build(deps): bump the pip group across 4 directories with 5 updates #95

dependabot · 2024-10-09T05:45:19Z

Bumps the pip group with 1 update in the /authentication/fastapi-keyclock directory: urllib3.
Bumps the pip group with 1 update in the /sample_projects/fastapi-movie-api directory: python-multipart.
Bumps the pip group with 2 updates in the /sample_projects/geoip directory: requests and urllib3.
Bumps the pip group with 5 updates in the /sample_projects/til_board directory:

Package	From	To
certifi	`2024.2.2`	`2024.7.4`
cryptography	`42.0.7`	`43.0.1`
requests	`2.31.0`	`2.32.2`
urllib3	`2.2.1`	`2.2.2`
python-multipart	`0.0.6`	`0.0.7`

Updates urllib3 from 2.2.2 to 2.2.3

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

Added support for Python 3.13. (#3473)

Bugfixes

Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)

Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)

Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)

Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)

Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)

Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)

Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)

Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: urllib3/urllib3@2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)

Fixed ResourceWarning on CONNECT with Python `__)

Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)

Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)

Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

Added version checking for h2 (https://pypi.org/project/h2/) usage.

Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)

Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)

Commits

2458bfc Release 2.2.3
9b25db6 Only attempt to publish for upstream
b9adeef Drop support for EOL PyPy3.8 and PyPy3.9
b1d4649 Add explicit support for Python 3.13
cc42860 Bump cryptography from 42.0.4 to 43.0.1 (#3470)
3dae2e9 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3469)
1e94feb Revert "Add TLS settings for HTTP/2 (#3456)" (#3466)
aa73abc Bump actions/setup-python from 5.1.0 to 5.2.0 (#3468)
abbfbcb Add 1.26.20 to changelog and make the publish workflow the same (#3464)
d480615 Add TLS settings for HTTP/2 (#3456)
Additional commits viewable in compare view

Updates python-multipart from 0.0.9 to 0.0.12

Release notes

Sourced from python-multipart's releases.

Version 0.0.12

What's Changed

Enforce 100% coverage by @Kludex in Kludex/python-multipart#159

Add mypy strict typing by @jhnstrk in Kludex/python-multipart#140

Improve error message when boundary character does not match by @yecril23pl in Kludex/python-multipart#124

Full Changelog: Kludex/python-multipart@0.0.11...0.0.12

Version 0.0.11

What's Changed

Handle invalid CRLF in header name. fixes #122 by @jhnstrk in Kludex/python-multipart#141

Improve performance, especially in data with many CR-LF by @jhnstrk in Kludex/python-multipart#137

Full Changelog: Kludex/python-multipart@0.0.10...0.0.11

Version 0.0.10

What's Changed

Support on_header_begin by @Kludex in Kludex/python-multipart#103

Improve type hints on FormParser by @Kludex in Kludex/python-multipart#104

Fix OnFileCallback type by @Kludex in Kludex/python-multipart#106

Improve type hints by @Kludex in Kludex/python-multipart#110

Improve type hints on File by @Kludex in Kludex/python-multipart#111

Add type hint to helper functions by @Kludex in Kludex/python-multipart#112

Minor fix for Field.repr by @eltbus in Kludex/python-multipart#114

Fix use of chunk_size parameter by @jhnstrk in Kludex/python-multipart#136

Allow digits and valid token chars in headers by @jhnstrk in Kludex/python-multipart#134

Fix headers being carried between parts. fixes #63 by @jhnstrk in Kludex/python-multipart#135

New Contributors

@onuralpszr made their first contribution in Kludex/python-multipart#108

@janusheide made their first contribution in Kludex/python-multipart#119

@yecril23pl made their first contribution in Kludex/python-multipart#121

@manunio made their first contribution in Kludex/python-multipart#117

@jhnstrk made their first contribution in Kludex/python-multipart#136

Full Changelog: Kludex/python-multipart@0.0.9...0.0.10

Changelog

Sourced from python-multipart's changelog.

0.0.12 (2024-09-29)

Improve error message when boundary character does not match #124.

Add mypy strict typing #140.

Enforce 100% coverage #159.

0.0.11 (2024-09-28)

Improve performance, especially in data with many CR-LF #137.

