- Update to 2.6.0:
- Fix handling of cookies on redirect. Previously a cookie without a host
value set would use the hostname for the redirected URL exposing requests
users to session fixation attacks and potentially cookie stealing. This was
disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
An CVE identifier has not yet been assigned for this. This affects all
versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
- Fix error when requests is an ``install_requires`` dependency and ``python
setup.py test`` is run. (#2462)
- Fix error when urllib3 is unbundled and requests continues to use the
vendored import location.
- Include fixes to ``urllib3``'s header handling.
- Requests' handling of unvendored dependencies is now more restrictive.
- Support bytearrays when passed as parameters in the ``files`` argument.
(#2468)
- Avoid data duplication when creating a request with ``str``, ``bytes``, or
``bytearray`` input to the ``files`` argument.
- Revert changes to our vendored certificate bundle. For more context see
(#2455, #2456, and http://bugs.python.org/issue23476)
OBS-URL: https://build.opensuse.org/request/show/298170
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=55
- Update tarball to the one upstream is publishing.
- Update to version 2.3.0
+ New ``Response`` property ``is_redirect``, which is true when the
library could have processed this response as a redirection (whether
or not it actually did).
+ The ``timeout`` parameter now affects requests with both ``stream=True``
and ``stream=False`` equally.
+ The change in v2.0.0 to mandate explicit proxy schemes has been reverted.
Proxy schemes now default to ``http://``.
+ The ``CaseInsensitiveDict`` used for HTTP headers now behaves like a normal
dictionary when references as string or viewd in the interpreter.
+ No longer expose Authorization or Proxy-Authorization headers on redirect.
Fix CVE-2014-1829 and CVE-2014-1830 respectively.
+ Authorization is re-evaluated each redirect.
+ On redirect, pass url as native strings.
+ Fall-back to autodetected encoding for JSON when Unicode detection fails.
+ Headers set to ``None`` on the ``Session`` are now correctly not sent.
+ Correctly honor ``decode_unicode`` even if it wasn't used earlier in the
same response.
+ Stop advertising ``compress`` as a supported Content-Encoding.
+ The ``Response.history`` parameter is now always a list.
+ Many, many ``urllib3`` bugfixes.- Fixes incorrect parsing of proxy
credentials that contain a literal or encoded '#' character.
+ Assorted urllib3 fixes.
+ New exception: ``ContentDecodingError``. Raised instead of ``urllib3``
``DecodeError`` exceptions.
+ Avoid many many exceptions from the buggy implementation of
``proxy_bypass`` on OS X in Python 2.6.
+ Avoid crashing when attempting to get authentication credentials
OBS-URL: https://build.opensuse.org/request/show/237323
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=18
- Update tarball to the one upstream is publishing.
- Update to version 2.3.0
+ New ``Response`` property ``is_redirect``, which is true when the
library could have processed this response as a redirection (whether
or not it actually did).
+ The ``timeout`` parameter now affects requests with both ``stream=True``
and ``stream=False`` equally.
+ The change in v2.0.0 to mandate explicit proxy schemes has been reverted.
Proxy schemes now default to ``http://``.
+ The ``CaseInsensitiveDict`` used for HTTP headers now behaves like a normal
dictionary when references as string or viewd in the interpreter.
+ No longer expose Authorization or Proxy-Authorization headers on redirect.
Fix CVE-2014-1829 and CVE-2014-1830 respectively.
+ Authorization is re-evaluated each redirect.
+ On redirect, pass url as native strings.
+ Fall-back to autodetected encoding for JSON when Unicode detection fails.
+ Headers set to ``None`` on the ``Session`` are now correctly not sent.
+ Correctly honor ``decode_unicode`` even if it wasn't used earlier in the
same response.
+ Stop advertising ``compress`` as a supported Content-Encoding.
+ The ``Response.history`` parameter is now always a list.
+ Many, many ``urllib3`` bugfixes.- Fixes incorrect parsing of proxy
credentials that contain a literal or encoded '#' character.
+ Assorted urllib3 fixes.
+ New exception: ``ContentDecodingError``. Raised instead of ``urllib3``
``DecodeError`` exceptions.
+ Avoid many many exceptions from the buggy implementation of
``proxy_bypass`` on OS X in Python 2.6.
+ Avoid crashing when attempting to get authentication credentials
OBS-URL: https://build.opensuse.org/request/show/237323
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=18
- Update to version 2.3.0
+ New ``Response`` property ``is_redirect``, which is true when the
library could have processed this response as a redirection (whether
or not it actually did).
+ The ``timeout`` parameter now affects requests with both ``stream=True``
and ``stream=False`` equally.
+ The change in v2.0.0 to mandate explicit proxy schemes has been reverted.
Proxy schemes now default to ``http://``.
+ The ``CaseInsensitiveDict`` used for HTTP headers now behaves like a normal
dictionary when references as string or viewd in the interpreter.
