{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":616670926,"defaultBranch":"main","name":"precli","ownerLogin":"securesauce","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2023-03-20T21:04:57.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/103609037?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1716400377.0","currentOid":""},"activityList":{"items":[{"before":"a80b4e3efa0c51e861514bce44f46e6bfbf00efb","after":"4b426cfa83b83f593b6359a75ac8d5a192f3e0cb","ref":"refs/heads/main","pushedAt":"2024-05-25T02:24:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Filter the list of artifacts during discovery (#491)\n\nDuring the discovery of the files when given a recursive directory to\r\nparse, build a list of artifacts only with files of extensions we can\r\nparse.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Filter the list of artifacts during discovery (#491)"}},{"before":"8efdb38382d89f6899f29e4b2d66d0e07550a729","after":"a80b4e3efa0c51e861514bce44f46e6bfbf00efb","ref":"refs/heads/main","pushedAt":"2024-05-24T22:57:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Nit: Rearrange args to partial (#490)\n\nIt's a bit more logical to order the file as the first argument of\r\nparse_file. For the partial, you need to use keyword args if args to\r\ncome after the iterable.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Nit: Rearrange args to partial (#490)"}},{"before":"c29168866daa117d4a456d4c2a43f2c7b022e9ca","after":"8efdb38382d89f6899f29e4b2d66d0e07550a729","ref":"refs/heads/main","pushedAt":"2024-05-24T06:04:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Delay reading of file contents until parser decided (#489)\n\nThe code should not load a file's contents unless it has already\r\ndetermined there is a parser available to parse the given file\r\nextension. Otherwise, the performance is degraded loading files in which\r\nnothing is parsed.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Delay reading of file contents until parser decided (#489)"}},{"before":"b50792052436e086682f54ad6d4ab7e7a2742477","after":"c29168866daa117d4a456d4c2a43f2c7b022e9ca","ref":"refs/heads/main","pushedAt":"2024-05-24T04:12:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Redo handling of keyboard interrupts (#488)\n\nThe keyboard interrupts should be handled in the main process not in the\r\nchild worker pool processes.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Redo handling of keyboard interrupts (#488)"}},{"before":"385ffa425b01828364261599880a2ef04d5abc75","after":"b50792052436e086682f54ad6d4ab7e7a2742477","ref":"refs/heads/main","pushedAt":"2024-05-24T03:39:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Suppress FutureWarnings from tree-sitter and re modules (#487)\n\nPrecli is printing out FutureWarnings from tree-sitter about how it is\r\ninitialized. The warning looks like the following:\r\n\r\n```\r\nFutureWarning: Language(path, name) is deprecated. Use Language( ptr, name) instead.\r\n```\r\n\r\nSimilarly, the re module is also printing out a FutureWarning when\r\nprecli analyzes cpython test code. It looks like the following:\r\n\r\n```\r\nFutureWarning: Possible set difference at position 4\r\nFutureWarning: Possible set intersection at position 6\r\nFutureWarning: Possible set union at position 6\r\nFutureWarning: Possible set symmetric difference at position 5\r\nFutureWarning: Possible nested set at position 3\r\n```\r\n\r\nIn both cases, precli has been changed to suppress and ignore these\r\nwarnings for now. There is probably no fix for the re module one, but I\r\nexpect a fix for the tree-sitter module one to be necessary.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Suppress FutureWarnings from tree-sitter and re modules (#487)"}},{"before":"ea310e5e3075705e5be0a643ad8852d020ded45e","after":"385ffa425b01828364261599880a2ef04d5abc75","ref":"refs/heads/main","pushedAt":"2024-05-24T01:00:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Avoid init of parsers twice (#486)\n\nCurrently parsers are being created twice, once in CLI main and once in\r\nthe run module.\r\n\r\nThis change moves it only in the run module.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Avoid init of parsers twice (#486)"}},{"before":"cc92841d5694f85e8a484eccd8887d64b2046799","after":"ea310e5e3075705e5be0a643ad8852d020ded45e","ref":"refs/heads/main","pushedAt":"2024-05-24T00:48:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Support multiprocessing of file parsing (#485)\n\nMakes use of multiprocessing pool to process each file in a pool rather\r\nthan processing serially.\r\n\r\nThis results in significant speed improvements. Scanning cpython went\r\nfrom 34 seconds to just 9-10 seconds.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Support multiprocessing of file parsing (#485)"}},{"before":"2556c0257f31a39fa88a85dade65316cbd196197","after":"e9c20782b6d1dc9945a8f95e9232a0cd7d40025c","ref":"refs/heads/dependabot/pip/tree-sitter-0.22.3","pushedAt":"2024-05-22T17:53:39.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump tree-sitter from 0.21.3 to 0.22.3\n\nBumps [tree-sitter](https://github.com/tree-sitter/py-tree-sitter) from 0.21.3 to 0.22.3.\n- [Release notes](https://github.com/tree-sitter/py-tree-sitter/releases)\n- [Commits](https://github.com/tree-sitter/py-tree-sitter/compare/v0.21.3...v0.22.3)\n\n---\nupdated-dependencies:\n- dependency-name: tree-sitter\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump tree-sitter from 0.21.3 to 0.22.3"}},{"before":"caa16ba2ce6405498179e0703dd971ac097ec6bb","after":null,"ref":"refs/heads/dependabot/pip/requests-2.32.2","pushedAt":"2024-05-22T17:52:57.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"}},{"before":"015a24afa64a57233f1a3480aa99a8c11a67c6f8","after":"cc92841d5694f85e8a484eccd8887d64b2046799","ref":"refs/heads/main","pushedAt":"2024-05-22T17:52:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Bump requests from 2.32.1 to 2.32.2 (#484)\n\nBumps [requests](https://github.com/psf/requests) from 2.32.1 to 2.32.2.\r\n
\r\nRelease notes\r\n

