Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update urllib3 to 2.2.1 #2415

Closed
wants to merge 1 commit into from
Closed

Conversation

pyup-bot
Copy link
Collaborator

This PR updates urllib3 from 1.26.4 to 2.2.1.

Changelog

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

[urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

- Fixed issue where `InsecureRequestWarning` was emitted for HTTPS connections when using Emscripten. (3331)
- Fixed `HTTPConnectionPool.urlopen` to stop automatically casting non-proxy headers to `HTTPHeaderDict`. This change was premature as it did not apply to proxy headers and `HTTPHeaderDict` does not handle byte header values correctly yet. (3343)
- Changed `ProtocolError` to `InvalidChunkLength` when response terminates before the chunk length is sent. (2860)
- Changed `ProtocolError` to be more verbose on incomplete reads with excess content. (3261)

2.2.0

🖥️ urllib3 now works in the browser

:tada: **This release adds experimental support for [using urllib3 in the browser with Pyodide](https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html)!** :tada:

Thanks to Joe Marshall (joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from `http.client`. Please report all bugs to the [urllib3 issue tracker](https://github.com/urllib3/urllib3/issues).

🚀 urllib3 is fundraising for HTTP/2 support

[urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

- Added support for [Emscripten and Pyodide](https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html), including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951))
- Added support for `HTTPResponse.read1()` method. ([3186](https://github.com/urllib3/urllib3/issues/3186))
- Added rudimentary support for HTTP/2. ([3284](https://github.com/urllib3/urllib3/issues/3284))
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy. ([2244](https://github.com/urllib3/urllib3/issues/2244))
- Fixed `HTTPConnection.proxy_is_verified` and `HTTPSConnection.proxy_is_verified` to be always set to a boolean after connecting to a proxy. It could be `None` in some cases previously. ([3130](https://github.com/urllib3/urllib3/issues/3130))
- Fixed an issue where `headers` passed in a request with `json=` would be mutated ([3203](https://github.com/urllib3/urllib3/issues/3203))
- Fixed `HTTPSConnection.is_verified` to be set to `False` when connecting from a HTTPS proxy to an HTTP target. It was set to `True` previously. ([3267](https://github.com/urllib3/urllib3/issues/3267))
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([3268](https://github.com/urllib3/urllib3/issues/3268))
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([3325](https://github.com/urllib3/urllib3/issues/3325))

Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the `--integration` pytest flag. ([3181](https://github.com/urllib3/urllib3/issues/3181))

2.1.0

Read the [v2 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.

Removals

- Removed support for the deprecated urllib3[secure] extra. ([2680](https://github.com/urllib3/urllib3/issues/2680))
- Removed support for the deprecated SecureTransport TLS implementation. ([2681](https://github.com/urllib3/urllib3/issues/2681))
- Removed support for the end-of-life Python 3.7. ([3143](https://github.com/urllib3/urllib3/issues/3143))


Bugfixes

- Allowed loading CA certificates from memory for proxies. ([3065](https://github.com/urllib3/urllib3/issues/3065))
- Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding. ([3174](https://github.com/urllib3/urllib3/issues/3174))

2.0.7

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

* Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (GHSA-v845-jxx5-vc9f)

2.0.5

- Allowed pyOpenSSL third-party module without any deprecation warning. [3126](https://github.com/urllib3/urllib3/issues/3126)
- Fixed default ``blocksize`` of ``HTTPConnection`` classes to match high-level classes. Previously was 8KiB, now 16KiB. [3066](https://github.com/urllib3/urllib3/issues/3066>)

2.0.4

- Added support for union operators to ``HTTPHeaderDict`` (2254)
- Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (3078)
- Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client (2757)
- Relied on the standard library for checking hostnames in supported PyPy releases (3087)

2.0.3

- Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. [3020](https://github.com/urllib3/urllib3/issues/3020)
- Deprecated URLs which don't have an explicit scheme [2950](https://github.com/urllib3/urllib3/pull/2950)
- Fixed response decoding with Zstandard when compressed data is made of several frames. [3008](https://github.com/urllib3/urllib3/issues/3008)
- Fixed ``assert_hostname=False`` to correctly skip hostname check. [3051](https://github.com/urllib3/urllib3/issues/3051)

2.0.2

* Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (https://github.com/urllib3/urllib3/issues/3009)

2.0.1

- Fixed a socket leak when fingerprint or hostname verifications fail. (2991)
- Fixed an error when ``HTTPResponse.read(0)`` was the first ``read`` call or when the internal response body buffer was otherwise empty. (2998)

2.0.0

Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.