Handle invalid CRLF in header name #141.

0.0.10 (2024-09-21)

Support on_header_begin #103.

Improve type hints on FormParser #104.

Fix OnFileCallback type #106.

Improve type hints #110.

Improve type hints on File #111.

Add type hint to helper functions #112.

Minor fix for Field.repr #114.

Fix use of chunk_size parameter #136.

Allow digits and valid token chars in headers #134.

Fix headers being carried between parts #135.

Commits

3f7233d Version 0.0.12 (#160)
83191cb ensure our boundary matches: improve the message (#124)
a169d93 Add mypy strict typing (#140)
24d5f57 Enforce 100% coverage (#159)
293ea34 Version 0.0.11 (#158)
a790e40 Improve performance, especially in data with many CR-LF (#137)
dcf0ba1 Handle invalid CRLF in header name. fixes #122 (#141)
851a026 Add entry to changelog (#157)
265d6a4 Upgrade documentation packages (#156)
21825fc Version 0.0.10 (#155)
Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

88dce9d v2.32.2
c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
92075b3 Add deprecation warning
aa1461b Move _get_connection to get_connection_with_tls_context
970e8ce v2.32.1
d6ebc4a v2.32.0
9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
555b870 Allow character detection dependencies to be optional in post-packaging steps
d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
Additional commits viewable in compare view

Updates urllib3 from 2.1.0 to 2.2.2

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

Added support for Python 3.13. (#3473)

Bugfixes

Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)

Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)

Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)

Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)

Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)

Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)

Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)

Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: urllib3/urllib3@2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)

Fixed ResourceWarning on CONNECT with Python `__)

Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)

Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)

Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

Added version checking for h2 (https://pypi.org/project/h2/) usage.

Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)

Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)

Commits

2458bfc Release 2.2.3
9b25db6 Only attempt to publish for upstream
b9adeef Drop support for EOL PyPy3.8 and PyPy3.9
b1d4649 Add explicit support for Python 3.13
cc42860 Bump cryptography from 42.0.4 to 43.0.1 (#3470)
3dae2e9 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3469)
1e94feb Revert "Add TLS settings for HTTP/2 (#3456)" (#3466)
aa73abc Bump actions/setup-python from 5.1.0 to 5.2.0 (#3468)
abbfbcb Add 1.26.20 to changelog and make the publish workflow the same (#3464)
d480615 Add TLS settings for HTTP/2 (#3456)
Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view

Updates cryptography from 42.0.7 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20
BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.

BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.

Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.

Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.

:func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.

:func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.

Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.

Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.

Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)

Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.

Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.

Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.

Added support for parsing empty DN string in

... (truncated)

Commits

a773387 bump for 43.0.1 (#11533)
0393fef Backport setuptools version ban (#11526)
6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
2dbdfb8 don't assign unused name (#11310)
ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

88dce9d v2.32.2
c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
92075b3 Add deprecation warning
aa1461b Move _get_connection to get_connection_with_tls_context
970e8ce v2.32.1
d6ebc4a v2.32.0
9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
555b870 Allow character detection dependencies to be optional in post-packaging steps
d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
Additional commits viewable in compare view

Updates urllib3 from 2.2.1 to 2.2.2

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

Added support for Python 3.13. (#3473)

Bugfixes

Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)

Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)

Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)

Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)

Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)

Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)

Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)

Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: urllib3/urllib3@2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)

Fixed ResourceWarning on CONNECT with Python `__)

Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)

Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)

Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

Added version checking for h2 (https://pypi.org/project/h2/) usage.

Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)

Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)

Commits

2458bfc Release 2.2.3
9b25db6 Only attempt to publish for upstream
b9adeef Drop support for EOL PyPy3.8 and PyPy3.9
b1d4649 Add explicit support for Python 3.13
cc42860 Bump cryptography from 42.0.4 to 43.0.1 (#3470)
3dae2e9 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3469)
1e94feb Revert "Add TLS settings for HTTP/2 (#3456)" (#3466)
aa73abc Bump actions/setup-python from 5.1.0 to 5.2.0 (#3468)
abbfbcb Add 1.26.20 to changelog and make the publish workflow the same (#3464)
d480615 Add TLS settings for HTTP/2 (#3456)
Additional commits viewable in compare view

Updates python-multipart from 0.0.6 to 0.0.7

Release notes

Sourced from python-multipart's releases.