Sourced from requests's\r\nreleases.

\r\n
\r\n

v2.32.2

\r\n

2.32.2 (2024-05-21)

\r\n

Deprecations

\r\n
    \r\n
  • \r\n

    To provide a more stable migration for custom HTTPAdapters impacted\r\nby the CVE changes in 2.32.0, we've renamed _get_connection\r\nto\r\na new public API, get_connection_with_tls_context. Existing\r\ncustom\r\nHTTPAdapters will need to migrate their code to use this new API.\r\nget_connection is considered deprecated in all versions of\r\nRequests>=2.32.0.

    \r\n

    A minimal (2-line) example has been provided in the linked PR to ease\r\nmigration, but we strongly urge users to evaluate if their custom\r\nadapter\r\nis subject to the same issue described in CVE-2024-35195. (#6710)

    \r\n
    • \r\n
\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from requests's\r\nchangelog.

\r\n
\r\n

2.32.2 (2024-05-21)

\r\n

Deprecations

\r\n
    \r\n
  • \r\n

    To provide a more stable migration for custom HTTPAdapters impacted\r\nby the CVE changes in 2.32.0, we've renamed _get_connection\r\nto\r\na new public API, get_connection_with_tls_context. Existing\r\ncustom\r\nHTTPAdapters will need to migrate their code to use this new API.\r\nget_connection is considered deprecated in all versions of\r\nRequests>=2.32.0.

    \r\n

    A minimal (2-line) example has been provided in the linked PR to ease\r\nmigration, but we strongly urge users to evaluate if their custom\r\nadapter\r\nis subject to the same issue described in CVE-2024-35195. (#6710)

