Niquests

------------------

**Changed**
- Changed method `raise_for_status` in class `Response` to return **self** in order to make the call chainable.
Idea taken from upstream https://github.com/psf/requests/issues/6215
- Bump minimal version supported for `urllib3.future` to 2.2.901 for recently introduced added features (bellow).

**Added**
- Support for multiplexed connection in HTTP/2 and HTTP/3. Concurrent requests per connection are now a thing, in synchronous code.
This feature is the real advantage of using binaries HTTP protocols.
It is disabled by default and can be enabled through `Session(multiplexed=True)`, each `Response` object will
be 'lazy' loaded. Accessing anything from returned `Response` will block the code until target response is retrieved.
Use `Session.gather()` to efficiently receive responses. You may also give a list of responses that you want to load.

**Example A)** Emitting concurrent requests and loading them via `Session.gather()`
python
from niquests import Session
from time import time

s = Session(multiplexed=True)

before = time()
responses = []

responses.append(
s.get("https://pie.dev/delay/3")
)

responses.append(
s.get("https://pie.dev/delay/1")
)

s.gather()

print(f"waited {time() - before} second(s)") will print 3s


**Example B)** Emitting concurrent requests and loading them via direct access
python
from niquests import Session
from time import time

s = Session(multiplexed=True)

before = time()
responses = []

responses.append(
s.get("https://pie.dev/delay/3")
)

responses.append(
s.get("https://pie.dev/delay/1")
)

internally call gather with self (Response)
print(responses[0].status_code) 200! :! Hidden call to s.gather(responses[0])
print(responses[1].status_code) 200!

print(f"waited {time() - before} second(s)") will print 3s

You have nothing to do, everything from streams to connection pooling are handled automagically!
- Support for in-memory intermediary/client certificate (mTLS).
Thanks for support within `urllib3.future`. Unfortunately this feature may not be available depending on your platform.
Passing `cert=(a, b, c)` where **a** or/and **b** contains directly the certificate is supported.
See https://urllib3future.readthedocs.io/en/latest/advanced-usage.html#in-memory-client-mtls-certificate for more information.
It is proposed to circumvent recent pyOpenSSL complete removal.
- Detect if a new (stable) version is available when invoking `python -m niquests.help` and propose it for installation.
- Add the possibility to disable a specific protocol (e.g. HTTP/2, and/or HTTP/3) when constructing `Session`.
Like so: `s = Session(disable_http2=..., disable_http3=...)` both options are set to `False`, thus letting them enabled.
urllib3.future does not permit to disable HTTP/1.1 for now.
- Support passing a single `str` to `auth=...` in addition to actually supported types. It will be treated as a
**Bearer** token, by default to the `Authorization` header. It's a shortcut. You may keep your own token prefix in given
string (e.g. if not Bearer).
- Added `MultiplexingError` exception for anything related to failure with a multiplexed connection.
- Added **async** support through `AsyncSession` that utilize an underlying thread pool.
python
from niquests import AsyncSession
import asyncio
from time import time

async def emit() -> None:
responses = []

async with AsyncSession(multiplexed=True) as s:
responses.append(await s.get("https://pie.dev/get"))
responses.append(await s.get("https://pie.dev/head"))

await s.gather()

print(responses)

async def main() -> None:
foo = asyncio.create_task(emit())
bar = asyncio.create_task(emit())
await foo
await bar

if __name__ == "__main__":
before = time()
asyncio.run(main())
print(time() - before)

Or without `multiplexing` if you want to keep multiple connections open per host per request.
python
from niquests import AsyncSession
import asyncio
from time import time

async def emit() -> None:
responses = []

async with AsyncSession() as s:
responses.append(await s.get("https://pie.dev/get"))
responses.append(await s.get("https://pie.dev/head"))

print(responses)

async def main() -> None:
foo = asyncio.create_task(emit())
bar = asyncio.create_task(emit())
await foo
await bar

if __name__ == "__main__":
before = time()
asyncio.run(main())
print(time() - before)

You may disable concurrent threads by setting `AsyncSession.no_thread = True`.

**Security**
- Certificate revocation verification may not be fired for subsequents requests in a specific condition (redirection).

