find_sds icon indicating copy to clipboard operation
find_sds copied to clipboard

Published 20 hours ago verified publisher icon khoivan88

Update urllib3 to 2.2.1

Open pyup-bot opened this issue 1 year ago • 0 comments

This PR updates urllib3 from 1.26.6 to 2.2.1.

Changelog

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

[urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

- Fixed issue where `InsecureRequestWarning` was emitted for HTTPS connections when using Emscripten. (3331)
- Fixed `HTTPConnectionPool.urlopen` to stop automatically casting non-proxy headers to `HTTPHeaderDict`. This change was premature as it did not apply to proxy headers and `HTTPHeaderDict` does not handle byte header values correctly yet. (3343)
- Changed `ProtocolError` to `InvalidChunkLength` when response terminates before the chunk length is sent. (2860)
- Changed `ProtocolError` to be more verbose on incomplete reads with excess content. (3261)

2.2.0

🖥️ urllib3 now works in the browser

:tada: **This release adds experimental support for [using urllib3 in the browser with Pyodide](https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html)!** :tada:

Thanks to Joe Marshall (joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from `http.client`. Please report all bugs to the [urllib3 issue tracker](https://github.com/urllib3/urllib3/issues).

🚀 urllib3 is fundraising for HTTP/2 support

[urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

- Added support for [Emscripten and Pyodide](https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html), including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951))
- Added support for `HTTPResponse.read1()` method. ([3186](https://github.com/urllib3/urllib3/issues/3186))
- Added rudimentary support for HTTP/2. ([3284](https://github.com/urllib3/urllib3/issues/3284))
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy. ([2244](https://github.com/urllib3/urllib3/issues/2244))
- Fixed `HTTPConnection.proxy_is_verified` and `HTTPSConnection.proxy_is_verified` to be always set to a boolean after connecting to a proxy. It could be `None` in some cases previously. ([3130](https://github.com/urllib3/urllib3/issues/3130))
- Fixed an issue where `headers` passed in a request with `json=` would be mutated ([3203](https://github.com/urllib3/urllib3/issues/3203))
- Fixed `HTTPSConnection.is_verified` to be set to `False` when connecting from a HTTPS proxy to an HTTP target. It was set to `True` previously. ([3267](https://github.com/urllib3/urllib3/issues/3267))
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([3268](https://github.com/urllib3/urllib3/issues/3268))
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([3325](https://github.com/urllib3/urllib3/issues/3325))

Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the `--integration` pytest flag. ([3181](https://github.com/urllib3/urllib3/issues/3181))

2.1.0

Read the [v2 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.

Removals

- Removed support for the deprecated urllib3[secure] extra. ([2680](https://github.com/urllib3/urllib3/issues/2680))
- Removed support for the deprecated SecureTransport TLS implementation. ([2681](https://github.com/urllib3/urllib3/issues/2681))
- Removed support for the end-of-life Python 3.7. ([3143](https://github.com/urllib3/urllib3/issues/3143))


Bugfixes

- Allowed loading CA certificates from memory for proxies. ([3065](https://github.com/urllib3/urllib3/issues/3065))
- Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding. ([3174](https://github.com/urllib3/urllib3/issues/3174))

2.0.7

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

* Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (GHSA-v845-jxx5-vc9f)

2.0.5

- Allowed pyOpenSSL third-party module without any deprecation warning. [3126](https://github.com/urllib3/urllib3/issues/3126)
- Fixed default ``blocksize`` of ``HTTPConnection`` classes to match high-level classes. Previously was 8KiB, now 16KiB. [3066](https://github.com/urllib3/urllib3/issues/3066>)

2.0.4

- Added support for union operators to ``HTTPHeaderDict`` (2254)
- Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (3078)
- Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client (2757)
- Relied on the standard library for checking hostnames in supported PyPy releases (3087)

2.0.3

- Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. [3020](https://github.com/urllib3/urllib3/issues/3020)
- Deprecated URLs which don't have an explicit scheme [2950](https://github.com/urllib3/urllib3/pull/2950)
- Fixed response decoding with Zstandard when compressed data is made of several frames. [3008](https://github.com/urllib3/urllib3/issues/3008)
- Fixed ``assert_hostname=False`` to correctly skip hostname check. [3051](https://github.com/urllib3/urllib3/issues/3051)

2.0.2

* Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (https://github.com/urllib3/urllib3/issues/3009)

2.0.1

- Fixed a socket leak when fingerprint or hostname verifications fail. (2991)
- Fixed an error when ``HTTPResponse.read(0)`` was the first ``read`` call or when the internal response body buffer was otherwise empty. (2998)

2.0.0

Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.

