Sourced from requests's\r\nreleases.
\r\n\r\n\r\nv2.32.0
\r\n2.32.0 (2024-05-20)
\r\n🐍 PYCON US 2024 EDITION 🐍
\r\nSecurity
\r\n\r\n
\r\n- Fixed an issue where setting
\r\nverify=False
on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value ofverify
.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\r\n\r\n
\r\n- \r\n
verify=True
now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\r\n(
\r\nchardet
orcharset_normalizer
) when\r\nrepackaged or vendored.\r\nThis enablespip
and other projects to minimize their\r\nvendoring\r\nsurface area. TheResponse.text()
and\r\napparent_encoding
APIs\r\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\r\n\r\n
\r\n- Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
\r\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\r\n- Fixed bug where an extra leading
\r\n/
(path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\r\n\r\n
\r\n- Requests has officially added support for CPython 3.12 (#6503)
\r\n- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
\r\n- Requests has officially dropped support for CPython 3.7 (#6642)
\r\n- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
\r\nDocumentation
\r\n\r\n
\r\n- Various typo fixes and doc improvements.
\r\nPackaging
\r\n\r\n
\r\n- Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly
\r\nrequests
) is\r\nnow located\r\ninsrc/requests
in the Requests sdist. (#6506)- Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing
\r\nhatchling
. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.New Contributors
\r\n\r\n
\r\n\r\n- \r\n
@matthewarmand
\r\nmade their first contribution in psf/requests#6258- \r\n
@cpzt
made their\r\nfirst contribution in psf/requests#6456
... (truncated)
\r\nSourced from requests's\r\nchangelog.
\r\n\r\n\r\n2.32.0 (2024-05-20)
\r\nSecurity
\r\n\r\n
\r\n- Fixed an issue where setting
\r\nverify=False
on the first\r\nrequest from a\r\nSession will cause subsequent requests to the same origin to\r\nalso ignore\r\ncert verification, regardless of the value ofverify
.\r\n(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)Improvements
\r\n\r\n
\r\n- \r\n
verify=True
now reuses a global SSLContext which should\r\nimprove\r\nrequest time variance between first and subsequent requests. It should\r\nalso minimize certificate load time on Windows systems when using a\r\nPython\r\nversion built with OpenSSL 3.x. (#6667)- Requests now supports optional use of character detection\r\n(
\r\nchardet
orcharset_normalizer
) when\r\nrepackaged or vendored.\r\nThis enablespip
and other projects to minimize their\r\nvendoring\r\nsurface area. TheResponse.text()
and\r\napparent_encoding
APIs\r\nwill default toutf-8
if neither library is present. (#6702)Bugfixes
\r\n\r\n
\r\n- Fixed bug in length detection where emoji length was incorrectly\r\ncalculated in the request content-length. (#6589)
\r\n- Fixed deserialization bug in JSONDecodeError. (#6629)
\r\n- Fixed bug where an extra leading
\r\n/
(path separator)\r\ncould lead\r\nurllib3 to unnecessarily reparse the request URI. (#6644)Deprecations
\r\n\r\n
\r\n- Requests has officially added support for CPython 3.12 (#6503)
\r\n- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
\r\n- Requests has officially dropped support for CPython 3.7 (#6642)
\r\n- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
\r\nDocumentation
\r\n\r\n
\r\n- Various typo fixes and doc improvements.
\r\nPackaging
\r\n\r\n
\r\n- Requests has started adopting some modern packaging practices.\r\nThe source files for the projects (formerly
\r\nrequests
) is\r\nnow located\r\ninsrc/requests
in the Requests sdist. (#6506)- Starting in Requests 2.33.0, Requests will migrate to a PEP 517\r\nbuild system\r\nusing
\r\nhatchling
. This should not impact the average user,\r\nbut extremely old\r\nversions of packaging utilities may have issues with the new packaging\r\nformat.
d6ebc4a
\r\nv2.32.09a40d12
\r\nAvoid reloading root certificates to improve concurrent performance (#6667)0c030f7
\r\nMerge pull request #6702\r\nfrom nateprewitt/no_char_detection555b870
\r\nAllow character detection dependencies to be optional in post-packaging\r\nstepsd6dded3
\r\nMerge pull request #6700\r\nfrom franekmagiera/update-redirect-to-invalid-uri-testbf24b7d
\r\nUse an invalid URI that will not cause httpbin to throw 5002d5f547
\r\nPin 3.8 and 3.9 runners back to macos-13 (#6688)f1bb07d
\r\nMerge pull request #6687\r\nfrom psf/dependabot/github_actions/github/codeql-act...60047ad
\r\nBump github/codeql-action from 3.24.0 to 3.25.031ebb81
\r\nMerge pull request #6682\r\nfrom frenzymadness/pytest8Sourced from jinja2's\r\nreleases.
