Schemathesis

:wrench: Changed

- Support `requests<3`. 1742
- Bump the minimum supported `Hypothesis` version to `6.31.6` to reflect the requirement from `hypothesis-jsonschema`.

:bug: Fixed

- `HypothesisDeprecationWarning` regarding deprecated `HealthCheck.all()`. 1739

:rocket: Added

- You can now provide a tuple of checks to exclude when validating a response.

:wrench: Changed

- Support `requests<2.29`.

:bug: Fixed

- Passing `params` / `cookies` to `case.call` causing `TypeError`. 1734

:fire: Removed

- Direct dependency on `attrs`.

:tada: I am excited to announce the latest release of Schemathesis! :tada:

You can now use custom authentication mechanisms from the `requests` library, apply authentication conditionally to specific API operations, and even throttle requests via the CLI. As always, we've also squashed a few bugs to improve the overall stability of Schemathesis! Happy testing! 🙌

:rocket: Added

- Schemathesis now supports custom authentication mechanisms from the `requests` library.
You can use `schemathesis.auth.set_from_requests` to set up Schemathesis CLI with any third-party authentication implementation that works with `requests`. 1700


python
import schemathesis
from requests_ntlm import HttpNtlmAuth

schemathesis.auth.set_from_requests(
HttpNtlmAuth("domain\\username", "password")
)


- Ability to apply authentication conditionally to specific API operations using a combination of `schemathesis.auth.apply_to()` and `schemathesis.auth.skip_for()` decorators.

python
import schemathesis

Apply auth only for operations that path starts with `/users/` but not the `POST` method
schemathesis.auth().apply_to(path_regex="^/users/").skip_for(method="POST")
class MyAuth:
...


- Add a convenience mapping-like interface to `OperationDefinition` including indexing access, the `get` method, and "in" support.
- Request throttling via the `--rate-limit` CLI option. 910

:wrench: Changed

- Unified Schemathesis custom authentication usage via the `schema.auth` decorator, replacing the previous `schema.auth.register` and `schema.auth.apply` methods:

python
import schemathesis

schema = schemathesis.from_uri("https://example.schemathesis.io/openapi.json")
Schema-level auth
Before: schema.auth.register()
schema.auth()
class MyAuth:
...

Test-level auth
Before: schema.auth.apply(MyAuth)
schema.auth(MyAuth)
schema.parametrize()
def test_api(case):
...


:bug: Fixed

- Handling of query parameters and cookies passed to `case.call` and query parameters passed to `case.call_wsgi`.
The user-provided values are now merged with the data generated by Schemathesis, instead of overriding it completely. 1705
- Parameter definition takes precedence over security schemes with the same name.
- `Unsatisfiable` error when explicit header name passed via CLI clashes with the header parameter name. 1699
- Not using the `port` keyword argument in schema loaders during API schema loading. 1721

:tada: Great news!

This release of Schemathesis simplifies hooks management and adds support for hooks in the [Schemathesis GitHub Action](https://github.com/schemathesis/action)!

Now you can take advantage of Schemathesis's hooks to customize your testing workflows directly within your GitHub Actions pipeline.

:rocket: Added

- Support for specifying the path to load hooks from the `SCHEMATHESIS_HOOKS` environment variable. 1702

:wastebasket: Deprecated

- Use of the `--pre-run` CLI option for loading hooks. Use the `SCHEMATHESIS_HOOKS` environment variable instead.

:wrench: Changed

- Support any Werkzeug 2.x in order to allow mitigation of [CVE-2023-25577](https://github.com/advisories/GHSA-xg9f-g7g7-2323). #1695