+ No longer expose Authorization or Proxy-Authorization headers on redirect.
Fix CVE-2014-1829 and CVE-2014-1830 respectively.
+ Authorization is re-evaluated each redirect.
+ On redirect, pass url as native strings.
+ Fall-back to autodetected encoding for JSON when Unicode detection fails.
+ Headers set to ``None`` on the ``Session`` are now correctly not sent.
+ Correctly honor ``decode_unicode`` even if it wasn't used earlier in the
same response.
+ Stop advertising ``compress`` as a supported Content-Encoding.
+ The ``Response.history`` parameter is now always a list.
+ Many, many ``urllib3`` bugfixes.- Fixes incorrect parsing of proxy
credentials that contain a literal or encoded '#' character.
+ Assorted urllib3 fixes.
+ New exception: ``ContentDecodingError``. Raised instead of ``urllib3``
``DecodeError`` exceptions.
+ Avoid many many exceptions from the buggy implementation of
``proxy_bypass`` on OS X in Python 2.6.
+ Avoid crashing when attempting to get authentication credentials
from ~/.netrc when running as a user without a home directory.
+ Use the correct pool size for pools of connections to proxies.
OBS-URL: https://build.opensuse.org/request/show/236416
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=46
- update to 2.0.1
- changes in 2.0.1:
- Updated included CA Bundle with new mistrusts and automated process for the future
- Added MD5-sess to Digest Auth
- Accept per-file headers in multipart file POST messages.
- Fixed: Don't send the full URL on CONNECT messages.
- Fixed: Correctly lowercase a redirect scheme.
- Fixed: Cookies not persisted when set via functional API.
- Fixed: Translate urllib3 ProxyError into a requests ProxyError derived from ConnectionError.
- Updated internal urllib3 and chardet.
- changes in 2.0.0:
- Keys in the Headers dictionary are now native strings on all Python versions,
i.e. bytestrings on Python 2, unicode on Python 3.
- Proxy URLs now *must* have an explicit scheme. A ``MissingSchema`` exception
will be raised if they don't.
- Timeouts now apply to read time if ``Stream=False``.
- ``RequestException`` is now a subclass of ``IOError``, not ``RuntimeError``.
- Added new method to ``PreparedRequest`` objects: ``PreparedRequest.copy()``.
- Added new method to ``Session`` objects: ``Session.update_request()``. This
method updates a ``Request`` object with the data (e.g. cookies) stored on
the ``Session``.
- Added new method to ``Session`` objects: ``Session.prepare_request()``. This
method updates and prepares a ``Request`` object, and returns the
corresponding ``PreparedRequest`` object.
- Added new method to ``HTTPAdapter`` objects: ``HTTPAdapter.proxy_headers()``.
This should not be called directly, but improves the subclass interface.
- ``httplib.IncompleteRead`` exceptions caused by incorrect chunked encoding
will now raise a Requests ``ChunkedEncodingError`` instead.
- Invalid percent-escape sequences now cause a Requests ``InvalidURL``
exception to be raised. (forwarded request 206076 from Nijel)
OBS-URL: https://build.opensuse.org/request/show/206124
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=16
- update to 2.0.1
- changes in 2.0.1:
- Updated included CA Bundle with new mistrusts and automated process for the future
- Added MD5-sess to Digest Auth
- Accept per-file headers in multipart file POST messages.
- Fixed: Don't send the full URL on CONNECT messages.
- Fixed: Correctly lowercase a redirect scheme.
- Fixed: Cookies not persisted when set via functional API.
- Fixed: Translate urllib3 ProxyError into a requests ProxyError derived from ConnectionError.
- Updated internal urllib3 and chardet.
- changes in 2.0.0:
- Keys in the Headers dictionary are now native strings on all Python versions,
i.e. bytestrings on Python 2, unicode on Python 3.
- Proxy URLs now *must* have an explicit scheme. A ``MissingSchema`` exception
will be raised if they don't.
- Timeouts now apply to read time if ``Stream=False``.
- ``RequestException`` is now a subclass of ``IOError``, not ``RuntimeError``.
- Added new method to ``PreparedRequest`` objects: ``PreparedRequest.copy()``.
- Added new method to ``Session`` objects: ``Session.update_request()``. This
method updates a ``Request`` object with the data (e.g. cookies) stored on
the ``Session``.
- Added new method to ``Session`` objects: ``Session.prepare_request()``. This
method updates and prepares a ``Request`` object, and returns the
corresponding ``PreparedRequest`` object.
- Added new method to ``HTTPAdapter`` objects: ``HTTPAdapter.proxy_headers()``.
This should not be called directly, but improves the subclass interface.
- ``httplib.IncompleteRead`` exceptions caused by incorrect chunked encoding
will now raise a Requests ``ChunkedEncodingError`` instead.