\r\n\r\n\r\n3.1.4
\r\nThis is the Jinja 3.1.4 security release, which fixes security issues\r\nand bugs but does not otherwise change behavior and should not result in\r\nbreaking changes.
\r\nPyPI: https://pypi.org/project/Jinja2/3.1.4/\r\nChanges: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
\r\n\r\n
\r\n- The
\r\nxmlattr
filter does not allow keys with\r\n/
solidus,>
greater-than sign, or\r\n=
equals sign, in addition to disallowing spaces.\r\nRegardless of any validation done by Jinja, user input should never be\r\nused as keys to this filter, or must be separately validated first.\r\nGHSA-h75v-3vvj-5mfj
Sourced from jinja2's\r\nchangelog.
\r\n\r\n\r\nVersion 3.1.4
\r\nReleased 2024-05-05
\r\n\r\n
\r\n- The
\r\nxmlattr
filter does not allow keys with\r\n/
solidus,>
\r\ngreater-than sign, or=
equals sign, in addition to\r\ndisallowing spaces.\r\nRegardless of any validation done by Jinja, user input should never be\r\nused\r\nas keys to this filter, or must be separately validated first.\r\n:ghsa:h75v-3vvj-5mfj
dd4a8b5
\r\nrelease version 3.1.40668239
\r\nMerge pull request from GHSA-h75v-3vvj-5mfjd655030
\r\ndisallow invalid characters in keys to xmlattr filtera7863ba
\r\nadd ghsa linksb5c98e7
\r\nstart version 3.1.4da3a9f0
\r\nupdate project files (#1968)0ee5eb4
\r\nsatisfy formatter, linter, and strict mypy20477c6
\r\nupdate project files (#5457)e491223
\r\nupdate pyyaml dev dependency36f9885
\r\nfix pr linkSourced from sqlparse's\r\nchangelog.
\r\n\r\n\r\nRelease 0.5.0 (Apr 13, 2024)
\r\nNotable Changes
\r\n\r\n
\r\n- Drop support for Python 3.5, 3.6, and 3.7.
\r\n- Python 3.12 is now supported (pr725, by hugovk).
\r\n- IMPORTANT: Fixes a potential denial of service attack (DOS) due to\r\nrecursion\r\nerror for deeply nested statements. Instead of recursion error a generic\r\nSQLParseError is raised. See the security advisory for details:\r\nhttps://github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phgg\r\nThe vulnerability was discovered by
\r\n@uriyay-jfrog
.\r\nThanks for reporting!Enhancements:
\r\n\r\n
\r\n- Splitting statements now allows to remove the semicolon at the end.\r\nSome database backends love statements without semicolon\r\n(issue742).
\r\n- Support TypedLiterals in get_parameters (pr649, by Khrol).
\r\n- Improve splitting of Transact SQL when using GO keyword\r\n(issue762).
\r\n- Support for some JSON operators (issue682).
\r\n- Improve formatting of statements containing JSON operators\r\n(issue542).
\r\n- Support for BigQuery and Snowflake keywords (pr699, by\r\ngriffatrasgo).
\r\n- Support parsing of OVER clause (issue701, pr768 by r33s3n6).
\r\nBug Fixes
\r\n\r\n
\r\n- Ignore dunder attributes when creating Tokens (issue672).
\r\n- Allow operators to precede dollar-quoted strings (issue763).
\r\n- Fix parsing of nested order clauses (issue745, pr746 by\r\njohn-bodley).
\r\n- Thread-safe initialization of Lexer class (issue730).
\r\n- Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on\r\npr719\r\nby josuc1, thanks for bringing this up!).
\r\n- Fix parsing of PRIMARY KEY (issue740).
\r\nOther
\r\n\r\n
\r\n- Optimize performance of matching function (pr799, by\r\nadmachainz).
\r\n
ddbd0ec
\r\nBump version.29f2e0a
\r\nRaise recursion limit for tests.b4a39d9
\r\nRaise SQLParseError instead of RecursionError.f1bcf2f
\r\nUpdate AUHTORS and Changelog.e03b74e
\r\nFix Function.get_parameters(), add Funtion.get_window()617b8f6
\r\nAdd OVER clause, and group it into Function (fixes #701)d8f8147
\r\nUpdate AUHTORS and Changelog.012c9f1
\r\nOptimize sqlparse.utils.imt().46971e5
\r\nFix parsing of PRIMARY KEY (fixes #740).fc4b0be
\r\nCode cleanup.