Removed

-   Removed support for Python 2.7, 3.5, and 3.6 ([883](https://github.com/urllib3/urllib3/issues/883), [#2336](https://github.com/urllib3/urllib3/issues/2336)).
-   Removed fallback on certificate `commonName` in `match_hostname()` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName` is used to verify the hostname by default. To enable verifying the hostname against `commonName` use `SSLContext.hostname_checks_common_name = True` ([2113](https://github.com/urllib3/urllib3/issues/2113)).
-   Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an `ImportError` is raised ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([2082](https://github.com/urllib3/urllib3/issues/2082)).
-   Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment ([2044](https://github.com/urllib3/urllib3/issues/2044)).
-   Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` ([2086](https://github.com/urllib3/urllib3/issues/2086)).
-   Removed `urllib3.HTTPResponse.from_httplib` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
-   Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used ([1897](https://github.com/urllib3/urllib3/issues/1897)).
-   Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API. This change was made to ensure that `from urllib3 import request` imported the top-level `request()` function instead of the `urllib3.request` module ([2269](https://github.com/urllib3/urllib3/issues/2269)).
-   Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library ([2233](https://github.com/urllib3/urllib3/issues/2233)).
-   Removed the deprecated `urllib3.contrib.ntlmpool` module ([2339](https://github.com/urllib3/urllib3/issues/2339)).
-   Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed `urllib3.exceptions.SNIMissingWarning` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Deprecated

-   Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. ([1543](https://github.com/urllib3/urllib3/issues/1543), [#2814](https://github.com/urllib3/urllib3/issues/2814)).
-   Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 ([2691](https://github.com/urllib3/urllib3/issues/2691)).
-   Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 ([2692](https://github.com/urllib3/urllib3/issues/2692)).
-   Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 ([2110](https://github.com/urllib3/urllib3/issues/2110)).
-   Deprecated the `strict` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 ([2267](https://github.com/urllib3/urllib3/issues/2267))
-   Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 ([2271](https://github.com/urllib3/urllib3/issues/2271)).
-   Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` ([2257](https://github.com/urllib3/urllib3/issues/2257)).
-   Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 ([2257](https://github.com/urllib3/urllib3/issues/2257)).
-   Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Added

-   Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance ([2150](https://github.com/urllib3/urllib3/issues/2150)).
-   Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined. Added support for parsing JSON response bodies with `HTTPResponse.json()` method ([2243](https://github.com/urllib3/urllib3/issues/2243)).
-   Added type hints to the `urllib3` module ([1897](https://github.com/urllib3/urllib3/issues/1897)).
-   Added `ssl_minimum_version` and `ssl_maximum_version` options which set `SSLContext.minimum_version` and `SSLContext.maximum_version` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
-   Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed. Added the `zstd` extra which installs the `zstandard` package ([1992](https://github.com/urllib3/urllib3/issues/1992)).
-   Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` ([2083](https://github.com/urllib3/urllib3/issues/2083)).
-   Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool ([2197](https://github.com/urllib3/urllib3/issues/2197)).
-   Added `HTTPHeaderDict` to the top-level `urllib3` namespace ([2216](https://github.com/urllib3/urllib3/issues/2216)).
-   Added support for configuring header merging behavior with HTTPHeaderDict When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate header values will be repeated. But if `combine=True` is passed into a call to `HTTPHeaderDict.add`, then the added header value will be merged in with an existing value into a comma-separated list (`X-My-Header: foo, bar`) ([2242](https://github.com/urllib3/urllib3/issues/2242)).
-   Added `NameResolutionError` exception when a DNS error occurs ([2305](https://github.com/urllib3/urllib3/issues/2305)).
-   Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` ([2409](https://github.com/urllib3/urllib3/issues/2409)).
-   Added a configurable `backoff_max` parameter to the `Retry` class. If a custom `backoff_max` is provided to the `Retry` class, it will replace the `Retry.DEFAULT_BACKOFF_MAX` ([2494](https://github.com/urllib3/urllib3/issues/2494)).
-   Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI ([2520](https://github.com/urllib3/urllib3/issues/2520)).
-   Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Added optional `backoff_jitter` parameter to `Retry`. ([2952](https://github.com/urllib3/urllib3/issues/2952))