    \r\n
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 88dce9d\r\nv2.32.2
    • \r\n
  • c98e4d1\r\nMerge pull request #6710\r\nfrom nateprewitt/api_rename
    • \r\n
  • 92075b3\r\nAdd deprecation warning
    • \r\n
  • aa1461b\r\nMove _get_connection to get_connection_with_tls_context
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.1&new-version=2.32.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump requests from 2.32.1 to 2.32.2 (#484)"}},{"before":null,"after":"caa16ba2ce6405498179e0703dd971ac097ec6bb","ref":"refs/heads/dependabot/pip/requests-2.32.2","pushedAt":"2024-05-22T02:48:37.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"---\nupdated-dependencies:\n- dependency-name: requests\n dependency-type: direct:production\n update-type: version-update:semver-patch\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"---"}},{"before":"53a6d71a93ea257f6cc6060b8b27ff0f1be1685d","after":"015a24afa64a57233f1a3480aa99a8c11a67c6f8","ref":"refs/heads/main","pushedAt":"2024-05-22T01:05:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Refactor the invoke function in the run class (#483)\n\nThis change moves some of the processing from invoke into the\r\nparser_file method which makes more logical sense.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Refactor the invoke function in the run class (#483)"}},{"before":"cbb63ee8d12c184ddb3c1a891d04368abb9e06d0","after":"53a6d71a93ea257f6cc6060b8b27ff0f1be1685d","ref":"refs/heads/main","pushedAt":"2024-05-21T23:04:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Nicer output using rich.console (#482)\n\nThis change makes use of a more global rich.console Console for output.\r\nThe console object is passed to renderers instead of created in them.\r\n\r\nThe unexpected exceptions and errors are now printed with rich. This\r\nmakes for better readability.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Nicer output using rich.console (#482)"}},{"before":"733cd11e06fff72dbcd665541702b0623ff0044c","after":"cbb63ee8d12c184ddb3c1a891d04368abb9e06d0","ref":"refs/heads/main","pushedAt":"2024-05-21T22:16:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Handle invalid coding for a Python file (#481)\n\nThe header of a Python file can define the encoding of the source.\r\nHowever, if that codeing define is invalid, it should not affect the\r\nparsing of the file. It should ignore and proceed as if the file is\r\nutf-8.\r\n\r\nFixes: #480\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Handle invalid coding for a Python file (#481)"}},{"before":"4abe4d2f302d33d2fc591e20844532d6eeb18f85","after":"733cd11e06fff72dbcd665541702b0623ff0044c","ref":"refs/heads/main","pushedAt":"2024-05-21T21:27:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Correctly handle a non unicode file without pep3120 (#479)\n\nPEP 3120 defines how Python files can define an encoding that is not the\r\ndefault UTF-8.\r\n\r\nFixes: #472\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Correctly handle a non unicode file without pep3120 (#479)"}},{"before":"dc8c9227a7276ef71fa99227b7cfcd35f71b38af","after":"4abe4d2f302d33d2fc591e20844532d6eeb18f85","ref":"refs/heads/main","pushedAt":"2024-05-21T20:19:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Fix unknown value for nbytes (#478)\n\nIf the nbytes argument to token_hex cannot be determined from the\r\nsymbols, analysis should not fail with an error, and just continue.\r\n\r\nFixes: #474\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Fix unknown value for nbytes (#478)"}},{"before":"751905c098337ba634a1ca008605fd31368050b9","after":"dc8c9227a7276ef71fa99227b7cfcd35f71b38af","ref":"refs/heads/main","pushedAt":"2024-05-21T19:16:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Handle non-UTF-8 encoding files (#477)\n\nPython files default to be encoded in UTF-8, but they don't have to be.\r\nAt the head of Python file, you can define the encoding.\r\n\r\nThis change modifies the convenience function of the Node to return a\r\nstr object in the encoding of the file, honoring this header and\r\ndefaulting to utf-8.\r\n\r\nSee:\r\n\r\nhttps://docs.python.org/3/howto/unicode.html#unicode-literals-in-python-source-code\r\n\r\nFixes: #468\r\nFixes: #473\r\nFixes: #472\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Handle non-UTF-8 encoding files (#477)"}},{"before":"43050475837362b042d1edc05134887713f898fc","after":"751905c098337ba634a1ca008605fd31368050b9","ref":"refs/heads/main","pushedAt":"2024-05-21T16:47:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Remove some docstring comments on return and params (#476)\n\nAny function that already uses types, doesn't really need to redundantly\r\nhave docstrings that denote what the parameter or return type is.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Remove some docstring comments on return and params (#476)"}},{"before":"56d4239257a558770d85f40cd10f58fcf3669348","after":"43050475837362b042d1edc05134887713f898fc","ref":"refs/heads/main","pushedAt":"2024-05-21T16:14:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Use f-string instead of string substitution (#475)\n\nLegacy use of string substitution found. Switch it to f-string.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Use f-string instead of string substitution (#475)"}},{"before":"097a7f0dea7f89a7b2500eed3fd0a339cd6eb81a","after":"56d4239257a558770d85f40cd10f58fcf3669348","ref":"refs/heads/main","pushedAt":"2024-05-21T04:25:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Fix typo in copyright (#469)\n\nMany files have a typo in the company name.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Fix typo in copyright (#469)"}},{"before":"c95f412b5bba362ce977d6744653c0c563534b1b","after":"2556c0257f31a39fa88a85dade65316cbd196197","ref":"refs/heads/dependabot/pip/tree-sitter-0.22.3","pushedAt":"2024-05-21T03:07:01.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump tree-sitter from 0.21.3 to 0.22.3\n\nBumps [tree-sitter](https://github.com/tree-sitter/py-tree-sitter) from 0.21.3 to 0.22.3.\n- [Release notes](https://github.com/tree-sitter/py-tree-sitter/releases)\n- [Commits](https://github.com/tree-sitter/py-tree-sitter/compare/v0.21.3...v0.22.3)\n\n---\nupdated-dependencies:\n- dependency-name: tree-sitter\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump tree-sitter from 0.21.3 to 0.22.3"}},{"before":"af1960500100f93110df9684c625aa324c51770e","after":null,"ref":"refs/heads/dependabot/pip/requests-2.32.1","pushedAt":"2024-05-21T03:06:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"d84130bed9e17cf1af4c4771908a816be1795a78","after":"097a7f0dea7f89a7b2500eed3fd0a339cd6eb81a","ref":"refs/heads/main","pushedAt":"2024-05-21T03:06:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Bump requests from 2.31.0 to 2.32.1 (#467)\n\nBumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.1.\r\n
\r\nRelease notes\r\n

