This repository has been archived by the owner on Dec 20, 2023. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2
->v4
v2
->v5
v2
->v5
v1
->v3
v1
->v3
~=2.25.1
->~=2.31.0
~=4.7.2
->~=4.9.0
~=1.4.3
->~=3.1.9
Release Notes
actions/checkout (actions/checkout)
v4
Compare Source
v3
Compare Source
actions/setup-python (actions/setup-python)
v5
Compare Source
v4
Compare Source
v3
Compare Source
docker/build-push-action (docker/build-push-action)
v5
Compare Source
v4
Compare Source
v3
Compare Source
docker/login-action (docker/login-action)
v3
Compare Source
v2
Compare Source
docker/setup-buildx-action (docker/setup-buildx-action)
v3
Compare Source
v2
Compare Source
psf/requests (requests)
v2.31.0
Compare Source
Security
Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of
Proxy-Authorization
headers to destination servers whenfollowing HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a
Proxy-Authorization
header that is attached to the request toauthenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the
Proxy-Authorization
header incorrectly, resulting in the value beingsent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are strongly encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our Github Security Advisory
and CVE-2023-32681.
v2.30.0
Compare Source
Dependencies
This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to
urllib3<2
.v2.29.0
Compare Source
Improvements
standardization. (#6226)
v2.28.2
Compare Source
Dependencies
Bugfixes
v2.28.1
Compare Source
Improvements
iter_content
with transition toyield from
. (#6170)Dependencies
v2.28.0
Compare Source
Deprecations
Improvements
an encoding to make
json()
API consistent. (#6097)all invalid cases. (#6154)
Bugfixes
CURL_CA_BUNDLE
to an empty string would disablecert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
urllib3.exceptions.SSLError
withrequests.exceptions.SSLError
forcontent
anditer_content
. (#6057)to raise an exception rather than ignoring the entry. (#6149)
JSONDecodeError. (#6036)
v2.27.1
Compare Source
Bugfixes
auth
component beingdropped from proxy URLs. (#6028)
v2.27.0
Compare Source
Improvements
Officially added support for Python 3.10. (#5928)
Added a
requests.exceptions.JSONDecodeError
to unify JSON exceptions betweenPython 2 and 3. This gets raised in the
response.json()
method, and isbackwards compatible as it inherits from previously thrown exceptions.
Can be caught from
requests.exceptions.RequestException
as well. (#5856)Improved error text for misnamed
InvalidSchema
andMissingSchema
exceptions. This is a temporary fix until exceptions can be renamed
(Schema->Scheme). (#6017)
Improved proxy parsing for proxy URLs missing a scheme. This will address
recent changes to
urlparse
in Python 3.9+. (#5917)Bugfixes
Fixed defect in
extract_zipped_paths
which could result in an infinite loopfor some paths. (#5851)
Fixed handling for
AttributeError
when calculating length of files obtainedby
Tarfile.extractfile()
. (#5239)Fixed urllib3 exception leak, wrapping
urllib3.exceptions.InvalidHeader
withrequests.exceptions.InvalidHeader
. (#5914)Fixed bug where two Host headers were sent for chunked requests. (#5391)
Fixed regression in Requests 2.26.0 where
Proxy-Authorization
wasincorrectly stripped from all requests sent with
Session.send
. (#5924)Fixed performance regression in 2.26.0 for hosts with a large number of
proxies available in the environment. (#5924)
Fixed idna exception leak, wrapping
UnicodeError
withrequests.exceptions.InvalidURL
for URLs with a leading dot (.) in thedomain. (#5414)
Deprecations
don't have exact dates, Requests 2.27.x is likely to be the last release
series providing support.
v2.26.0
Compare Source
Improvements
Requests now supports Brotli compression, if either the
brotli
orbrotlicffi
package is installed. (#5783)Session.send
now correctly resolves proxy configurations from boththe Session and Request. Behavior now matches
Session.request
. (#5681)Bugfixes
from zip archive. (#5707)
Dependencies
Instead of
chardet
, use the MIT-licensedcharset_normalizer
for Python3to remove license ambiguity for projects bundling requests. If
chardet
is already installed on your machine it will be used instead of
charset_normalizer
to keep backwards compatibility. (#5797)
You can also install
chardet
while installing requests byspecifying
[use_chardet_on_py3]
extra as follows:pip install "requests[use_chardet_on_py3]"
Python2 still depends upon the
chardet
module.Requests now supports
idna
3.x on Python 3.idna
2.x will continue tobe used on Python 2 installations. (#5711)
Deprecations
The
requests[security]
extra has been converted to a no-op install.PyOpenSSL is no longer the recommended secure option for Requests. (#5867)
Requests has officially dropped support for Python 3.5. (#5867)
sybrenstuvel/python-rsa (rsa)
v4.9
rsa/key.py
(#194).
