07b49934a0
Accepting request 1293092 from devel:languages:python
Ana Guerrero2025-07-15 14:43:06 +00:00
82000e84e4
- Add revert-caching-default-sslcontext.patch upstream patch to avoid problems with certificate caching in sslcontext. bsc#1246104, gh#psf/requests#6767
Daniel Garcia2025-07-14 09:35:54 +00:00
8e8634d2ed
- Add revert-caching-default-sslcontext.patch upstream patch to avoid problems with certificate caching in sslcontext. bsc#1246104, gh#psf/requests#6767
Daniel Garcia2025-07-14 09:35:54 +00:00
7f1a0ac2c7
Accepting request 1284404 from devel:languages:python
Ana Guerrero2025-06-11 14:20:27 +00:00
4649b6f2e9
Accepting request 1284404 from devel:languages:python
Ana Guerrero2025-06-11 14:20:27 +00:00
b3957d941a
- update to 2.32.4: * CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file * Numerous documentation improvements * Added support for pypy 3.11 for Linux and macOS. * Dropped support for pypy 3.9 following its end of support. - drop CVE-2024-47081.patch (merged upstream) - Switch to pyproject macros. - Remove Requires on python-py, it should have been removed earlier.
Dirk Mueller2025-06-10 09:43:04 +00:00
ad1af4efa0
- update to 2.32.4: * CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file * Numerous documentation improvements * Added support for pypy 3.11 for Linux and macOS. * Dropped support for pypy 3.9 following its end of support. - drop CVE-2024-47081.patch (merged upstream) - Switch to pyproject macros. - Remove Requires on python-py, it should have been removed earlier.
Dirk Mueller2025-06-10 09:43:04 +00:00
c36468b791
Accepting request 1282999 from devel:languages:python
Ana Guerrero2025-06-10 06:57:19 +00:00
e5cef7e94c
Accepting request 1282999 from devel:languages:python
Ana Guerrero2025-06-10 06:57:19 +00:00
ef25f38bb8
Accepting request 1208547 from devel:languages:python
Ana Guerrero2024-10-18 13:52:52 +00:00
85afd9e0f8
Accepting request 1208547 from devel:languages:python
Ana Guerrero2024-10-18 13:52:52 +00:00
963e9791a9
- Add patch inject-default-ca-bundles.patch: * Inject the default CA bundles if they are not specified. (bsc#1226321, bsc#1231500)
Steve Kowalik2024-10-17 06:31:35 +00:00
7523d7cfd4
- Add patch inject-default-ca-bundles.patch: * Inject the default CA bundles if they are not specified. (bsc#1226321, bsc#1231500)
Steve Kowalik2024-10-17 06:31:35 +00:00
574613ff8a
- Remove Requires on python-py, it should have been removed earlier.
Steve Kowalik2024-08-29 03:18:21 +00:00
daf7705356
- Remove Requires on python-py, it should have been removed earlier.
Steve Kowalik2024-08-29 03:18:21 +00:00
d0c9d9cc6d
Accepting request 1179087 from devel:languages:python
Ana Guerrero2024-06-07 13:01:52 +00:00
e81f66eb06
Accepting request 1179087 from devel:languages:python
Ana Guerrero2024-06-07 13:01:52 +00:00
feb7f39f9a
- update to 2.32.3: * Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. * Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is * Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, * verify=True now reuses a global SSLContext which should improve request time * Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their
Dirk Mueller2024-06-06 19:38:51 +00:00
b9206df570
- update to 2.32.3: * Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. * Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is * Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, * verify=True now reuses a global SSLContext which should improve request time * Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their
Dirk Mueller2024-06-06 19:38:51 +00:00
6f36943a32
Accepting request 1175867 from devel:languages:python
Ana Guerrero2024-05-24 17:50:01 +00:00
297134e51e
Accepting request 1175867 from devel:languages:python
Ana Guerrero2024-05-24 17:50:01 +00:00
a8abd1de39
Accepting request 1175866 from home:mcalabkova:branches:devel:languages:python
Markéta Machová2024-05-22 14:11:59 +00:00
ac4b99afd5