Removed

-   Removed support for Python 2.7, 3.5, and 3.6 ([883](https://github.com/urllib3/urllib3/issues/883), [#2336](https://github.com/urllib3/urllib3/issues/2336)).
-   Removed fallback on certificate `commonName` in `match_hostname()` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName` is used to verify the hostname by default. To enable verifying the hostname against `commonName` use `SSLContext.hostname_checks_common_name = True` ([2113](https://github.com/urllib3/urllib3/issues/2113)).
-   Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an `ImportError` is raised ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([2082](https://github.com/urllib3/urllib3/issues/2082)).
-   Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment ([2044](https://github.com/urllib3/urllib3/issues/2044)).
-   Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` ([2086](https://github.com/urllib3/urllib3/issues/2086)).
-   Removed `urllib3.HTTPResponse.from_httplib` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
-   Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used ([1897](https://github.com/urllib3/urllib3/issues/1897)).
-   Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API. This change was made to ensure that `from urllib3 import request` imported the top-level `request()` function instead of the `urllib3.request` module ([2269](https://github.com/urllib3/urllib3/issues/2269)).
-   Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library ([2233](https://github.com/urllib3/urllib3/issues/2233)).
-   Removed the deprecated `urllib3.contrib.ntlmpool` module ([2339](https://github.com/urllib3/urllib3/issues/2339)).
-   Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed `urllib3.exceptions.SNIMissingWarning` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Deprecated

-   Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. ([1543](https://github.com/urllib3/urllib3/issues/1543), [#2814](https://github.com/urllib3/urllib3/issues/2814)).
-   Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 ([2691](https://github.com/urllib3/urllib3/issues/2691)).
-   Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 ([2692](https://github.com/urllib3/urllib3/issues/2692)).
-   Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 ([2110](https://github.com/urllib3/urllib3/issues/2110)).
-   Deprecated the `strict` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 ([2267](https://github.com/urllib3/urllib3/issues/2267))
-   Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 ([2271](https://github.com/urllib3/urllib3/issues/2271)).
-   Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` ([2257](https://github.com/urllib3/urllib3/issues/2257)).
-   Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 ([2257](https://github.com/urllib3/urllib3/issues/2257)).
-   Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Added

-   Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance ([2150](https://github.com/urllib3/urllib3/issues/2150)).
-   Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined. Added support for parsing JSON response bodies with `HTTPResponse.json()` method ([2243](https://github.com/urllib3/urllib3/issues/2243)).
-   Added type hints to the `urllib3` module ([1897](https://github.com/urllib3/urllib3/issues/1897)).
-   Added `ssl_minimum_version` and `ssl_maximum_version` options which set `SSLContext.minimum_version` and `SSLContext.maximum_version` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
-   Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed. Added the `zstd` extra which installs the `zstandard` package ([1992](https://github.com/urllib3/urllib3/issues/1992)).
-   Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` ([2083](https://github.com/urllib3/urllib3/issues/2083)).
-   Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool ([2197](https://github.com/urllib3/urllib3/issues/2197)).
-   Added `HTTPHeaderDict` to the top-level `urllib3` namespace ([2216](https://github.com/urllib3/urllib3/issues/2216)).
-   Added support for configuring header merging behavior with HTTPHeaderDict When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate header values will be repeated. But if `combine=True` is passed into a call to `HTTPHeaderDict.add`, then the added header value will be merged in with an existing value into a comma-separated list (`X-My-Header: foo, bar`) ([2242](https://github.com/urllib3/urllib3/issues/2242)).
-   Added `NameResolutionError` exception when a DNS error occurs ([2305](https://github.com/urllib3/urllib3/issues/2305)).
-   Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` ([2409](https://github.com/urllib3/urllib3/issues/2409)).
-   Added a configurable `backoff_max` parameter to the `Retry` class. If a custom `backoff_max` is provided to the `Retry` class, it will replace the `Retry.DEFAULT_BACKOFF_MAX` ([2494](https://github.com/urllib3/urllib3/issues/2494)).
-   Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI ([2520](https://github.com/urllib3/urllib3/issues/2520)).
-   Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Added optional `backoff_jitter` parameter to `Retry`. ([2952](https://github.com/urllib3/urllib3/issues/2952))

