other projects to minimize their\r\nvendoring\r\nsurface area. TheResponse.text()
and\r\napparent_encoding
APIs\r\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\r\n\r\n
\r\n- Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
\r\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\r\n- Fixed bug where an extra leading
\r\n/
(path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\r\n\r\n
\r\n- Requests has officially added support for CPython 3.12 (#6503)
\r\n- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
\r\n- Requests has officially dropped support for CPython 3.7 (#6642)
\r\n- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
\r\nDocumentation
\r\n\r\n
\r\n- Various typo fixes and doc improvements.
\r\nPackaging
\r\n\r\n
\r\n- Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly
\r\nrequests
) is\r\nnow located\r\ninsrc/requests
in the Requests sdist. (#6506)- Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing
\r\nhatchling
. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.
d6ebc4a
\r\nv2.32.09a40d12
\r\nAvoid reloading root certificates to improve concurrent performance (#6667)0c030f7
\r\nMerge pull request #6702\r\nfrom nateprewitt/no_char_detection555b870
\r\nAllow character detection dependencies to be optional in post-packaging\r\nstepsd6dded3
\r\nMerge pull request #6700\r\nfrom franekmagiera/update-redirect-to-invalid-uri-testbf24b7d
\r\nUse an invalid URI that will not cause httpbin to throw 5002d5f547
\r\nPin 3.8 and 3.9 runners back to macos-13 (#6688)f1bb07d
\r\nMerge pull request #6687\r\nfrom psf/dependabot/github_actions/github/codeql-act...60047ad
\r\nBump github/codeql-action from 3.24.0 to 3.25.031ebb81
\r\nMerge pull request #6682\r\nfrom frenzymadness/pytest8Sourced from requests's\r\nreleases.
\r\n\r\n\r\nv2.32.0
\r\n2.32.0 (2024-05-20)
\r\n🐍 PYCON US 2024 EDITION 🐍
\r\nSecurity
\r\n\r\n
\r\n- Fixed an issue where setting
\r\nverify=False
on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value ofverify
.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\r\n\r\n
\r\n- \r\n
verify=True
now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\r\n(
\r\nchardet
orcharset_normalizer
) when\r\nrepackaged or vendored.\r\nThis enablespip
and other projects to minimize their\r\nvendoring\r\nsurface area. TheResponse.text()
and\r\napparent_encoding
APIs\r\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\r\n\r\n
\r\n- Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
\r\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\r\n- Fixed bug where an extra leading
\r\n/
(path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\r\n\r\n
\r\n- Requests has officially added support for CPython 3.12 (#6503)
\r\n- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
\r\n- Requests has officially dropped support for CPython 3.7 (#6642)
\r\n- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
\r\nDocumentation
\r\n\r\n
\r\n- Various typo fixes and doc improvements.
\r\nPackaging
\r\n\r\n
\r\n- Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly
\r\nrequests
) is\r\nnow located\r\ninsrc/requests
in the Requests sdist. (#6506)- Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing
\r\nhatchling
. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.New Contributors
\r\n\r\n
\r\n\r\n- \r\n
@matthewarmand
\r\nmade their first contribution in psf/requests#6258- \r\n
@cpzt
made their\r\nfirst contribution in psf/requests#6456
... (truncated)
\r\nSourced from requests's\r\nchangelog.
\r\n\r\n\r\n2.32.0 (2024-05-20)
\r\nSecurity
\r\n\r\n
\r\n- Fixed an issue where setting
\r\nverify=False
on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value ofverify
.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\r\n\r\n
\r\n- \r\n
verify=True
now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\r\n(
\r\nchardet
orcharset_normalizer
) when\r\nrepackaged or vendored.\r\nThis enablespip
and other projects to minimize their\r\nvendoring\r\nsurface area. TheResponse.text()
and\r\napparent_encoding
APIs\r\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\r\n\r\n
\r\n- Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
\r\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\r\n- Fixed bug where an extra leading
\r\n/
(path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\r\n\r\n
\r\n- Requests has officially added support for CPython 3.12 (#6503)
\r\n- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
\r\n- Requests has officially dropped support for CPython 3.7 (#6642)
\r\n- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
\r\nDocumentation
\r\n\r\n
\r\n- Various typo fixes and doc improvements.
\r\nPackaging
\r\n\r\n
\r\n- Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly
\r\nrequests
) is\r\nnow located\r\ninsrc/requests
in the Requests sdist. (#6506)- Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing
\r\nhatchling
. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.
d6ebc4a
\r\nv2.32.09a40d12
\r\nAvoid reloading root certificates to improve concurrent performance (#6667)0c030f7
\r\nMerge pull request #6702\r\nfrom nateprewitt/no_char_detection555b870
\r\nAllow character detection dependencies to be optional in post-packaging\r\nstepsd6dded3
\r\nMerge pull request #6700\r\nfrom franekmagiera/update-redirect-to-invalid-uri-testbf24b7d
\r\nUse an invalid URI that will not cause httpbin to throw 5002d5f547
\r\nPin 3.8 and 3.9 runners back to macos-13 (#6688)f1bb07d
\r\nMerge pull request #6687\r\nfrom psf/dependabot/github_actions/github/codeql-act...60047ad
\r\nBump github/codeql-action from 3.24.0 to 3.25.031ebb81
\r\nMerge pull request #6682\r\nfrom frenzymadness/pytest8Sourced from jinja2's\r\nreleases.
\r\n\r\n\r\n3.1.4
\r\nThis is the Jinja 3.1.4 security release, which fixes security issues\r\nand bugs but does not otherwise change behavior and should not result in\r\nbreaking changes.
\r\nPyPI: https://pypi.org/project/Jinja2/3.1.4/\r\nChanges: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
\r\n\r\n
\r\n- The
\r\nxmlattr
filter does not allow keys with\r\n/
solidus,>
greater-than sign, or\r\n=
equals sign, in addition to disallowing spaces.\r\nRegardless of any validation done by Jinja, user input should never be\r\nused as keys to this filter, or must be separately validated first.\r\nGHSA-h75v-3vvj-5mfj
Sourced from jinja2's\r\nchangelog.
\r\n\r\n\r\nVersion 3.1.4
\r\nReleased 2024-05-05
\r\n\r\n
\r\n- The
\r\nxmlattr
filter does not allow keys with\r\n/
solidus,>
\r\ngreater-than sign, or=
equals sign, in addition to\r\ndisallowing spaces.\r\nRegardless of any validation done by Jinja, user input should never be\r\nused\r\nas keys to this filter, or must be separately validated first.\r\n:ghsa:h75v-3vvj-5mfj
dd4a8b5
\r\nrelease version 3.1.40668239
\r\nMerge pull request from GHSA-h75v-3vvj-5mfjd655030
\r\ndisallow invalid characters in keys to xmlattr filtera7863ba
\r\nadd ghsa linksb5c98e7
\r\nstart version 3.1.4da3a9f0
\r\nupdate project files (#1968)0ee5eb4
\r\nsatisfy formatter, linter, and strict mypy20477c6
\r\nupdate project files (#5457)e491223
\r\nupdate pyyaml dev dependency36f9885
\r\nfix pr link