Changed

- Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method:
 - Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
 - Never returns more bytes than requested. 
 - Can issue any number of system calls: zero, one or multiple.
If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` ([2128](https://github.com/urllib3/urllib3/issues/2128)).
-   Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
-   Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version` and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed `SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
-   Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 ([2373](https://github.com/urllib3/urllib3/issues/2373)).
-   Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([2482](https://github.com/urllib3/urllib3/pull/2482)).
-   Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system ([2168](https://github.com/urllib3/urllib3/issues/2168)).
-   Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded ([2257](https://github.com/urllib3/urllib3/issues/2257)).
-   Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` ([2589](https://github.com/urllib3/urllib3/issues/2589)).
-   Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` ([2515](https://github.com/urllib3/urllib3/issues/2515)).
-   Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses ([2514](https://github.com/urllib3/urllib3/issues/2514)).
-   Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance ([2080](https://github.com/urllib3/urllib3/issues/2080)).
-   Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` ([2628](https://github.com/urllib3/urllib3/issues/2628)).
-   Changed usage of the deprecated `socket.error` to `OSError` ([2120](https://github.com/urllib3/urllib3/issues/2120)).
-   Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) ([1985](https://github.com/urllib3/urllib3/issues/1985)).
-   Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`.
-   Changed TLS handshakes to use `SSLContext.check_hostname` when possible ([2452](https://github.com/urllib3/urllib3/pull/2452)).
-   Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` ([2537](https://github.com/urllib3/urllib3/pull/2537)).
-   Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts ([2348](https://github.com/urllib3/urllib3/pull/2348)).
-   Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss ([2800](https://github.com/urllib3/urllib3/issues/2800)).

Fixed

-   Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress ([1252](https://github.com/urllib3/urllib3/issues/1252)).
-   Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used ([2645](https://github.com/urllib3/urllib3/issues/2645)).
-   Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` ([2118](https://github.com/urllib3/urllib3/issues/2118)).
-   Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` ([2213](https://github.com/urllib3/urllib3/issues/2213)).
-   Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature ([2272](https://github.com/urllib3/urllib3/issues/2272)).
-   Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` ([2277](https://github.com/urllib3/urllib3/issues/2277)).
-   Fixed a socket leak if `HTTPConnection.connect()` fails ([2571](https://github.com/urllib3/urllib3/pull/2571)).
-   Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods ([2970](https://github.com/urllib3/urllib3/issues/2970))

2.0.0a4

-   Removed the `setup.py` shim, `python setup.py install` will print `[Errno 2] No such file or directory` instead of a warning to use pip ([2975](https://github.com/urllib3/urllib3/issues/2975))
-   Added optional `backoff_jitter` parameter to `Retry` ([2952](https://github.com/urllib3/urllib3/issues/2952))
-   Fixed URL encoding by removing \'!\' from the \'unreserved\' character set specified in RFC 3986 ([2899](https://github.com/urllib3/urllib3/issues/2899))
-   Fixed a sign error in a check for whether a character is in the ASCII range ([2901](https://github.com/urllib3/urllib3/issues/2901))
-   Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods ([2970](https://github.com/urllib3/urllib3/issues/2970))

2.0.0a3

**Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.**

- Fixed logging error when using `add_stderr_logger` (2839)
- Fixed parsing of port 0 (zero) returning None, instead of 0 (2850)
- Fixed the type hint of `PoolKey.key_retries` by adding `bool` to the union (2865)

2.0.0a2

**Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.**

* Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (https://github.com/urllib3/urllib3/issues/2800).
* Changed `HTTPResponse.getheaders()` and `.getheader()` to previous behavior in 1.26.x. Instead we are deprecating these methods in favor of `HTTPResponse.headers.items()` and `HTTPResponse.headers.get()`. Both deprecated methods will be removed in v2.1.0 (https://github.com/urllib3/urllib3/issues/2814)
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. (https://github.com/urllib3/urllib3/pull/2806)
* Fixed deprecation warning when using cryptography v39.0.0. This fix requires using pyOpenSSL>=17.1.0 and cryptography>=1.9. (https://github.com/urllib3/urllib3/pull/2829)