Changed

- Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method:
 - Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
 - Never returns more bytes than requested. 
 - Can issue any number of system calls: zero, one or multiple.
If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` ([2128](https://github.com/urllib3/urllib3/issues/2128)).
-   Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
-   Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version` and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed `SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
-   Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 ([2373](https://github.com/urllib3/urllib3/issues/2373)).
-   Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([2482](https://github.com/urllib3/urllib3/pull/2482)).
-   Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded ([2257](https://github.com/urllib3/urllib3/issues/2257)).
-   Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` ([2589](https://github.com/urllib3/urllib3/issues/2589)).
-   Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` ([2515](https://github.com/urllib3/urllib3/issues/2515)).
-   Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses ([2514](https://github.com/urllib3/urllib3/issues/2514)).
-   Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance ([2080](https://github.com/urllib3/urllib3/issues/2080)).
-   Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` ([2628](https://github.com/urllib3/urllib3/issues/2628)).
-   Changed usage of the deprecated `socket.error` to `OSError` ([2120](https://github.com/urllib3/urllib3/issues/2120)).
-   Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`.
-   Changed TLS handshakes to use `SSLContext.check_hostname` when possible ([2452](https://github.com/urllib3/urllib3/pull/2452)).
-   Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` ([2537](https://github.com/urllib3/urllib3/pull/2537)).
-   Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts ([2348](https://github.com/urllib3/urllib3/pull/2348)).
-   Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss ([2800](https://github.com/urllib3/urllib3/issues/2800)).

Fixed

-   Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress ([1252](https://github.com/urllib3/urllib3/issues/1252)).
-   Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used ([2645](https://github.com/urllib3/urllib3/issues/2645)).
-   Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` ([2118](https://github.com/urllib3/urllib3/issues/2118)).
-   Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` ([2213](https://github.com/urllib3/urllib3/issues/2213)).
-   Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature ([2272](https://github.com/urllib3/urllib3/issues/2272)).
-   Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` ([2277](https://github.com/urllib3/urllib3/issues/2277)).
-   Fixed a socket leak if `HTTPConnection.connect()` fails ([2571](https://github.com/urllib3/urllib3/pull/2571)).
-   Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods ([2970](https://github.com/urllib3/urllib3/issues/2970))

2.0.0a4

-   Removed the `setup.py` shim, `python setup.py install` will print `[Errno 2] No such file or directory` instead of a warning to use pip ([2975](https://github.com/urllib3/urllib3/issues/2975))
-   Added optional `backoff_jitter` parameter to `Retry` ([2952](https://github.com/urllib3/urllib3/issues/2952))
-   Fixed URL encoding by removing \'!\' from the \'unreserved\' character set specified in RFC 3986 ([2899](https://github.com/urllib3/urllib3/issues/2899))
-   Fixed a sign error in a check for whether a character is in the ASCII range ([2901](https://github.com/urllib3/urllib3/issues/2901))
-   Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods ([2970](https://github.com/urllib3/urllib3/issues/2970))

2.0.0a3

**Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.**

- Fixed logging error when using `add_stderr_logger` (2839)
- Fixed parsing of port 0 (zero) returning None, instead of 0 (2850)
- Fixed the type hint of `PoolKey.key_retries` by adding `bool` to the union (2865)

2.0.0a2

**Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.**

* Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (https://github.com/urllib3/urllib3/issues/2800).
* Changed `HTTPResponse.getheaders()` and `.getheader()` to previous behavior in 1.26.x. Instead we are deprecating these methods in favor of `HTTPResponse.headers.items()` and `HTTPResponse.headers.get()`. Both deprecated methods will be removed in v2.1.0 (https://github.com/urllib3/urllib3/issues/2814)
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. (https://github.com/urllib3/urllib3/pull/2806)
* Fixed deprecation warning when using cryptography v39.0.0. This fix requires using pyOpenSSL>=17.1.0 and cryptography>=1.9. (https://github.com/urllib3/urllib3/pull/2829)