- Invalid percent-escape sequences now cause a Requests ``InvalidURL``
exception to be raised. (forwarded request 206076 from Nijel)
OBS-URL: https://build.opensuse.org/request/show/206124
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=16
- update to 2.0.1
- changes in 2.0.1:
- Updated included CA Bundle with new mistrusts and automated process for the future
- Added MD5-sess to Digest Auth
- Accept per-file headers in multipart file POST messages.
- Fixed: Don't send the full URL on CONNECT messages.
- Fixed: Correctly lowercase a redirect scheme.
- Fixed: Cookies not persisted when set via functional API.
- Fixed: Translate urllib3 ProxyError into a requests ProxyError derived from ConnectionError.
- Updated internal urllib3 and chardet.
- changes in 2.0.0:
- Keys in the Headers dictionary are now native strings on all Python versions,
i.e. bytestrings on Python 2, unicode on Python 3.
- Proxy URLs now *must* have an explicit scheme. A ``MissingSchema`` exception
will be raised if they don't.
- Timeouts now apply to read time if ``Stream=False``.
- ``RequestException`` is now a subclass of ``IOError``, not ``RuntimeError``.
- Added new method to ``PreparedRequest`` objects: ``PreparedRequest.copy()``.
- Added new method to ``Session`` objects: ``Session.update_request()``. This
method updates a ``Request`` object with the data (e.g. cookies) stored on
the ``Session``.
- Added new method to ``Session`` objects: ``Session.prepare_request()``. This
method updates and prepares a ``Request`` object, and returns the
corresponding ``PreparedRequest`` object.
- Added new method to ``HTTPAdapter`` objects: ``HTTPAdapter.proxy_headers()``.
This should not be called directly, but improves the subclass interface.
- ``httplib.IncompleteRead`` exceptions caused by incorrect chunked encoding
will now raise a Requests ``ChunkedEncodingError`` instead.
- Invalid percent-escape sequences now cause a Requests ``InvalidURL``
exception to be raised.
OBS-URL: https://build.opensuse.org/request/show/206076
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=42
- update to 1.2.0:
* Fixed cookies on sessions and on requests
* Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
* certifi support was removed
* Fixed bug where using OAuth 1 with body ``signature_type`` sent no data
* Major proxy work thanks to @Lukasa including parsing of proxy authentication
from the proxy url
* Fix DigestAuth handling too many 401s
* Update vendored urllib3 to include SSL bug fixes
* Allow keyword arguments to be passed to ``json.loads()`` via the
``Response.json()`` method
* Don't send ``Content-Length`` header by default on ``GET`` or ``HEAD``
requests
* Add ``elapsed`` attribute to ``Response`` objects to time how long a request
took.
* Fix ``RequestsCookieJar``
* Sessions and Adapters are now picklable, i.e., can be used with the
mutiprocessing library
Update charade to version 1.0.3
- update to 1.2.0:
* Fixed cookies on sessions and on requests
* Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
* certifi support was removed (forwarded request 175233 from dirkmueller)
OBS-URL: https://build.opensuse.org/request/show/175242
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=10
- update to 1.2.0:
* Fixed cookies on sessions and on requests
* Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
* certifi support was removed
* Fixed bug where using OAuth 1 with body ``signature_type`` sent no data
* Major proxy work thanks to @Lukasa including parsing of proxy authentication
from the proxy url
* Fix DigestAuth handling too many 401s
* Update vendored urllib3 to include SSL bug fixes
* Allow keyword arguments to be passed to ``json.loads()`` via the
``Response.json()`` method
* Don't send ``Content-Length`` header by default on ``GET`` or ``HEAD``
requests
* Add ``elapsed`` attribute to ``Response`` objects to time how long a request
took.
* Fix ``RequestsCookieJar``
* Sessions and Adapters are now picklable, i.e., can be used with the
mutiprocessing library
Update charade to version 1.0.3
- update to 1.2.0:
* Fixed cookies on sessions and on requests
* Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
* certifi support was removed (forwarded request 175233 from dirkmueller)
OBS-URL: https://build.opensuse.org/request/show/175242
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=10
- update to 1.2.0:
* Fixed cookies on sessions and on requests
* Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
* certifi support was removed
* Fixed bug where using OAuth 1 with body ``signature_type`` sent no data
* Major proxy work thanks to @Lukasa including parsing of proxy authentication
from the proxy url
* Fix DigestAuth handling too many 401s
* Update vendored urllib3 to include SSL bug fixes
* Allow keyword arguments to be passed to ``json.loads()`` via the
``Response.json()`` method
* Don't send ``Content-Length`` header by default on ``GET`` or ``HEAD``
requests
* Add ``elapsed`` attribute to ``Response`` objects to time how long a request
took.
* Fix ``RequestsCookieJar``
* Sessions and Adapters are now picklable, i.e., can be used with the
mutiprocessing library
Update charade to version 1.0.3
- update to 1.2.0:
* Fixed cookies on sessions and on requests
* Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
* certifi support was removed
OBS-URL: https://build.opensuse.org/request/show/175233
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=32