Accepting request 1175866 from home:mcalabkova:branches:devel:languages:python
Markéta Machová2024-05-22 14:11:59 +00:00
022a931264
Accepting request 1175561 from home:mcalabkova:branches:devel:languages:python:pytest
Markéta Machová2024-05-21 12:50:09 +00:00
38b447badd
Accepting request 1175561 from home:mcalabkova:branches:devel:languages:python:pytest
Markéta Machová2024-05-21 12:50:09 +00:00
35db5c9f34
Accepting request 1110368 from devel:languages:python
Ana Guerrero2023-09-12 19:02:19 +00:00
da8687696d
Accepting request 1110368 from devel:languages:python
Ana Guerrero2023-09-12 19:02:19 +00:00
9799752179
- switch from unmaintained brotlipy to Brotli (same as urllib3) - allow using newest version of charset-normalizer (3.0+) - Skip test_pyopenssl_redirect due to gh#psf/requests#5846 - add 5711.patch from upstream instead to remove idna<3 pin can install the new idna dropping python2 - refreshed requests-no-hardcoded-version.patch - Do not require full python, (implicit) python-base is sufficient. - Skip one more test that is flaky - -test subpackage must be empty * Only load the idna library when we’ve determined we need it. * Fixed an issue with JSON encoding detection, specifically detecting - Fixed requests-do-not-use-bundle.patch requests-do-not-use-bundle.patch - fix license (Apache-2.0 only) - Now has a "security" package extras set, - Bugfix for responses that attempt to redirect to themselves - Support for connect timeouts! Timeout now accepts a tuple (connect, read) which is used to set individual connect and - update to 1.2.0: + charade: LGPL-2.1+
Dirk Mueller2023-09-11 20:42:01 +00:00
759fd4f30e
- switch from unmaintained brotlipy to Brotli (same as urllib3) - allow using newest version of charset-normalizer (3.0+) - Skip test_pyopenssl_redirect due to gh#psf/requests#5846 - add 5711.patch from upstream instead to remove idna<3 pin can install the new idna dropping python2 - refreshed requests-no-hardcoded-version.patch - Do not require full python, (implicit) python-base is sufficient. - Skip one more test that is flaky - -test subpackage must be empty * Only load the idna library when we’ve determined we need it. * Fixed an issue with JSON encoding detection, specifically detecting - Fixed requests-do-not-use-bundle.patch requests-do-not-use-bundle.patch - fix license (Apache-2.0 only) - Now has a "security" package extras set, - Bugfix for responses that attempt to redirect to themselves - Support for connect timeouts! Timeout now accepts a tuple (connect, read) which is used to set individual connect and - update to 1.2.0: + charade: LGPL-2.1+
Dirk Mueller2023-09-11 20:42:01 +00:00
30031b76cd
- Delete requests-no-hardcoded-version.patch
Daniel Garcia2023-06-12 12:14:24 +00:00
97bb791ba0
- Delete requests-no-hardcoded-version.patch
Daniel Garcia2023-06-12 12:14:24 +00:00
f1ac59bf1f
- Security Update to 2.31.0 (bsc#1211674): Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our Github Security Advisory and CVE-2023-32681.
Daniel Garcia2023-06-12 12:04:25 +00:00
4bb4acc33e
- Security Update to 2.31.0 (bsc#1211674): Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our Github Security Advisory and CVE-2023-32681.
Daniel Garcia2023-06-12 12:04:25 +00:00
1bad819eab
Accepting request 1085066 from home:ojkastl_buildservice:Branch_devel_languages_python
Dirk Mueller2023-05-05 12:13:37 +00:00
62ca35b79a
Accepting request 1085066 from home:ojkastl_buildservice:Branch_devel_languages_python
Dirk Mueller2023-05-05 12:13:37 +00:00
9b183aa4ab
- Update to 2.30.0: * Added support for urllib3 2.0.  * Defer chunked requests to the urllib3 implementation to improve standardization. * Relax header component requirements to support bytes/str subclasses.
Steve Kowalik2023-05-04 01:49:16 +00:00
2b266e114f
- Update to 2.30.0: * Added support for urllib3 2.0.  * Defer chunked requests to the urllib3 implementation to improve standardization. * Relax header component requirements to support bytes/str subclasses.
Steve Kowalik2023-05-04 01:49:16 +00:00
d539fb7377
- Don't upper limit version of charset_normalized at runtime, too. * Added change to patch: requests-no-hardcoded-version.patch
Matej Cepl2023-02-24 11:33:24 +00:00
a7241f4f04
- Don't upper limit version of charset_normalized at runtime, too. * Added change to patch: requests-no-hardcoded-version.patch
Matej Cepl2023-02-24 11:33:24 +00:00
ec95131598
Accepting request 1067584 from devel:languages:python
Matej Cepl2023-02-24 11:02:42 +00:00
6f67a1b878
Accepting request 1067584 from devel:languages:python
Matej Cepl2023-02-24 11:02:42 +00:00
855fe1ea2b
- update to 2.28.2: - Requests now supports charset\_normalizer 3.x. - Updated MissingSchema exception to suggest https scheme rather than http. - drop requests-allow-charset-normalizer-3.patch (upstream)
Dirk Mueller2023-01-21 10:02:15 +00:00
a4d3a3a91f
- update to 2.28.2: - Requests now supports charset\_normalizer 3.x. - Updated MissingSchema exception to suggest https scheme rather than http. - drop requests-allow-charset-normalizer-3.patch (upstream)
Dirk Mueller2023-01-21 10:02:15 +00:00
00512a584a
Accepting request 944102 from home:stroeder:python
Matej Cepl2022-01-05 20:06:25 +00:00
057dd277f3
Accepting request 944102 from home:stroeder:python
Matej Cepl2022-01-05 20:06:25 +00:00
66136dfc9c
- update to 2.27.0: * Officially added support for Python 3.10. (#5928) * Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#5856) * Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#6017) * Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#5917) * Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#5851) * Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#5239) * Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#5914) * Fixed bug where two Host headers were sent for chunked requests. (#5391) * Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#5924) * Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#5924) * Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#5414) * Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.
Dirk Mueller2022-01-04 16:22:38 +00:00
0b01b9eed1
- update to 2.27.0: * Officially added support for Python 3.10. (#5928) * Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#5856) * Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#6017) * Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#5917) * Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#5851) * Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#5239) * Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#5914) * Fixed bug where two Host headers were sent for chunked requests. (#5391) * Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#5924) * Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#5924) * Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#5414) * Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.
Dirk Mueller2022-01-04 16:22:38 +00:00
d746ba43cb
- Correct {Build,}Requires for charset_normalizer. - Add trustme to BuildRequires for the test suite.
Steve Kowalik2021-10-28 06:56:55 +00:00
5ec889ac58
- Correct {Build,}Requires for charset_normalizer. - Add trustme to BuildRequires for the test suite.
Steve Kowalik2021-10-28 06:56:55 +00:00
6590e207df
- update to 2.26.0: - Session.send now correctly resolves proxy configurations from both the Session and Request. Behavior now matches Session.request. (#5681) - Fixed a race condition in zip extraction when using Requests in parallel from zip archive. (#5707) - Instead of chardet, use the MIT-licensed charset_normalizer for Python3 to remove license ambiguity for projects bundling requests. - Requests now supports idna 3.x on Python 3. idna 2.x will continue to be used on Python 2 installations. (#5711) - The requests[security] extra has been converted to a no-op install. PyOpenSSL is no longer the recommended secure option for Requests. (#5867) - Requests has officially dropped support for Python 3.5. (#5867) - drop 5711.patch: upstream
Dirk Mueller2021-10-26 21:10:00 +00:00
39bc3f7308
- update to 2.26.0: - Session.send now correctly resolves proxy configurations from both the Session and Request. Behavior now matches Session.request. (#5681) - Fixed a race condition in zip extraction when using Requests in parallel from zip archive. (#5707) - Instead of chardet, use the MIT-licensed charset_normalizer for Python3 to remove license ambiguity for projects bundling requests. - Requests now supports idna 3.x on Python 3. idna 2.x will continue to be used on Python 2 installations. (#5711) - The requests[security] extra has been converted to a no-op install. PyOpenSSL is no longer the recommended secure option for Requests. (#5867) - Requests has officially dropped support for Python 3.5. (#5867) - drop 5711.patch: upstream
Dirk Mueller2021-10-26 21:10:00 +00:00
Ana Guerrero
Markéta Machová
Daniel Garcia
Dirk Mueller
Steve Kowalik
Dominique Leuenberger
Matej Cepl
Adrian Schröter
Fabian Vogt