Avg Release Cycle
95 days ago
🔋 Features and Improvements
- 🖨 Add sha256 fingerprint support. (shazow/urllib3#540)
- 🐎 Improve the performance of headers. (shazow/urllib3#544)
- 🚚 Copy pip's import machinery. When downstream redistributors remove requests.packages.urllib3 the import machinery will continue to let those same symbols work. Example usage in requests' documentation and 3rd-party libraries relying on the vendored copies of urllib3 will work without having to fallback to the system urllib3.
- Attempt to quote parts of the URL on redirect if unquoting and then quoting fails. (#2356)
- Fix filename type check for multipart form-data uploads. (#2411)
- Properly handle the case where a server issuing digest authentication challenges provides both auth and auth-int qop-values. (#2408)
- Fix a socket leak. (shazow/urllib3#549)
- Fix multiple
Set-Cookieheaders properly. (shazow/urllib3#534)
- Disable the built-in hostname verification. (shazow/urllib3#526)
- Fix the behaviour of decoding an exhausted stream. (shazow/urllib3#535)
- ⚡️ Pulled in an updated
- 0️⃣ Drop RC4 from the default cipher list. (shazow/urllib3#551)
- Only catch HTTPErrors in raise_for_status (#2382)
- 👀 Handle LocationParseError from urllib3 (#2344)
- Handle file-like object filenames that are not strings (#2379)
- Unbreak HTTPDigestAuth handler. Allow new nonces to be negotiated (#2389)
- Allow usage of urllib3's Retry object with HTTPAdapters (#2216)
iter_linesmethod on a response now accepts a delimiter with which to split the content (#2295)
- 🗄 Add deprecation warnings to functions in requests.utils that will be removed in 3.0 (#2309)
- Sessions used by the functional API are always closed (#2326)
- Restrict requests to HTTP/1.1 and HTTP/1.0 (stop accepting HTTP/0.9) (#2323)
- 📜 Only parse the URL once (#2353)
- Allow Content-Length header to always be overridden (#2332)
- Properly handle files in HTTPDigestAuth (#2333)
- Cap redirect_cache size to prevent memory abuse (#2299)
- Fix HTTPDigestAuth handling of redirects after authenticating successfully (#2253)
- Fix crash with custom method parameter to Session.request (#2317)
- 📜 Fix how Link headers are parsed using the regular expression library (#2271)
- Add more references for interlinking (#2348)
- ⚡️ Update CSS for theme (#2290)
- ⚡️ Update width of buttons and sidebar (#2289)
- Replace references of Gittip with Gratipay (#2282)
- Add link to changelog in sidebar (#2273)
- FINALLY! Add json parameter for uploads! (#2258)
- ✅ Support for bytestring URLs on Python 3.x (#2238)
- Avoid getting stuck in a loop (#2244)
- Multiple calls to iter* fail with unhelpful error. (#2240, #2241)
- 🔒 Now has a "security" package extras set,
$ pip install requests[security]
- Requests will now use Certifi if it is available.
- Capture and re-raise urllib3 ProtocolError
- 🛠 Bugfix for responses that attempt to redirect to themselves forever (wtf?).
- 🔒 Now has a "security" package extras set,
Connection: keep-aliveheader is now sent automatically.
- ⏱ Support for connect timeouts! Timeout now accepts a tuple (connect, read) which is used to set individual connect and read timeouts.
- Allow copying of PreparedRequests without headers/cookies.
- ⚡️ Updated bundled urllib3 version.
- ♻️ Refactored settings loading from environment -- new Session.merge_environment_settings.
- Handle socket errors in iter_content.
is_redirect, which is true when the library could have processed this response as a redirection (whether or not it actually did).
- ⏱ The
timeoutparameter now affects requests with both
- The change in v2.0.0 to mandate explicit proxy schemes has been
reverted. Proxy schemes now default to
CaseInsensitiveDictused for HTTP headers now behaves like a normal dictionary when references as string or viewed in the interpreter.
- No longer expose Authorization or Proxy-Authorization headers on redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively.
- Authorization is re-evaluated each redirect.
- On redirect, pass url as native strings.
- Fall-back to autodetected encoding for JSON when Unicode detection fails.
- Headers set to
Sessionare now correctly not sent.
- Correctly honor
decode_unicodeeven if it wasn't used earlier in the same response.
- 👍 Stop advertising
compressas a supported Content-Encoding.
Response.historyparameter is now always a list.
- 🛠 Many, many
- 📜 Fixes incorrect parsing of proxy credentials that contain a literal or encoded '#' character.
- 🛠 Assorted urllib3 fixes.