- Update to 2.13.3:
* Changed the values for DOWNLOAD_DELAY (from 0 to 1) and
CONCURRENT_REQUESTS_PER_DOMAIN (from 8 to 1) in the default project
template.
* Fixed several bugs in the engine initialization and exception handling
logic.
* Allowed running tests with Twisted 25.5.0+ again and fixed test failures
with lxml 6.0.0.
* Give callback requests precedence over start requests when priority
values are the same.
* The asyncio reactor is now enabled by default
* Replaced start_requests() (sync) with start() (async) and changed how it
is iterated.
* Added the allow_offsite request meta key
* Spider middlewares that don't support asynchronous spider output are
deprecated
* Added a base class for universal spider middlewares
- Add patch remove-hoverxref.patch:
* Do not use deprecated sphinx-hoverxref extension.
- Add patch no-dark-mode.patch:
* Do not use unavailable sphinx-rtd-dark-mode extension.
OBS-URL: https://build.opensuse.org/request/show/1296688
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Scrapy?expand=0&rev=24
* Changed the values for DOWNLOAD_DELAY (from 0 to 1) and
CONCURRENT_REQUESTS_PER_DOMAIN (from 8 to 1) in the default project
template.
* Fixed several bugs in the engine initialization and exception handling
logic.
* Allowed running tests with Twisted 25.5.0+ again and fixed test failures
with lxml 6.0.0.
* Give callback requests precedence over start requests when priority
values are the same.
* The asyncio reactor is now enabled by default
* Replaced start_requests() (sync) with start() (async) and changed how it
is iterated.
* Added the allow_offsite request meta key
* Spider middlewares that don't support asynchronous spider output are
deprecated
* Added a base class for universal spider middlewares
- Add patch remove-hoverxref.patch:
* Do not use deprecated sphinx-hoverxref extension.
- Add patch no-dark-mode.patch:
* Do not use unavailable sphinx-rtd-dark-mode extension.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Scrapy?expand=0&rev=48
- update to 2.11.2 (bsc#1224474, CVE-2024-1968):
* Redirects to non-HTTP protocols are no longer followed.
Please, see the 23j4-mw76-5v7h security advisory for more
information. (:issue:`457`)
* The Authorization header is now dropped on redirects to a
different scheme (http:// or https://) or port, even if the
domain is the same. Please, see the 4qqq-9vqf-3h3f security
advisory for more information.
* When using system proxy settings that are different for
http:// and https://, redirects to a different URL scheme
will now also trigger the corresponding change in proxy
settings for the redirected request. Please, see the
jm3v-qxmh-hxwv security advisory for more information.
(:issue:`767`)
* :attr:`Spider.allowed_domains
<scrapy.Spider.allowed_domains>` is now enforced for all
requests, and not only requests from spider callbacks.
* :func:`~scrapy.utils.iterators.xmliter_lxml` no longer
resolves XML entities.
* defusedxml is now used to make
:class:`scrapy.http.request.rpc.XmlRpcRequest` more secure.
* Restored support for brotlipy_, which had been dropped in
Scrapy 2.11.1 in favor of brotli. (:issue:`6261`) Note
brotlipy is deprecated, both in Scrapy and upstream. Use
brotli instead if you can.
* Make :setting:`METAREFRESH_IGNORE_TAGS` ["noscript"] by
default. This prevents :class:`~scrapy.downloadermiddlewares.
redirect.MetaRefreshMiddleware` from following redirects that
would not be followed by web browsers with JavaScript
enabled.
OBS-URL: https://build.opensuse.org/request/show/1186841
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Scrapy?expand=0&rev=21
* Redirects to non-HTTP protocols are no longer followed.
Please, see the 23j4-mw76-5v7h security advisory for more
information. (:issue:`457`)
* The Authorization header is now dropped on redirects to a
different scheme (http:// or https://) or port, even if the
domain is the same. Please, see the 4qqq-9vqf-3h3f security
advisory for more information.
* When using system proxy settings that are different for
http:// and https://, redirects to a different URL scheme
will now also trigger the corresponding change in proxy
settings for the redirected request. Please, see the
jm3v-qxmh-hxwv security advisory for more information.
(:issue:`767`)
* :attr:`Spider.allowed_domains
<scrapy.Spider.allowed_domains>` is now enforced for all
requests, and not only requests from spider callbacks.
* :func:`~scrapy.utils.iterators.xmliter_lxml` no longer
resolves XML entities.
* defusedxml is now used to make
:class:`scrapy.http.request.rpc.XmlRpcRequest` more secure.
* Restored support for brotlipy_, which had been dropped in
Scrapy 2.11.1 in favor of brotli. (:issue:`6261`) Note
brotlipy is deprecated, both in Scrapy and upstream. Use
brotli instead if you can.
* Make :setting:`METAREFRESH_IGNORE_TAGS` ["noscript"] by
default. This prevents :class:`~scrapy.downloadermiddlewares.
redirect.MetaRefreshMiddleware` from following redirects that
would not be followed by web browsers with JavaScript
enabled.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Scrapy?expand=0&rev=41