2.0.0a1

**Read the [v2.0 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3!**

Added

* Added type hints to the ``urllib3`` module ([1897](https://github.com/urllib3/urllib3/issues/1897)).
* Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set
``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
* Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed.
Added the ``zstd`` extra which installs the ``zstandard`` package ([1992](https://github.com/urllib3/urllib3/issues/1992)).
* Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` ([2083](https://github.com/urllib3/urllib3/issues/2083)).
* Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance ([2150](https://github.com/urllib3/urllib3/issues/2150)).
* Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool ([2197](https://github.com/urllib3/urllib3/issues/2197)).
* Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace ([2216](https://github.com/urllib3/urllib3/issues/2216)).
* Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined.
Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method ([2243](https://github.com/urllib3/urllib3/issues/2243)).
* Added support for configuring header merging behavior with HTTPHeaderDict
When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate
header values will be repeated. But if ``combine=True`` is passed into a call to
``HTTPHeaderDict.add``, then the added header value will be merged in with an existing
value into a comma-separated list (``X-My-Header: foo, bar``) ([2242](https://github.com/urllib3/urllib3/issues/2242)).
* Added ``NameResolutionError`` exception when a DNS error occurs ([2305](https://github.com/urllib3/urllib3/issues/2305)).
* Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` ([2409](https://github.com/urllib3/urllib3/issues/2409)).
* Added a configurable ``backoff_max`` parameter to the ``Retry`` class.
If a custom ``backoff_max`` is provided to the ``Retry`` class, it
will replace the ``Retry.DEFAULT_BACKOFF_MAX`` ([2494](https://github.com/urllib3/urllib3/issues/2494)).
* Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI ([2520](https://github.com/urllib3/urllib3/issues/2520)).
* Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Removed

* Removed support for Python 2.7, 3.5, and 3.6 ([883](https://github.com/urllib3/urllib3/issues/883), [#2336](https://github.com/urllib3/urllib3/issues/2336)).
* Removed fallback on certificate ``commonName`` in ``match_hostname()`` function.
This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName``
is used to verify the hostname by default. To enable verifying the hostname against
``commonName`` use ``SSLContext.hostname_checks_common_name = True`` ([2113](https://github.com/urllib3/urllib3/issues/2113)).
* Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL,
wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
When an incompatible OpenSSL version is detected an ``ImportError`` is raised ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([2082](https://github.com/urllib3/urllib3/issues/2082)).
* Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment ([2044](https://github.com/urllib3/urllib3/issues/2044)).
* Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` ([2086](https://github.com/urllib3/urllib3/issues/2086)).
* Removed ``urllib3.HTTPResponse.from_httplib`` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
* Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used ([1897](https://github.com/urllib3/urllib3/issues/1897)).
* Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API.
This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()``
function instead of the ``urllib3.request`` module ([2269](https://github.com/urllib3/urllib3/issues/2269)).
* Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library ([2233](https://github.com/urllib3/urllib3/issues/2233)).
* Removed the deprecated ``urllib3.contrib.ntlmpool`` module ([2339](https://github.com/urllib3/urllib3/issues/2339)).
* Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed ``urllib3.exceptions.SNIMissingWarning`` ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Changed

* Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method:
* Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
* Never returns more bytes than requested.
* Can issue any number of system calls: zero, one or multiple.
If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` ([2128](https://github.com/urllib3/urllib3/issues/2128)).
* Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version``
and ``SSLContext.maximum_version`` values.  Regardless of ``ssl_version`` passed
``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` ([2110](https://github.com/urllib3/urllib3/issues/2110)).
* Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 ([2373](https://github.com/urllib3/urllib3/issues/2373)).
* Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy ([2482](https://github.com/urllib3/urllib3/pull/2482)).
* Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with
a default value. The new default will be cipher suites configured by the operating system ([2168](https://github.com/urllib3/urllib3/issues/2168)).
* Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded ([2257](https://github.com/urllib3/urllib3/issues/2257)).
* Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` ([2648](https://github.com/urllib3/urllib3/issues/2648)).
* Changed return type of ``HTTPResponse.getheaders()`` method to return a list of key-value tuples to match CPython ([1543](https://github.com/urllib3/urllib3/issues/1543)).
* Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` ([2589](https://github.com/urllib3/urllib3/issues/2589)).
* Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` ([2515](https://github.com/urllib3/urllib3/issues/2515)).
* Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses ([2514](https://github.com/urllib3/urllib3/issues/2514)).
* Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance ([2080](https://github.com/urllib3/urllib3/issues/2080)).
* Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` ([2628](https://github.com/urllib3/urllib3/issues/2628)).
* Changed usage of the deprecated ``socket.error`` to ``OSError`` ([2120](https://github.com/urllib3/urllib3/issues/2120)).
* Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed ``urllib3.util.is_connection_dropped()`` to use ``HTTPConnection.is_connected`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading
data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``.
* Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible ([2452](https://github.com/urllib3/urllib3/pull/2452)).
* Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` ([2537](https://github.com/urllib3/urllib3/pull/2537)).
* Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts ([2348](https://github.com/urllib3/urllib3/pull/2348)).