Sourced from requests's\r\nreleases.

\r\n
\r\n

v2.32.0

\r\n

2.32.0 (2024-05-20)

\r\n

🐍 PYCON US 2024 EDITION 🐍

\r\n

Security

\r\n
    \r\n
  • Fixed an issue where setting verify=False on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value of verify.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)
    • \r\n
\r\n

Improvements

\r\n
    \r\n
  • verify=True now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)
    • \r\n
  • Requests now supports optional use of character detection\r\n(chardet or charset_normalizer) when\r\nrepackaged or vendored.\r\nThis enables pip and other projects to minimize their\r\nvendoring\r\nsurface area. The Response.text() and\r\napparent_encoding APIs\r\nwill default to utf-8 if neither library is present. (#6702)
    • \r\n
\r\n

Bugfixes

\r\n
    \r\n
  • Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
    • \r\n
  • Fixed deserialization bug in JSONDecodeError. (#6629)
    • \r\n
  • Fixed bug where an extra leading / (path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)
    • \r\n
\r\n

Deprecations

\r\n
    \r\n
  • Requests has officially added support for CPython 3.12 (#6503)
    • \r\n
  • Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
    • \r\n
  • Requests has officially dropped support for CPython 3.7 (#6642)
    • \r\n
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
    • \r\n
\r\n

Documentation

\r\n
    \r\n
  • Various typo fixes and doc improvements.
    • \r\n
\r\n

Packaging

\r\n
    \r\n
  • Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly requests) is\r\nnow located\r\nin src/requests in the Requests sdist. (#6506)
    • \r\n
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing hatchling. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​matthewarmand\r\nmade their first contribution in psf/requests#6258
    • \r\n
  • @​cpzt made their\r\nfirst contribution in psf/requests#6456
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from requests's\r\nchangelog.

\r\n
\r\n

2.32.1 (2024-05-20)

\r\n

Bugfixes

\r\n
    \r\n
  • Add missing test certs to the sdist distributed on PyPI.
    • \r\n
\r\n

2.32.0 (2024-05-20)

\r\n

Security

\r\n
    \r\n
  • Fixed an issue where setting verify=False on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value of verify.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)
    • \r\n
\r\n

Improvements

\r\n
    \r\n
  • verify=True now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)
    • \r\n
  • Requests now supports optional use of character detection\r\n(chardet or charset_normalizer) when\r\nrepackaged or vendored.\r\nThis enables pip and other projects to minimize their\r\nvendoring\r\nsurface area. The Response.text() and\r\napparent_encoding APIs\r\nwill default to utf-8 if neither library is present. (#6702)
    • \r\n
\r\n

Bugfixes

\r\n
    \r\n
  • Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
    • \r\n
  • Fixed deserialization bug in JSONDecodeError. (#6629)
    • \r\n
  • Fixed bug where an extra leading / (path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)
    • \r\n
\r\n

Deprecations

\r\n
    \r\n
  • Requests has officially added support for CPython 3.12 (#6503)
    • \r\n
  • Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
    • \r\n
  • Requests has officially dropped support for CPython 3.7 (#6642)
    • \r\n
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
    • \r\n
\r\n