PrivateKey
andPublicKey
.(#189).
(#191).
(#188).
v4.8
raise new_exception from old_exception
(#157)
to use type annotations from Python-RSA
(#136).
makes decryption 2-4x faster
(#163).
jmcnamara/XlsxWriter (xlsxwriter)
v3.1.9
Add fix for errant XML tag in chart leader lines for non-Pie charts.
:issue:
1019
and :feature:1012
.v3.1.8
Add support for formatting the data label in chart trendlines.
:feature:
750
.v3.1.7
Add the :func:
very_hidden()
method to hide a worksheet. This is similar tothe :func:
hide()
method except that the worksheet cannot be unhidden in thethe Excel user interface. The Excel worksheet "xlSheetVeryHidden" option can
only be unset programmatically via VBA.
:feature:
947
.Added fixes for column formulas in tables that were overridden by table data
and which also didn't take future functions into account.
:issue:
1015
.v3.1.6
Added support for chart leader lines for chart types other than Pie and Doughnut.
:feature:
1012
.v3.1.5
Added support for adding signed VBA macros to workbooks via the via the
:func:
add_signed_vba_project
method. SeeWorking with VBA Macros
_.:feature:
1008
... _Working with VBA Macros: https://xlsxwriter.readthedocs.io/working_with_macros.html
v3.1.4
Added support for enabling the Excel "Show #N/A as an empty cell" chart option
via the :func:
show_na_as_empty_cell
method.:feature:
1008
.v3.1.3
Added support for custom total formulas to worksheet tables.
:feature:
982
.v3.1.2
set_pagebreak_view()
.v3.1.1
Add support for new Excel dynamic functions added in 2023.
:issue:
984
.Added support for adding a color to the
invert_if_negative
chart option.:feature:
854
.v3.1.0
v3.0.9
ewx_polars
to demonstrate newPolars <https://www.pola.rs>
_ integration of XlsxWriter inwrite_excel()
_... _write_excel(): https://pola-rs.github.io/polars/py-polars/html/reference/api/polars.DataFrame.write_excel.html#polars.DataFrame.write_excel
v3.0.8
autofit()
exception when user defined column width wasNone
.v3.0.7
Improved :func:
autofit
algorithm to account for the additional width ofautofilter and table dropdowns.
Improved :func:
autofit
take user defined column widths into account.Autofit will now only update the width for an existing column if it is greater
than the user defined value. This allows the user to pre-load a minimum column
width.
:feature:
936
.v3.0.6
Added simulated worksheet :func:
autofit
method.:feature:
936
.v3.0.5
Added
OverlappingRange
exception which is raised during Worksheet:func:
add_table()
or :func:merge_range()
if the range overlaps an existingworksheet table or merge range. This is a file corruption error in Excel. See
:ref:
exceptions
.:issue:
848
v3.0.4
Roll up release of several minor fixes.
Drop support for EOL Python 3.4 and 3.5.
v3.0.3
Added :func:
print_black_and_white
worksheet method to set "Black andWhite" print options.
:feature:
862
.v3.0.2
Added :func:
set_top_left_cell
worksheet method to position the firstvisible cell in a worksheet.
:feature:
837
.v3.0.1
matching version for Python 2 and 3.
v2.0.0
This is the last XlsxWriter release to support Python 2. From now bug fixes
and new features will only be available for Python 3. The deprecation notice
for Python 2 support in XlsxWriter has been in place since May 2020 and the
Python community support for Python 2 ended in January 2020. Downloads of
XlsxWriter for Python 2 is currently less than 6% of all downloads of the
library, and decreasing month by month.
Python 2 users should still be able to install versions of XlsxWriter up to
this release but not any releases afterwards.
:feature:
720
.Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.