Urllib3

Latest version: v2.2.3

Safety actively analyzes 687918 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 17

2.2.3

==================

Features
--------

- Added support for Python 3.13. (`3473 <https://github.com/urllib3/urllib3/issues/3473>`__)

Bugfixes
--------

- Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1.
All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (`3053 <https://github.com/urllib3/urllib3/issues/3053>`__)
- Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting https://github.com/python/cpython/issues/103472. (`#3252 <https://github.com/urllib3/urllib3/issues/3252>`__)
- Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (`3413 <https://github.com/urllib3/urllib3/issues/3413>`__)
- Fixed a crash where certain standard library hash functions were absent in restricted environments. (`3432 <https://github.com/urllib3/urllib3/issues/3432>`__)
- Fixed mypy error when adding to ``HTTPConnection.default_socket_options``. (`3448 <https://github.com/urllib3/urllib3/issues/3448>`__)

HTTP/2 (experimental)
---------------------

HTTP/2 support is still in early development.

- Excluded Transfer-Encoding: chunked from HTTP/2 request body (`3425 <https://github.com/urllib3/urllib3/issues/3425>`__)
- Added version checking for ``h2`` (https://pypi.org/project/h2/) usage.

Now only accepting supported h2 major version 4.x.x. (`3290 <https://github.com/urllib3/urllib3/issues/3290>`__)
- Added a probing mechanism for determining whether a given target origin
supports HTTP/2 via ALPN. (`3301 <https://github.com/urllib3/urllib3/issues/3301>`__)
- Add support for sending a request body with HTTP/2 (`3302 <https://github.com/urllib3/urllib3/issues/3302>`__)


Deprecations and Removals
-------------------------

- Note for downstream distributors: the ``_version.py`` file has been removed and is now created at build time by hatch-vcs. (`3412 <https://github.com/urllib3/urllib3/issues/3412>`__)
- Drop support for end-of-life PyPy3.8 and PyPy3.9. (`3475 <https://github.com/urllib3/urllib3/issues/3475>`__)

2.2.2

==================

- Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``.
- Allowed passing negative integers as ``amt`` to read methods of ``http.client.HTTPResponse`` as an alternative to ``None``. (`3122 <https://github.com/urllib3/urllib3/issues/3122>`__)
- Fixed return types representing copying actions to use ``typing.Self``. (`3363 <https://github.com/urllib3/urllib3/issues/3363>`__)

2.2.1

Not secure
==================

- Fixed issue where ``InsecureRequestWarning`` was emitted for HTTPS connections when using Emscripten. (`3331 <https://github.com/urllib3/urllib3/issues/3331>`__)
- Fixed ``HTTPConnectionPool.urlopen`` to stop automatically casting non-proxy headers to ``HTTPHeaderDict``. This change was premature as it did not apply to proxy headers and ``HTTPHeaderDict`` does not handle byte header values correctly yet. (`3343 <https://github.com/urllib3/urllib3/issues/3343>`__)
- Changed ``InvalidChunkLength`` to ``ProtocolError`` when response terminates before the chunk length is sent. (`2860 <https://github.com/urllib3/urllib3/issues/2860>`__)
- Changed ``ProtocolError`` to be more verbose on incomplete reads with excess content. (`3261 <https://github.com/urllib3/urllib3/issues/3261>`__)

2.2.0

Not secure
==================

- Added support for `Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>`__, including streaming support in cross-origin isolated browser environments where threading is enabled. (`#2951 <https://github.com/urllib3/urllib3/issues/2951>`__)
- Added support for ``HTTPResponse.read1()`` method. (`3186 <https://github.com/urllib3/urllib3/issues/3186>`__)
- Added rudimentary support for HTTP/2. (`3284 <https://github.com/urllib3/urllib3/issues/3284>`__)
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy. (`2244 <https://github.com/urllib3/urllib3/issues/2244>`__)
- Fixed ``HTTPConnection.proxy_is_verified`` and ``HTTPSConnection.proxy_is_verified``
to be always set to a boolean after connecting to a proxy. It could be
``None`` in some cases previously. (`3130 <https://github.com/urllib3/urllib3/issues/3130>`__)
- Fixed an issue where ``headers`` passed in a request with ``json=`` would be mutated (`3203 <https://github.com/urllib3/urllib3/issues/3203>`__)
- Fixed ``HTTPSConnection.is_verified`` to be set to ``False`` when connecting
from a HTTPS proxy to an HTTP target. It was set to ``True`` previously. (`3267 <https://github.com/urllib3/urllib3/issues/3267>`__)
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (`3268 <https://github.com/urllib3/urllib3/issues/3268>`__)
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (`3325 <https://github.com/urllib3/urllib3/issues/3325>`__)
- Note for downstream distributors: To run integration tests, you now need to run the tests a second
time with the ``--integration`` pytest flag. (`3181 <https://github.com/urllib3/urllib3/issues/3181>`__)

2.1.0

Not secure
==================

- Removed support for the deprecated urllib3[secure] extra. (`2680 <https://github.com/urllib3/urllib3/issues/2680>`__)
- Removed support for the deprecated SecureTransport TLS implementation. (`2681 <https://github.com/urllib3/urllib3/issues/2681>`__)
- Removed support for the end-of-life Python 3.7. (`3143 <https://github.com/urllib3/urllib3/issues/3143>`__)
- Allowed loading CA certificates from memory for proxies. (`3065 <https://github.com/urllib3/urllib3/issues/3065>`__)
- Fixed decoding Gzip-encoded responses which specified ``x-gzip`` content-encoding. (`3174 <https://github.com/urllib3/urllib3/issues/3174>`__)

2.0.7

Not secure
==================

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

Page 1 of 17

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.