Documentation

\r\n
    \r\n
  • Various typo fixes and doc improvements.
    • \r\n
\r\n

Packaging

\r\n
    \r\n
  • Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly requests) is\r\nnow located\r\nin src/requests in the Requests sdist. (#6506)
    • \r\n
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing hatchling. This should not impact the average user,\r\nbut extremely old
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 970e8ce\r\nv2.32.1
    • \r\n
  • d6ebc4a\r\nv2.32.0
    • \r\n
  • 9a40d12\r\nAvoid reloading root certificates to improve concurrent performance (#6667)
    • \r\n
  • 0c030f7\r\nMerge pull request #6702\r\nfrom nateprewitt/no_char_detection
    • \r\n
  • 555b870\r\nAllow character detection dependencies to be optional in post-packaging\r\nsteps
    • \r\n
  • d6dded3\r\nMerge pull request #6700\r\nfrom franekmagiera/update-redirect-to-invalid-uri-test
    • \r\n
  • bf24b7d\r\nUse an invalid URI that will not cause httpbin to throw 500
    • \r\n
  • 2d5f547\r\nPin 3.8 and 3.9 runners back to macos-13 (#6688)
    • \r\n
  • f1bb07d\r\nMerge pull request #6687\r\nfrom psf/dependabot/github_actions/github/codeql-act...
    • \r\n
  • 60047ad\r\nBump github/codeql-action from 3.24.0 to 3.25.0
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.31.0&new-version=2.32.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump requests from 2.31.0 to 2.32.1 (#467)"}},{"before":null,"after":"af1960500100f93110df9684c625aa324c51770e","ref":"refs/heads/dependabot/pip/requests-2.32.1","pushedAt":"2024-05-21T03:01:00.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"---\nupdated-dependencies:\n- dependency-name: requests\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"---"}},{"before":"f3ed4bdb513788ecd66bdd4de58ebb70c66eead4","after":null,"ref":"refs/heads/dependabot/pip/tree-sitter-0.22.2","pushedAt":"2024-05-20T03:03:31.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"c95f412b5bba362ce977d6744653c0c563534b1b","ref":"refs/heads/dependabot/pip/tree-sitter-0.22.3","pushedAt":"2024-05-20T03:03:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump tree-sitter from 0.21.3 to 0.22.3\n\nBumps [tree-sitter](https://github.com/tree-sitter/py-tree-sitter) from 0.21.3 to 0.22.3.\n- [Release notes](https://github.com/tree-sitter/py-tree-sitter/releases)\n- [Commits](https://github.com/tree-sitter/py-tree-sitter/compare/v0.21.3...v0.22.3)\n\n---\nupdated-dependencies:\n- dependency-name: tree-sitter\n dependency-type: direct:production\n update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump tree-sitter from 0.21.3 to 0.22.3"}},{"before":"bba44bdb45fa371bb392ad4c8c1481995f01ac8d","after":null,"ref":"refs/heads/ericwb-patch-1","pushedAt":"2024-05-18T13:04:32.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"}},{"before":"1d15eb146eb6c61606a5c3d90669b97f48f11946","after":"d84130bed9e17cf1af4c4771908a816be1795a78","ref":"refs/heads/main","pushedAt":"2024-05-18T13:04:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Delete .stestr.conf (#465)\n\nThis is no longer needed after the migration from stestr to pytest\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Delete .stestr.conf (#465)"}},{"before":null,"after":"bba44bdb45fa371bb392ad4c8c1481995f01ac8d","ref":"refs/heads/ericwb-patch-1","pushedAt":"2024-05-18T13:02:37.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Delete .stestr.conf\n\nThis is no longer needed after the migration from stestr to pytest\n\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Delete .stestr.conf"}},{"before":"c05f9cfb83fe5b4d27272c66e73612e1769b18fe","after":"1d15eb146eb6c61606a5c3d90669b97f48f11946","ref":"refs/heads/main","pushedAt":"2024-05-18T06:23:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ericwb","name":"Eric Brown","path":"/ericwb","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5316833?s=80&v=4"},"commit":{"message":"Migrate from stestr to pytests (#464)\n\nThis large commit switches over the test framework from stestr to the\r\nmore common and popular pytest. We're able to drop a test dependency of\r\nparameterized because pytest provides the same function.\r\n\r\nThis will enable us to do performance benchmark testing later using\r\npytest.\r\n\r\nSigned-off-by: Eric Brown ","shortMessageHtmlLink":"Migrate from stestr to pytests (#464)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEU4VliAA","startCursor":null,"endCursor":null}},"title":"Activity · securesauce/precli"}