Deprecated

* Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 ([2691](https://github.com/urllib3/urllib3/issues/2691)).
* Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 ([2692](https://github.com/urllib3/urllib3/issues/2692)).
* Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 ([2110](https://github.com/urllib3/urllib3/issues/2110)).
* Deprecated the ``strict`` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 ([2267](https://github.com/urllib3/urllib3/issues/2267))
* Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 ([2271](https://github.com/urllib3/urllib3/issues/2271)).
* Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` ([2257](https://github.com/urllib3/urllib3/issues/2257)).
* Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 ([2257](https://github.com/urllib3/urllib3/issues/2257)).
* Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor ([1985](https://github.com/urllib3/urllib3/issues/1985)).
* Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` ([1985](https://github.com/urllib3/urllib3/issues/1985)).

Fixed

* Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress ([1252](https://github.com/urllib3/urllib3/issues/1252)).
* Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout.
Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used ([2645](https://github.com/urllib3/urllib3/issues/2645)).
* Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` ([2118](https://github.com/urllib3/urllib3/issues/2118)).
* Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` ([2213](https://github.com/urllib3/urllib3/issues/2213)).
* Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature ([2272](https://github.com/urllib3/urllib3/issues/2272)).
* Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` ([2277](https://github.com/urllib3/urllib3/issues/2277)).
* Fixed a socket leak if ``HTTPConnection.connect()`` fails ([2571](https://github.com/urllib3/urllib3/pull/2571)).

1.26.18

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

* Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (GHSA-v845-jxx5-vc9f)

1.26.16

* Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (2954)

1.26.15

* Fix socket timeout value when HTTPConnection is reused (https://github.com/urllib3/urllib3/issues/2645)
* Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (https://github.com/urllib3/urllib3/issues/2899)
* Fix IDNA handling of 'x80' byte (https://github.com/urllib3/urllib3/issues/2901)

1.26.14

* Fixed parsing of port 0 (zero) returning None, instead of 0 (2850)
* Removed deprecated `HTTPResponse.getheaders()` calls in `urllib3.contrib` module.

1.26.13

* Deprecated the `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` methods.
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
* Fixed a deprecation warning when using cryptography v39.0.0.
* Removed the `<4` in the `Requires-Python` packaging metadata field.

1.26.12

* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this [GitHub issue](https://github.com/urllib3/urllib3/issues/2680) for justification and info on how to migrate.

1.26.11

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

* Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.

1.26.10

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

:closed_lock_with_key: **This is the first release to be signed with Sigstore!** You can verify the distributables using the `.sig` and `.crt` files included on this release.

* Removed support for Python 3.5
* Fixed an issue where a `ProxyError` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.

1.26.9

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

:warning: **This release will be the last release supporting Python 3.5. Please upgrade to a non-EOL Python version.**

* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``. This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.

1.26.8

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3).**

:warning: **urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

:warning: **This release will be the last release supporting Python 3.5. Please upgrade to a non-EOL Python version.**

* Added extra message to`urllib3.exceptions.ProxyError` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the `Retry.MAX_BACKOFF` class property in favor of `Retry.DEFAULT_MAX_BACKOFF` to better match the rest of the default parameter names. `Retry.MAX_BACKOFF` is removed in v2.0.
* Changed location of the vendored `ssl.match_hostname` function from `urllib3.packages.ssl_match_hostname` to `urllib3.util.ssl_match_hostname` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors.
* Fixed absolute imports, all imports are now relative.

1.26.7

:warning: **IMPORTANT: urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

* Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3)**

1.26.6

:warning: **IMPORTANT: urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

* Deprecated the `urllib3.contrib.ntlmpool` module. urllib3 is not able to support it properly due to [reasons listed in this issue](https://github.com/urllib3/urllib3/issues/2282). If you are a user of this module please leave a comment.
* Changed `HTTPConnection.request_chunked()` to not erroneously emit multiple `Transfer-Encoding` headers in the case that one is already specified.
* Fixed typo in deprecation message to recommend `Retry.DEFAULT_ALLOWED_METHODS`.

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3)**

1.26.5

:warning: **IMPORTANT: urllib3 v2.0 will drop support for Python 2**: [Read more in the v2.0 Roadmap](https://urllib3.readthedocs.io/en/latest/v2-roadmap.html)

* Fixed deprecation warnings emitted in Python 3.10.
* Updated vendored ``six`` library to 1.16.0.
* Improved performance of URL parser when splitting the authority component.

**If you or your organization rely on urllib3 consider supporting us via [GitHub Sponsors](https://github.com/sponsors/urllib3)**
Links

@pyup-bot
Copy link
Collaborator Author

Closing this in favor of #2625

@pyup-bot pyup-bot closed this Sep 12, 2024
@stephenfin stephenfin deleted the pyup-update-urllib3-1.26.4-to-2.2.1 branch September 12, 2024 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant