Next | Query returned 67 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2023-05-26 21:42:57 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-requests: updated to 2.31.0

2.31.0 (2023-05-22)
-------------------

**Security**
- Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
  forwarding of `Proxy-Authorization` headers to destination servers when
  following HTTPS redirects.

  When proxies are defined with user info (https://user:pass@proxy:8080), Requests
  will construct a `Proxy-Authorization` header that is attached to the request to
  authenticate with the proxy.

  In cases where Requests receives a redirect response, it previously reattached
  the `Proxy-Authorization` header incorrectly, resulting in the value being
  sent through the tunneled connection to the destination server. Users who rely on
  defining their proxy credentials in the URL are *strongly* encouraged to upgrade
  to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
  credentials once the change has been fully deployed.

  Users who do not use a proxy or do not supply their proxy credentials through
  the user information portion of their proxy URL are not subject to this
  vulnerability.

  Full details can be read in our [Github Security \ 
Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q)
  and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681).
   2023-05-05 20:25:02 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-requests: updated to 2.30.0

2.30.0 (2023-05-03)
-------------------

**Dependencies**
- ⚠️ Added support for urllib3 2.0. ⚠️

  This may contain minor breaking changes so we advise careful testing and
  reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
  prior to upgrading.

  Users who wish to stay on urllib3 1.x can pin to `urllib3<2`.
   2023-04-30 20:02:03 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-requests: update to 2.29.0.

2.29.0 (2023-04-26)
-------------------

**Improvements**

- Requests now defers chunked requests to the urllib3 implementation to improve
  standardization. (#6226)
- Requests relaxes header component requirements to support bytes/str \ 
subclasses. (#6356)
   2023-01-13 10:01:02 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-requests: updated to 2.28.2

2.28.2 (2023-01-12)
-------------------

**Dependencies**

- Requests now supports charset\_normalizer 3.x.

**Bugfixes**

- Updated MissingSchema exception to suggest https scheme rather than http.
   2022-11-28 20:07:30 by Nia Alarie | Files touched by this commit (3)
Log message:
Convert several packages to using versioned_depends for py-cryptography.

Somehow this has been hanging around in my tree for months.
   2022-11-25 11:46:37 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
py-requests: allow newer charset_normalizer
   2022-11-21 00:19:20 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
py-requests: add py-chardet as a dependency to fix a problem with \ 
charset-normalizer>=3 not being supported
   2022-07-10 22:09:56 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
py-requests: update to 2.28.1.

Fixes PR 56915.

2.28.1 (2022-06-29)
-------------------

**Improvements**

- Speed optimization in `iter_content` with transition to `yield from`. (#6170)

**Dependencies**

- Added support for chardet 5.0.0 (#6179)
- Added support for charset-normalizer 2.1.0 (#6169)

2.28.0 (2022-06-09)
-------------------

**Deprecations**

- ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091)
- Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)

**Improvements**

- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
  an encoding to make `json()` API consistent. (#6097)
- Parse header components consistently, raising an InvalidHeader error in
  all invalid cases. (#6154)
- Added provisional 3.11 support with current beta build. (#6155)
- Requests got a makeover and we decided to paint it black. (#6095)

**Bugfixes**

- Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable
  cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with
  `requests.exceptions.SSLError` for `content` and `iter_content`. (#6057)
- Fixed issue where invalid Windows registry entires caused proxy resolution
  to raise an exception rather than ignoring the entry. (#6149)
- Fixed issue where entire payload could be included in the error message for
  JSONDecodeError. (#6036)
   2022-07-03 14:13:07 by Thomas Klausner | Files touched by this commit (4)
Log message:
*: use versioned_dependencies.mk for py-chardet
   2022-04-21 13:00:02 by Thomas Klausner | Files touched by this commit (18)
Log message:
*: convert to versioned_dependencies for py-cryptography

Next | Query returned 67 messages, browsing 1 to 10 | Previous