2.0.0a1

**Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3!**

Added

* Added type hints to the ``urllib3`` module ([1897](https://github.com/urllib3/urllib3/issues/1897)).
* Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set
``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
* Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed.
Added the ``zstd`` extra which installs the ``zstandard`` package ([1992](https://github.com/urllib3/urllib3/issues/1992)).
* Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` ([2083](https://github.com/urllib3/urllib3/issues/2083)).
* Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance ([2150](https://github.com/urllib3/urllib3/issues/2150)).
* Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool ([2197](https://github.com/urllib3/urllib3/issues/2197)).
* Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace ([2216](https://github.com/urllib3/urllib3/issues/2216)).
* Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined.
Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method ([2243](https://github.com/urllib3/urllib3/issues/2243)).
* Added support for configuring header merging behavior with HTTPHeaderDict
When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate
header values will be repeated. But if ``combine=True`` is passed into a call to
``HTTPHeaderDict.add``, then the added header value will be merged in with an existing
value into a comma-separated list (``X-My-Header: foo, bar``) ([2242](https://github.com/urllib3/urllib3/issues/2242)).
* Added ``NameResolutionError`` exception when a DNS error occurs ([2305](https://github.com/urllib3/urllib3/issues/2305)).
* Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` ([2409](https://github.com/urllib3/urllib3/issues/2409)).
* Added a configurable ``backoff_max`` parameter to the ``Retry`` class.
If a custom ``backoff_max`` is provided to the ``Retry`` class, it
will replace the ``Retry.DEFAULT_BACKOFF_MAX`` ([2494](https://github.com/urllib3/urllib3/issues/2494)).
* Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI ([2520](https://github.com/urllib3/urllib3/issues/2520)).
* Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Removed

* Removed support for Python 2.7, 3.5, and 3.6 ([883](https://github.com/urllib3/urllib3/issues/883), [#2336](https://github.com/urllib3/urllib3/issues/2336)).
* Removed fallback on certificate ``commonName`` in ``match_hostname()`` function.
This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName``
is used to verify the hostname by default. To enable verifying the hostname against
``commonName`` use ``SSLContext.hostname_checks_common_name = True`` ([2113](https://github.com/urllib3/urllib3/issues/2113)).
* Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL,
wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
When an incompatible OpenSSL version is detected an ``ImportError`` is raised ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([2082](https://github.com/urllib3/urllib3/issues/2082)).
* Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment ([2044](https://github.com/urllib3/urllib3/issues/2044)).
* Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` ([2086](https://github.com/urllib3/urllib3/issues/2086)).
* Removed ``urllib3.HTTPResponse.from_httplib`` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
* Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used ([1897](https://github.com/urllib3/urllib3/issues/1897)).
* Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API.
This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()``
function instead of the ``urllib3.request`` module ([2269](https://github.com/urllib3/urllib3/issues/2269)).
* Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library ([2233](https://github.com/urllib3/urllib3/issues/2233)).
* Removed the deprecated ``urllib3.contrib.ntlmpool`` module ([2339](https://github.com/urllib3/urllib3/issues/2339)).
* Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed ``urllib3.exceptions.SNIMissingWarning`` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Changed

* Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method:
* Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
* Never returns more bytes than requested.
* Can issue any number of system calls: zero, one or multiple.
If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` ([2128](https://github.com/urllib3/urllib3/issues/2128)).
* Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version``
and ``SSLContext.maximum_version`` values.  Regardless of ``ssl_version`` passed
``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
* Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 ([2373](https://github.com/urllib3/urllib3/issues/2373)).
* Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([2482](https://github.com/urllib3/urllib3/pull/2482)).
* Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with
a default value. The new default will be cipher suites configured by the operating system ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded ([2257](https://github.com/urllib3/urllib3/issues/2257)).
* Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
* Changed return type of ``HTTPResponse.getheaders()`` method to return a list of key-value tuples to match CPython ([1543](https://github.com/urllib3/urllib3/issues/1543)).
* Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` ([2589](https://github.com/urllib3/urllib3/issues/2589)).
* Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` ([2515](https://github.com/urllib3/urllib3/issues/2515)).
* Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses ([2514](https://github.com/urllib3/urllib3/issues/2514)).
* Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance ([2080](https://github.com/urllib3/urllib3/issues/2080)).
* Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` ([2628](https://github.com/urllib3/urllib3/issues/2628)).
* Changed usage of the deprecated ``socket.error`` to ``OSError`` ([2120](https://github.com/urllib3/urllib3/issues/2120)).
* Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed ``urllib3.util.is_connection_dropped()`` to use ``HTTPConnection.is_connected`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading
data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``.
* Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible ([2452](https://github.com/urllib3/urllib3/pull/2452)).
* Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` ([2537](https://github.com/urllib3/urllib3/pull/2537)).
* Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts ([2348](https://github.com/urllib3/urllib3/pull/2348)).