------------------

**Fixed**
- Static type checker not accepting **iterable\[str\]** for **data**. A fix in urllib3.future allows it since v2.1.902.
- Unattended override of manually provided **Authorization** if `.netrc` existed with an eligible entry.
Taken from closed PR https://github.com/psf/requests/pull/6555 and initially raised in https://github.com/psf/requests/issues/3929

**Added**
- **oheaders** property in `Request`, and `PreparedRequest` in addition to `Response`.

------------------

**Fixed**
- **oheaders** from a Response contains `Set-Cookie` entries when it should not.
- Static type checker not accepting **list\[str\]** in values for argument **param**.
- Static type checker not accepting **Iterable\[bytes\]** for **data**.
- Function proxy_bypass_registry for Windows may be fooled by insufficient control on our end.
Patch taken from idle upstream PR https://github.com/psf/requests/pull/6302
- SSLError message related to the certificate revocation could print `None` instead of `unspecified` for the reason.

**Changed**
- Allow setting `None` in max_size for **SharableLimitedDict** to remove limits.
- Using `RLock` instead of `Lock` in **SharableLimitedDict**, and **InMemoryRevocationStatus** classes.

**Misc**
- Missing assert statements for test test_header_validation.
- Unrelated warnings are now silent in our test suite.
- Unexpected warning now trigger an error in our test suite.
- Removed `tests.compat`.
- Removed `test-readme`, `flake8`, and `publish` from Makefile.

**Added**
- Extra-dist install `http3` to force install HTTP/3 support in your environment if not present.
- Extra-dist install `ocsp` to force install certificate revocation support in your environment if not present.

------------------

**Fixed**
- Static type checker not accepting **list\[str\]** in values for argument **data**.

**Misc**
- Changed the documentation theme by **furo**.

**Added**
- IPv6 support in the `NO_PROXY` environment variable or in the **proxies** (key no_proxy) argument.
Patch taken from idle upstream PR https://github.com/psf/requests/pull/5953
- Preemptively register a website to be HTTP/3 capable prior to the first TLS over TCP handshake.
You can do so by doing like:

python
from niquests import Session

s = Session()
s.quic_cache_layer.add_domain("cloudflare.com")

- Passed **data** will be converted to form-data if headers have a Content-Type header and is set to `multipart/form-data`.
Otherwise, by default, it is still urlencoded. If you specified a boundary, it will be used, otherwise, a random one will
be generated.

------------------

**Fixed**
- Fixed `Transfer-Encoding` wrongfully added to headers when body is actually of length 0. Due to ambiguous return of `super_len` in niquests internals.
- Fixed accepting three-valued tuple for Timeout (connect, read, total) in addition of known (connect, read) tuple.

------------------

**Misc**
- Static typing has been improved to provide a better development experience.

**Added**
- Certificate revocation verification via the OCSP protocol.

This feature is broadly available and is enabled by default when `verify=True`.
We decided to follow what browsers do by default, so Niquests follows by being non-strict.
OCSP responses are expected to arrive in less than 200ms, otherwise ignored (e.g. OCSP is dropped).
Niquests keeps in-memory the results until the size exceed 2,048 entries, then an algorithm choose an entry
to be deleted (oldest request or the first one that ended in error).

You can at your own discretion enable strict OCSP checks by passing the environment variable `NIQUESTS_STRICT_OCSP`
with anything inside but `0`. In strict mode the maximum delay for response passes from 200ms to 1,000ms and
raises an error or explicit warning.

In non-strict mode, this security measure will be deactivated automatically if your usage is unreasonable.
e.g. Making a hundred of requests to a hundred of domains, thus consuming resources that should have been
allocated to browser users. This was made available for users with a limited target of domains to get
a complementary security measure.

Unless in strict-mode, the proxy configuration will be respected when given, as long as it specify
a plain `http` proxy. This is meant for people who want privacy.

This feature may not be available if the `cryptography` package is missing from your environment.
Verify the availability after Niquests upgrade by running `python -m niquests.help`.

There is several downside of using OCSP, Niquests knows it. It is not a silver bullet solution. But better than nothing.
It does not apply to HTTPS proxies themselves. For now.

- Add property `ocsp_verified` in both `PreparedRequest`, and `Response` to have a clue on the post handshake verification.

Will be `None` if no verification took place, `True` if the verification leads to a confirmation from the OCSP server
that the certificate is valid, `False` otherwise.

**Changed**
- Bump lower version requirement for `urllib3.future` to 2.1.900 to ensure compatibility with newer features.
- Internal in-memory QUIC capabilities is now thread safe and limited to 12,288 entries.
- Pickling a `Session` object no-longer dump adapters or the QUIC in-memory capabilities, they are reset on setstate.

**Fixed**
- `conn_info` was unset if the response came after a redirect.