Version 0.0.12

What's Changed

Enforce 100% coverage by @Kludex in Kludex/python-multipart#159

Add mypy strict typing by @jhnstrk in Kludex/python-multipart#140

Improve error message when boundary character does not match by @yecril23pl in Kludex/python-multipart#124

Full Changelog: Kludex/python-multipart@0.0.11...0.0.12

Version 0.0.11

What's Changed

Handle invalid CRLF in header name. fixes #122 by @jhnstrk in Kludex/python-multipart#141

Improve performance, especially in data with many CR-LF by @jhnstrk in Kludex/python-multipart#137

Full Changelog: Kludex/python-multipart@0.0.10...0.0.11

Version 0.0.10

What's Changed

Support on_header_begin by @Kludex in

Bumps the pip group with 1 update in the /authentication/fastapi-keyclock directory: [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /sample_projects/fastapi-movie-api directory: [python-multipart](https://github.com/Kludex/python-multipart). Bumps the pip group with 2 updates in the /sample_projects/geoip directory: [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 5 updates in the /sample_projects/til_board directory: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `42.0.7` | `43.0.1` | | [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` | | [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.2.2` | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.7` | Updates `urllib3` from 2.2.2 to 2.2.3 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.2...2.2.3) Updates `python-multipart` from 0.0.9 to 0.0.12 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.9...0.0.12) Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.2) Updates `urllib3` from 2.1.0 to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.2...2.2.3) Updates `certifi` from 2024.2.2 to 2024.7.4 - [Commits](certifi/python-certifi@2024.02.02...2024.07.04) Updates `cryptography` from 42.0.7 to 43.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@42.0.7...43.0.1) Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.2) Updates `urllib3` from 2.2.1 to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.2...2.2.3) Updates `python-multipart` from 0.0.6 to 0.0.7 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.9...0.0.12) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect dependency-group: pip - dependency-name: python-multipart dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-type: indirect dependency-group: pip - dependency-name: certifi dependency-type: indirect dependency-group: pip - dependency-name: cryptography dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-type: indirect dependency-group: pip - dependency-name: python-multipart dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 9, 2024

YeonwooSung merged commit b1d9380 into main Oct 10, 2024

YeonwooSung deleted the dependabot/pip/authentication/fastapi-keyclock/pip-627e28c8a9 branch October 10, 2024 15:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the pip group across 4 directories with 5 updates #95

build(deps): bump the pip group across 4 directories with 5 updates #95

dependabot bot commented on behalf of github Oct 9, 2024

build(deps): bump the pip group across 4 directories with 5 updates #95

build(deps): bump the pip group across 4 directories with 5 updates #95

Conversation

dependabot bot commented on behalf of github Oct 9, 2024

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

HTTP/2 (experimental)

2.2.3 (2024-09-12)

Features

Bugfixes

HTTP/2 (experimental)

Deprecations and Removals

Version 0.0.12

What's Changed

Version 0.0.11

What's Changed

Version 0.0.10

What's Changed

New Contributors

0.0.12 (2024-09-29)

0.0.11 (2024-09-28)

0.0.10 (2024-09-21)

v2.32.2

2.32.2 (2024-05-21)

v2.32.1

2.32.1 (2024-05-20)

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

2.32.2 (2024-05-21)

2.32.1 (2024-05-20)

2.32.0 (2024-05-20)

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

HTTP/2 (experimental)

2.2.3 (2024-09-12)

Features

Bugfixes

HTTP/2 (experimental)

Deprecations and Removals

v2.32.2

2.32.2 (2024-05-21)

v2.32.1

2.32.1 (2024-05-20)

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

2.32.2 (2024-05-21)

2.32.1 (2024-05-20)

2.32.0 (2024-05-20)

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

HTTP/2 (experimental)

2.2.3 (2024-09-12)

Features

Bugfixes

HTTP/2 (experimental)

Deprecations and Removals

Version 0.0.12

What's Changed

Version 0.0.11

What's Changed

Version 0.0.10

What's Changed