Deprecated

* Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 ([2691](https://github.com/urllib3/urllib3/issues/2691)).
* Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 ([2692](https://github.com/urllib3/urllib3/issues/2692)).
* Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 ([2110](https://github.com/urllib3/urllib3/issues/2110)).
* Deprecated the ``strict`` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 ([2267](https://github.com/urllib3/urllib3/issues/2267))
* Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 ([2271](https://github.com/urllib3/urllib3/issues/2271)).
* Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` ([2257](https://github.com/urllib3/urllib3/issues/2257)).
* Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 ([2257](https://github.com/urllib3/urllib3/issues/2257)).
* Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Fixed

* Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress ([1252](https://github.com/urllib3/urllib3/issues/1252)).
* Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout.
Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used ([2645](https://github.com/urllib3/urllib3/issues/2645)).
* Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` ([2118](https://github.com/urllib3/urllib3/issues/2118)).
* Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` ([2213](https://github.com/urllib3/urllib3/issues/2213)).
* Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature ([2272](https://github.com/urllib3/urllib3/issues/2272)).
* Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` ([2277](https://github.com/urllib3/urllib3/issues/2277)).
* Fixed a socket leak if ``HTTPConnection.connect()`` fails ([2571](https://github.com/urllib3/urllib3/pull/2571)).

1.26.18

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

* Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (GHSA-v845-jxx5-vc9f)

1.26.16

* Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (2954)

1.26.15

* Fix socket timeout value when HTTPConnection is reused (https://github.com/urllib3/urllib3/issues/2645)
* Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (https://github.com/urllib3/urllib3/issues/2899)
* Fix IDNA handling of 'x80' byte (https://github.com/urllib3/urllib3/issues/2901)

1.26.14

* Fixed parsing of port 0 (zero) returning None, instead of 0 (2850)
* Removed deprecated `HTTPResponse.getheaders()` calls in `urllib3.contrib` module.

1.26.13

* Deprecated the `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` methods.
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
* Fixed a deprecation warning when using cryptography v39.0.0.
* Removed the `<4` in the `Requires-Python` packaging metadata field.

1.26.12

* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this [GitHub issue](https://github.com/urllib3/urllib3/issues/2680) for justification and info on how to migrate.

1.26.11

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

* Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.

1.26.10

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

:closed_lock_with_key: **This is the first release to be signed with Sigstore!** You can verify the distributables using the `.sig` and `.crt` files included on this release.

* Removed support for Python 3.5
* Fixed an issue where a `ProxyError` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.

1.26.9

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

:warning: **This release will be the last release supporting Python 3.5. Please upgrade to a non-EOL Python version.**

* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``. This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.

1.26.8

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

:warning: **This release will be the last release supporting Python 3.5. Please upgrade to a non-EOL Python version.**

* Added extra message to`urllib3.exceptions.ProxyError` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the `Retry.MAX_BACKOFF` class property in favor of `Retry.DEFAULT_MAX_BACKOFF` to better match the rest of the default parameter names. `Retry.MAX_BACKOFF` is removed in v2.0.
* Changed location of the vendored `ssl.match_hostname` function from `urllib3.packages.ssl_match_hostname` to `urllib3.util.ssl_match_hostname` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors.
* Fixed absolute imports, all imports are now relative.

1.26.7

:warning: **IMPORTANT: urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

* Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3)**
Links
  • PyPI: https://pypi.org/project/urllib3
  • Changelog: https://data.safetycli.com/changelogs/urllib3/

pyup-bot avatar Feb 18 '24 12:02 pyup-bot