2.23: Misc. updates

Added

• Added optional encoder_cls argument to CacheFileHandler, which overwrite default encoder for token before writing to disk #941 by @shawncruz
• Integration tests for searching multiple types in multiple markets (non-user endpoints) #901 by @rngolam
• Publish to PyPI action #958 by @stephanebruckert

Fixed

• Fixed CVE-2023-23608 regex for matching playlist URIs with the format spotify:user:USERNAME:playlist:PLAYLISTID #949 by @ludwigjo
• search_markets now factors the counts of all types in the total rather than just the first type (#534) #901 by @rngolam

2.22.1: CVE-2023-23608

Fixed

• CVE-2023-23608: fixed path traversal vulnerability that may lead to type confusion in URI handling code. Can prevent a potential XSS attack.
  • Upgrade if your app is user-facing and it allows user inputs for any type of Spotify IDs/URIs/URLs that may be forwarded to the Spotify API. Thanks to @Shaderbug for finding and fixing this bug b1db0b6

Changed

• Modified docstring for deprecated playlist_add_items() to accept "only URIs or URLs", with intended fix for IDs in v3.
  • The bug still exists for developers dealing with episodes IDs rather than just track IDs. However it is recommended to use the new playlist_add_tracks() or playlist_add_episodes() if dealing with episodes or simply to avoid confusion. See #919 by @oliveraw for context

2.22: Get queue endpoint

Added

• Integration tests via GHA (non-user endpoints)
• Unit tests for new releases, passing limit parameter with minimum and maximum values of 1 and 50
• Unit tests for categories, omitting country code to test global releases
• Added CODE_OF_CONDUCT.md

Fixed

• Incorrect category_id input for test_category
• Assertion value for test_categories_limit_low and test_categories_limit_high
• Pin Github Actions Runner to Ubuntu 20 for Py27
• Fixed potential error where found variable in test_artist_related_artists is undefined if for loop never evaluates to true
• Fixed false positive test test_new_releases which looks up the wrong property of the JSON response object and always evaluates to true

2.21: Flask cache handler

Added

• Added market parameter to album and albums to address #753 by @ivyadam
• Added 'show_featured_artists.py' to 'examples'.
• Expanded contribution and license sections of the documentation.
• Added FlaskSessionCacheHandler, a cache handler that stores the token info in a flask session.
• Added Python 3.10 in GitHub Actions

Fixed

• Updated the documentation to specify ISO-639-1 language codes.
• Fix AttributeError for text attribute of the Response object, #811 by @rtcq
• Require redis v3 if python2.7 (fixes readthedocs)

2.20: Redis cache handler

Added

• Added RedisCacheHandler, a cache handler that stores the token info in Redis.
• Changed URI handling in client.Spotify._get_id() to remove qureies if provided by error.
• Added a new parameter to RedisCacheHandler to allow custom keys (instead of the default token_info key)
• Simplify check for existing token in RedisCacheHandler

Changed

• Removed Python 3.5 and added Python 3.9 in Github Action

2.19: Memory and Django cache handlers

Added

• Added MemoryCacheHandler, a cache handler that simply stores the token info in memory as an instance attribute of this class.
• If a network request returns an error status code but the response body cannot be decoded into JSON, then fall back on decoding the body into a string.
• Added DjangoSessionCacheHandler, a cache handler that stores the token in the session framework provided by Django. Web apps using spotipy with Django can directly use this for cache handling.

Fixed

• Fixed a bug in CacheFileHandler.__init__: The documentation says that the username will be retrieved from the environment, but it wasn't.
• Fixed a bug in the initializers for the auth managers that produced a spurious warning message if you provide a cache handler and you set a value for the "SPOTIPY_CLIENT_USERNAME" environment variable.
• Use generated MIT license and fix license type in pip show

2.18: Saved episodes endpoints

Added

• Enabled using both short and long IDs for playlist_change_details
• Added a cache handler to SpotifyClientCredentials
• Added the following endpoints
  • Spotify.current_user_saved_episodes
  • Spotify.current_user_saved_episodes_add
  • Spotify.current_user_saved_episodes_delete
  • Spotify.current_user_saved_episodes_contains
  • Spotify.available_markets

Changed

• Add support for a list of scopes rather than just a comma separated string of scopes

Fixed

• Fixed the bugs in SpotifyOAuth.refresh_access_token and SpotifyPKCE.refresh_access_token which raised the incorrect exception upon receiving an error response from the server. This addresses #645.
• Fixed a bug in RequestHandler.do_GET in which the non-existent state attribute of SpotifyOauthError is accessed. This bug occurs when the user clicks "cancel" in the permissions dialog that opens in the browser.
• Cleaned up the documentation for SpotifyClientCredentials.__init__, SpotifyOAuth.__init__, and SpotifyPKCE.__init__.

2.17.1: Custom cache handlers (fixed dep)

Fixed

• allowed_methods requires urllib3>=1.26.0

2.17: Custom cache handlers

Changed

• moved os.remove(session_cache_path()) inside try block to avoid TypeError on app.py example file
• A warning will no longer be emitted when the cache file does not exist at the specified path
• The docs for the auth parameter of Spotify.init use the term "access token" instead of "authorization token"
• Changed docs for search to mention that you can provide multiple types to search for
• The query parameters of requests are now logged
• Deprecate specifing cache_path or username directly to SpotifyOAuth, SpotifyPKCE, and SpotifyImplicitGrant constructors, instead directing users to use the CacheFileHandler cache handler
• Removed requirement for examples/app.py to specify port multiple times (only SPOTIPY_REDIRECT_URI needs to contain the port)

Added

• Added log messages for when the access and refresh tokens are retrieved and when they are refreshed
• Support market optional parameter in track
• Added CacheHandler abstraction to allow users to cache tokens in any way they see fit

Fixed

• Fixed Spotify.user_playlist_reorder_tracks calling Spotify.playlist_reorder_tracks with an incorrect parameter order
• Fixed deprecated Urllib3 Retry(method_whitelist=...) in favor of Retry(allowed_methods=...)

2.16.1: Automatic retries bugfixes

Fixed

• playlist_tracks example code no longer prints extra characters on final loop iteration
• SpotifyException now thrown when a request fails & has no response (#571, #581)
• Added scope, playlist-read-private, to examples that access user playlists using the spotipy api: current_user_playlists() (#591)
• Enable retries for POST, DELETE, PUT (#577)

Changed

• both inline and starting import lists are sorted using isort module
• changed Max Retries exception code from 599 to 429