Update dependency requests to v2.20.0 [SECURITY] #2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.12.4
->==2.20.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2018-18074
The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Release Notes
psf/requests (requests)
v2.20.0
Compare Source
Bugfixes
charset=utf8 v Charset=utf8).
uncaught urllib3 exceptions.
from https to http on the same hostname. (CVE-2018-18074)
should_bypass_proxies
now handles URIs without hostnames (e.g.files).
Dependencies
Deprecations
v2.19.1
Compare Source
Bugfixes
init
function failed tryingto append to a
__doc__
value ofNone
.v2.19.0
Compare Source
Improvements
< 1.3.4
adapter.
7.1.2)
Request.content
.Bugfixes
Link
headers withparse_header_links()
no longerreturn one bogus entry.
archive would raise an
IOError
.ImportError
on windows system which donot support
winreg
module.password in the request. This also fixes the issue of DNS queries
failing on macOS.
None
as a file pointer to thefiles
param no longerraises an exception.
copy
on aRequestsCookieJar
will now preserve the cookiepolicy correctly.
Dependencies
v2.18.4
Compare Source
Improvements
easier debugging
Dependencies
v2.18.3
Compare Source
Improvements
$ python -m requests.help
now includes the installedversion of idna.
Bugfixes
ConnectionError
instead ofSSLError
when encountering SSL problems when using urllib3 v1.22.v2.18.2
Compare Source
Bugfixes
requests.help
no longer fails on Python 2.6 due to the absence ofssl.OPENSSL_VERSION_NUMBER
.Dependencies
v2.18.1
Compare Source
Bugfixes
*.whl
containedincorrect data that regressed the fix in v2.17.3.
v2.18.0
Compare Source
Improvements
Response
is now a context manager, so can be used directly in awith
statement without first having to be wrapped bycontextlib.closing()
.Bugfixes
number of CPU cores
v2.17.3
Compare Source
Improvements
packages
namespace identity support, for monkeypatchinglibraries.
v2.17.2
Compare Source
Improvements
packages
namespace identity support, for monkeypatchinglibraries.
v2.17.1
Compare Source
Improvements
packages
namespace identity support, for monkeypatchinglibraries.
v2.17.0
Compare Source
Improvements
v2.16.5
Compare Source
$ python -m requests.help
.v2.16.4
Compare Source
$ python -m requests.help
command, fordebugging with maintainers!
v2.16.3
Compare Source
requests.packages
namespace for compatibilityreasons.
v2.16.2
Compare Source
requests.packages
namespace for compatibilityreasons.
No code modification (noted below) should be necessary any longer.
v2.16.1
Compare Source
requests.packages
namespace for compatibilityreasons.
urllib3
version parsing.Note: code that was written to import against the
requests.packages
namespace previously will have to import code thatrests at this module-level now.
For example:
Will need to be re-written to be:
Or, even better:
v2.16.0
Compare Source
v2.15.1
Compare Source
v2.15.0
Compare Source
Improvements
Response.next
property, for getting the nextPreparedResponse
from a redirect chain (whenallow_redirects=False
).__version__
module.Bugfixes
requests.utils.get_environ_proxies()
.v2.14.2
Compare Source
Bugfixes
markers to widen compatibility with older setuptools releases.
v2.14.1
Compare Source
Bugfixes
releases.
v2.14.0
Compare Source
Improvements
no_proxy
as a key to theproxies
dictionary to provide handling similar to the
NO_PROXY
environmentvariable.
directories Requests now raises
IOError
, rather than failing atthe time of the HTTPS request with a fairly inscrutable certificate
validation error.
SessionRedirectMixin
was slightly altered.resolve_redirects
will now detect a redirect by callingget_redirect_target(response)
instead of directly queryingResponse.is_redirect
andResponse.headers['location']
. Advancedusers will be able to process malformed redirects more easily.
higher resolution on Windows.
win_inet_pton
as conditional dependency for the[socks]
extra on Windows with Python 2.7.
check doesn't use forward and reverse DNS requests anymore
http
but are nothttp
orhttps
no longer have their host parts forced to lowercase.Bugfixes
Location
header values inredirects. Fewer
UnicodeDecodeErrors
are encountered on Python 2,and Python 3 now correctly understands that Latin-1 is unlikely to
be the correct encoding.
seek
file to find out its length fails, we nowappropriately handle that by aborting our content-length
calculations.
HTTPDigestAuth
to only respond to auth challenges madeon 4XX responses, rather than to all auth challenges.
DeprecationWarning
on Python 3.6./o\\
) no longer has a big head. I'msure this is what you were all worrying about most.
Miscellaneous
v2.13.0
Compare Source
Features
idna
library when we've determined we need it. Thiswill save some memory for users.
Miscellaneous
v2.12.5
Compare Source
Bugfixes
big-endian UTF-32 with BOM.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.