This repository has been archived by the owner on Nov 9, 2023. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.25.11
->==2.0.7
By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
urllib3/urllib3
v2.0.7
Compare Source
==================
v2.0.6
Compare Source
==================
Cookie
header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect
.v2.0.5
Compare Source
==================
#​3126 <https://github.com/urllib3/urllib3/issues/3126>
__)blocksize
ofHTTPConnection
classes to match high-level classes. Previously was 8KiB, now 16KiB. (#​3066 <https://github.com/urllib3/urllib3/issues/3066>
__)v2.0.4
Compare Source
==================
HTTPHeaderDict
(#​2254 <https://github.com/urllib3/urllib3/issues/2254>
__)BaseHTTPResponse
tourllib3.__all__
(#​3078 <https://github.com/urllib3/urllib3/issues/3078>
__)urllib3.connection.HTTPConnection
to raise thehttp.client.connect
audit event to have the same behavior as the standard library HTTP client (#​2757 <https://github.com/urllib3/urllib3/issues/2757>
__)#​3087 <https://github.com/urllib3/urllib3/issues/3087>
__)v2.0.3
Compare Source
==================
#​3020 <https://github.com/urllib3/urllib3/issues/3020>
__)#​2950 <https://github.com/urllib3/urllib3/pull/2950>
_)#​3008 <https://github.com/urllib3/urllib3/issues/3008>
__)assert_hostname=False
to correctly skip hostname check. (#​3051 <https://github.com/urllib3/urllib3/issues/3051>
__)v2.0.2
Compare Source
==================
HTTPResponse.stream()
to continue yielding bytes if buffered decompressed datawas still available to be read even if the underlying socket is closed. This prevents
a compressed response from being truncated. (
#​3009 <https://github.com/urllib3/urllib3/issues/3009>
__)v2.0.1
Compare Source
==================
#​2991 <https://github.com/urllib3/urllib3/issues/2991>
__)HTTPResponse.read(0)
was the firstread
call or when the internal response body buffer was otherwise empty. (#​2998 <https://github.com/urllib3/urllib3/issues/2998>
__)v2.0.0
Compare Source
==================
Read the
v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>
__ for help upgrading to the latest version of urllib3.Removed
#​883 <https://github.com/urllib3/urllib3/issues/883>
,#​2336 <https://github.com/urllib3/urllib3/issues/2336>
).commonName
inmatch_hostname()
function.This behavior was deprecated in May 2000 in RFC 2818. Instead only
subjectAltName
is used to verify the hostname by default. To enable verifying the hostname against
commonName
useSSLContext.hostname_checks_common_name = True
(#​2113 <https://github.com/urllib3/urllib3/issues/2113>
__).ssl
module compiled with LibreSSL, CiscoSSL,wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (
#​2168 <https://github.com/urllib3/urllib3/issues/2168>
__).When an incompatible OpenSSL version is detected an
ImportError
is raised (#​2168 <https://github.com/urllib3/urllib3/issues/2168>
__).#​2082 <https://github.com/urllib3/urllib3/issues/2082>
__).urllib3.contrib.appengine.AppEngineManager
and support for Google App Engine Standard Environment (#​2044 <https://github.com/urllib3/urllib3/issues/2044>
__).Retry
optionsmethod_whitelist
,DEFAULT_REDIRECT_HEADERS_BLACKLIST
(#​2086 <https://github.com/urllib3/urllib3/issues/2086>
__).urllib3.HTTPResponse.from_httplib
(#​2648 <https://github.com/urllib3/urllib3/issues/2648>
__).None
for therequest_context
parameter ofurllib3.PoolManager.connection_from_pool_key
. This change should have no effect on users as the default value ofNone
was an invalid option and was never used (#​1897 <https://github.com/urllib3/urllib3/issues/1897>
__).urllib3.request
module.urllib3.request.RequestMethods
has been made a private API.This change was made to ensure that
from urllib3 import request
imported the top-levelrequest()
function instead of the
urllib3.request
module (#​2269 <https://github.com/urllib3/urllib3/issues/2269>
__).urllib3.contrib.pyopenssl
even when support is available from the compiled OpenSSL library (#​2233 <https://github.com/urllib3/urllib3/issues/2233>
__).urllib3.contrib.ntlmpool
module (#​2339 <https://github.com/urllib3/urllib3/issues/2339>
__).DEFAULT_CIPHERS
,HAS_SNI
,USE_DEFAULT_SSLCONTEXT_CIPHERS
, from the private moduleurllib3.util.ssl_
(#​2168 <https://github.com/urllib3/urllib3/issues/2168>
__).urllib3.exceptions.SNIMissingWarning
(#​2168 <https://github.com/urllib3/urllib3/issues/2168>
__)._prepare_conn
method fromHTTPConnectionPool
. Previously this was only used to callHTTPSConnection.set_cert()
byHTTPSConnectionPool
(#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).tls_in_tls_required
property fromHTTPSConnection
. This is now determined from thescheme
parameter inHTTPConnection.set_tunnel()
(#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).strict
parameter/attribute fromHTTPConnection
,HTTPSConnection
,HTTPConnectionPool
,HTTPSConnectionPool
, andHTTPResponse
(#​2064 <https://github.com/urllib3/urllib3/issues/2064>
__).Deprecated
HTTPResponse.getheaders()
andHTTPResponse.getheader()
which will be removed in urllib3 v2.1.0. Instead useHTTPResponse.headers
andHTTPResponse.headers.get(name, default)
. (#​1543 <https://github.com/urllib3/urllib3/issues/1543>
,#​2814 <https://github.com/urllib3/urllib3/issues/2814>
).urllib3.contrib.pyopenssl
module which will be removed in urllib3 v2.1.0 (#​2691 <https://github.com/urllib3/urllib3/issues/2691>
__).urllib3.contrib.securetransport
module which will be removed in urllib3 v2.1.0 (#​2692 <https://github.com/urllib3/urllib3/issues/2692>
__).ssl_version
option in favor ofssl_minimum_version
.ssl_version
will be removed in urllib3 v2.1.0 (#​2110 <https://github.com/urllib3/urllib3/issues/2110>
__).strict
parameter ofPoolManager.connection_from_context()
as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#​2267 <https://github.com/urllib3/urllib3/issues/2267>
__)NewConnectionError.pool
attribute which will be removed in urllib3 v2.1.0 (#​2271 <https://github.com/urllib3/urllib3/issues/2271>
__).format_header_param_html5
andformat_header_param
in favor offormat_multipart_header_param
(#​2257 <https://github.com/urllib3/urllib3/issues/2257>
__).RequestField.header_formatter
parameter which will be removed in urllib3 v2.1.0 (#​2257 <https://github.com/urllib3/urllib3/issues/2257>
__).HTTPSConnection.set_cert()
method. Instead pass parameters to theHTTPSConnection
constructor (#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).HTTPConnection.request_chunked()
method which will be removed in urllib3 v2.1.0. Instead passchunked=True
toHTTPConnection.request()
(#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).Added
urllib3.request
function which uses a preconfigured module-globalPoolManager
instance (#​2150 <https://github.com/urllib3/urllib3/issues/2150>
__).json
parameter tourllib3.request()
,PoolManager.request()
, andConnectionPool.request()
methods to send JSON bodies in requests. Using this parameter will set the headerContent-Type: application/json
ifContent-Type
isn't already defined.Added support for parsing JSON response bodies with
HTTPResponse.json()
method (#​2243 <https://github.com/urllib3/urllib3/issues/2243>
__).urllib3
module (#​1897 <https://github.com/urllib3/urllib3/issues/1897>
__).ssl_minimum_version
andssl_maximum_version
options which setSSLContext.minimum_version
andSSLContext.maximum_version
(#​2110 <https://github.com/urllib3/urllib3/issues/2110>
__).zstandard
1.18.0 or later is installed.Added the
zstd
extra which installs thezstandard
package (#​1992 <https://github.com/urllib3/urllib3/issues/1992>
__).urllib3.response.BaseHTTPResponse
class. All future response classes will be subclasses ofBaseHTTPResponse
(#​2083 <https://github.com/urllib3/urllib3/issues/2083>
__).FullPoolError
which is raised whenPoolManager(block=True)
and a connection is returned to a full pool (#​2197 <https://github.com/urllib3/urllib3/issues/2197>
__).HTTPHeaderDict
to the top-levelurllib3
namespace (#​2216 <https://github.com/urllib3/urllib3/issues/2216>
__).When using a
HTTPHeaderDict
to provide headers for a request, by default duplicateheader values will be repeated. But if
combine=True
is passed into a call toHTTPHeaderDict.add
, then the added header value will be merged in with an existingvalue into a comma-separated list (
X-My-Header: foo, bar
) (#​2242 <https://github.com/urllib3/urllib3/issues/2242>
__).NameResolutionError
exception when a DNS error occurs (#​2305 <https://github.com/urllib3/urllib3/issues/2305>
__).proxy_assert_hostname
andproxy_assert_fingerprint
kwargs toProxyManager
(#​2409 <https://github.com/urllib3/urllib3/issues/2409>
__).backoff_max
parameter to theRetry
class.If a custom
backoff_max
is provided to theRetry
class, itwill replace the
Retry.DEFAULT_BACKOFF_MAX
(#​2494 <https://github.com/urllib3/urllib3/issues/2494>
__).authority
property to the Url class as per RFC 3986 3.2. This property should be used in place ofnetloc
for users who want to include the userinfo (auth) component of the URI (#​2520 <https://github.com/urllib3/urllib3/issues/2520>
__).scheme
parameter toHTTPConnection.set_tunnel
to configure the scheme of the origin being tunnelled to (#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).is_closed
,is_connected
andhas_connected_to_proxy
properties toHTTPConnection
(#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).backoff_jitter
parameter toRetry
. (#​2952 <https://github.com/urllib3/urllib3/issues/2952>
__)Changed
Changed
urllib3.response.HTTPResponse.read
to respect the semantics ofio.BufferedIOBase
regardless of compression. Specifically, this method:If you want each
urllib3.response.HTTPResponse.read
call to issue a single system call, you need to disable decompression by settingdecode_content=False
(#​2128 <https://github.com/urllib3/urllib3/issues/2128>
__).Changed
urllib3.HTTPConnection.getresponse
to return an instance ofurllib3.HTTPResponse
instead ofhttp.client.HTTPResponse
(#​2648 <https://github.com/urllib3/urllib3/issues/2648>
__).Changed
ssl_version
to instead set the correspondingSSLContext.minimum_version
and
SSLContext.maximum_version
values. Regardless ofssl_version
passedSSLContext
objects are now constructed usingssl.PROTOCOL_TLS_CLIENT
(#​2110 <https://github.com/urllib3/urllib3/issues/2110>
__).Changed default
SSLContext.minimum_version
to beTLSVersion.TLSv1_2
in line with Python 3.10 (#​2373 <https://github.com/urllib3/urllib3/issues/2373>
__).Changed
ProxyError
to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (#​2482 <https://github.com/urllib3/urllib3/pull/2482>
__).Changed
urllib3.util.create_urllib3_context
to not override the system cipher suites witha default value. The new default will be cipher suites configured by the operating system (
#​2168 <https://github.com/urllib3/urllib3/issues/2168>
__).Changed
multipart/form-data
header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (#​2257 <https://github.com/urllib3/urllib3/issues/2257>
__).Changed the error raised when connecting via HTTPS when the
ssl
module isn't available fromSSLError
toImportError
(#​2589 <https://github.com/urllib3/urllib3/issues/2589>
__).Changed
HTTPConnection.request()
to always use lowercase chunk boundaries when sending requests withTransfer-Encoding: chunked
(#​2515 <https://github.com/urllib3/urllib3/issues/2515>
__).Changed
enforce_content_length
default to True, preventing silent data loss when reading streamed responses (#​2514 <https://github.com/urllib3/urllib3/issues/2514>
__).Changed internal implementation of
HTTPHeaderDict
to usedict
instead ofcollections.OrderedDict
for better performance (#​2080 <https://github.com/urllib3/urllib3/issues/2080>
__).Changed the
urllib3.contrib.pyopenssl
module to wrapOpenSSL.SSL.Error
withssl.SSLError
inPyOpenSSLContext.load_cert_chain
(#​2628 <https://github.com/urllib3/urllib3/issues/2628>
__).Changed usage of the deprecated
socket.error
toOSError
(#​2120 <https://github.com/urllib3/urllib3/issues/2120>
__).Changed all parameters in the
HTTPConnection
andHTTPSConnection
constructors to be keyword-only excepthost
andport
(#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).Changed
HTTPConnection.getresponse()
to set the socket timeout fromHTTPConnection.timeout
value before readingdata from the socket. This previously was done manually by the
HTTPConnectionPool
callingHTTPConnection.sock.settimeout(...)
(#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).Changed the
_proxy_host
property to_tunnel_host
inHTTPConnectionPool
to more closely match how the property is used (value inHTTPConnection.set_tunnel()
) (#​1985 <https://github.com/urllib3/urllib3/issues/1985>
__).Changed name of
Retry.BACK0FF_MAX
to beRetry.DEFAULT_BACKOFF_MAX
.Changed TLS handshakes to use
SSLContext.check_hostname
when possible (#​2452 <https://github.com/urllib3/urllib3/pull/2452>
__).Changed
server_hostname
to behave like other parameters only used byHTTPSConnectionPool
(#​2537 <https://github.com/urllib3/urllib3/pull/2537>
__).Changed the default
blocksize
to 16KB to match OpenSSL's default read amounts (#​2348 <https://github.com/urllib3/urllib3/pull/2348>
__).Changed
HTTPResponse.read()
to raise an error when calling withdecode_content=False
after usingdecode_content=True
to prevent data loss (#​2800 <https://github.com/urllib3/urllib3/issues/2800>
__).Fixed
PoolManager
with many distinct origins would cause connection pools to be closed while requests are in progress (#​1252 <https://github.com/urllib3/urllib3/issues/1252>
__).HTTPConnection
instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout.Instead now if
HTTPConnection.timeout
is updated before sending the next request the new timeout value will be used (#​2645 <https://github.com/urllib3/urllib3/issues/2645>
__).socket.error.errno
when raised from pyOpenSSL'sOpenSSL.SSL.SysCallError
(#​2118 <https://github.com/urllib3/urllib3/issues/2118>
__).HTTPSConnection.socket_options
to matchHTTPConnection
(#​2213 <https://github.com/urllib3/urllib3/issues/2213>
__).headers
would be modified by theremove_headers_on_redirect
feature (#​2272 <https://github.com/urllib3/urllib3/issues/2272>
__).urllib3.util.connection.create_connection()
(#​2277 <https://github.com/urllib3/urllib3/issues/2277>
__).HTTPConnection.connect()
fails (#​2571 <https://github.com/urllib3/urllib3/pull/2571>
__).urllib3.contrib.pyopenssl.WrappedSocket
andurllib3.contrib.securetransport.WrappedSocket
close methods (#​2970 <https://github.com/urllib3/urllib3/issues/2970>
__)v1.26.18
Compare Source
====================
v1.26.17
Compare Source
====================
Cookie
header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set viaRetry.remove_headers_on_redirect
. (#​3139 <https://github.com/urllib3/urllib3/pull/3139>
_)v1.26.16
Compare Source
====================
PoolManager
with many distinct originswould cause connection pools to be closed while requests are in progress (
#​2954 <https://github.com/urllib3/urllib3/pull/2954>
_)v1.26.15
Compare Source
====================
HTTPConnection
is reused (#​2645 <https://github.com/urllib3/urllib3/issues/2645>
__)(
#​2899 <https://github.com/urllib3/urllib3/issues/2899>
__)#​2901 <https://github.com/urllib3/urllib3/issues/2901>
__)v1.26.14
Compare Source
====================
#​2850 <https://github.com/urllib3/urllib3/issues/2850>
__)PoolKey.key_retries
by addingbool
to the union. (#​2865 <https://github.com/urllib3/urllib3/issues/2865>
__)v1.26.13
Compare Source
====================
HTTPResponse.getheaders()
andHTTPResponse.getheader()
methods.even when the port number after removing the zeroes was valid.
<4
in theRequires-Python
packaging metadata field.v1.26.12
Compare Source
====================
urllib3[secure]
extra and theurllib3.contrib.pyopenssl
module.Both will be removed in v2.x. See this
GitHub issue <https://github.com/urllib3/urllib3/issues/2680>
_for justification and info on how to migrate.
v1.26.11
Compare Source
====================
HTTPResponse.read
wouldraise an
OverflowError
on Python 3.9 and earlier.v1.26.10
Compare Source
====================
ProxyError
recommending configuring the proxy as HTTPinstead of HTTPS could appear even when an HTTPS proxy wasn't configured.
v1.26.9
Compare Source
===================
urllib3[brotli]
extra to favor installing Brotli libraries that are stillreceiving updates like
brotli
andbrotlicffi
instead ofbrotlipy
.This change does not impact behavior of urllib3, only which dependencies are installed.
HTTPSConnection.connect()
raises an exception.server_hostname
being forwarded fromPoolManager
toHTTPConnectionPool
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
v1.26.8
Compare Source
===================
urllib3.exceptions.ProxyError
when urllib3 detects thata proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
Retry.MAX_BACKOFF
class property in favor ofRetry.DEFAULT_MAX_BACKOFF
to better match the rest of the default parameter names.
Retry.MAX_BACKOFF
is removed in v2.0.ssl.match_hostname
function fromurllib3.packages.ssl_match_hostname
to
urllib3.util.ssl_match_hostname
to ensure Python 3.10+ compatibility after being repackagedby downstream distributors.
v1.26.7
Compare Source
===================
of SNI. (Issue #2400)
matching. (Issue #2240)
v1.26.6
Compare Source
===================
urllib3.contrib.ntlmpool
module. urllib3 is not able to supportit properly due to
reasons listed in this issue <https://github.com/urllib3/urllib3/issues/2282>
_.If you are a user of this module please leave a comment.
HTTPConnection.request_chunked()
to not erroneously emit multipleTransfer-Encoding
headers in the case that one is already specified.Retry.DEFAULT_ALLOWED_METHODS
.v1.26.5
Compare Source
===================
six
library to 1.16.0.the authority component.
v1.26.4
Compare Source
===================
SSLContext
when connecting to HTTPS proxyduring HTTPS requests. The default
SSLContext
now setscheck_hostname=True
.v1.26.3
Compare Source
===================
Fixed bytes and string comparison issue with headers (Pull #2141)
Changed
ProxySchemeUnknown
error message to bemore actionable if the user supplies a proxy URL without
a scheme. (Pull #2107)
v1.26.2
Compare Source
===================
wrap_socket
andCERT_REQUIRED
wouldn'tbe imported properly on Python 2.7.8 and earlier (Pull #2052)
v1.26.1
Compare Source
====================
v1.26.0
Compare Source
===================
NOTE: urllib3 v2.0 will drop support for Python 2.
Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>
_.Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting
ssl_version=ssl.PROTOCOL_TLSv1_1
(Pull #2002)Starting in urllib3 v2.0: Connections that receive a
DeprecationWarning
will failDeprecated
Retry
optionsRetry.DEFAULT_METHOD_WHITELIST
,Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST
and
Retry(method_whitelist=...)
in favor ofRetry.DEFAULT_ALLOWED_METHODS
,Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT
, andRetry(allowed_methods=...)
(Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed
Added default
User-Agent
header to every request (Pull #1750)Added
urllib3.util.SKIP_HEADER
for skippingUser-Agent
,Accept-Encoding
,and
Host
headers from being automatically emitted with requests (Pull #2018)Collapse
transfer-encoding: chunked
request data and framing intothe same
socket.send()
call (Pull #1906)Send
http/1.1
ALPN identifier with every TLS handshake by default (Pull #1894)Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
Don't emit an
SNIMissingWarning
when passingserver_hostname=None
to SecureTransport (Pull #1903)
Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
Suppress
BrokenPipeError
when writing request body after the serverhas closed the socket (Pull #1524)
Wrap
ssl.SSLError
that can be raised from reading a socket (e.g. "bad MAC")into an
urllib3.exceptions.SSLError
(Pull #1939)