[python ci] Update Python CI dependencies (major) - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
black (changelog)	^23.7.0 -> ^24.3.0
flake8 (changelog)	^6.0.0 -> ^7.0.0
kubernetes	^27.2.0 -> ^29.0.0
pytest (changelog)	^7.4.0 -> ^8.1.1
urllib3 (changelog)	^1.26.16 -> ^2.2.1

---

Release Notes

psf/black (black)

v24.3.0

Compare Source

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#​4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
  of Black would incorrectly format the contents of certain unusual f-strings containing
  nested strings with the same quote type. Now, Black will crash on such strings until
  support for the new f-string syntax is implemented. (#​4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected
  (#​4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab
  characters. This fixes
  CVE-2024-21503.
  (#​4278)

Documentation

• Note what happens when --check is used with --quiet (#​4236)

v24.2.0

Compare Source

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses
  (#​4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style
  due to an outstanding crash and proposed formatting tweaks (#​4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary
  expression (#​4154)
• Checking for newline before adding one on docstring that is almost at the line limit
  (#​4185)
• Remove redundant parentheses in case statement if guards (#​4214).

Configuration

• Fix issue where Black would ignore input files in the presence of symlinks (#​4222)
• Black now ignores pyproject.toml that is missing a tool.black section when
  discovering project root and configuration. Since Black continues to use version
  control as an indicator of project root, this is expected to primarily change behavior
  for users in a monorepo setup (desirably). If you wish to preserve previous behavior,
  simply add an empty [tool.black] to the previously discovered pyproject.toml
  (#​4204)

Output

• Black will swallow any SyntaxWarnings or DeprecationWarnings produced by the ast
  module when performing equivalence checks (#​4189)

Integrations

• Add a JSONSchema and provide a validate-pyproject entry-point (#​4181)

v24.1.1

Compare Source

Bugfix release to fix a bug that made Black unusable on certain file systems with strict
limits on path length.

Preview style

• Consistently add trailing comma on typed parameters (#​4164)

Configuration

• Shorten the length of the name of the cache file to fix crashes on file systems that
  do not support long paths (#​4176)

v24.1.0

Compare Source

Highlights

This release introduces the new 2024 stable style (#​4106), stabilizing the following
changes:

• Add parentheses around if-else expressions (#​2278)
• Dummy class and function implementations consisting only of ... are formatted more
  compactly (#​3796)
• If an assignment statement is too long, we now prefer splitting on the right-hand side
  (#​3368)
• Hex codes in Unicode escape sequences are now standardized to lowercase (#​2916)
• Allow empty first lines at the beginning of most blocks (#​3967, #​4061)
• Add parentheses around long type annotations (#​3899)
• Enforce newline after module docstrings (#​3932, #​4028)
• Fix incorrect magic trailing comma handling in return types (#​3916)
• Remove blank lines before class docstrings (#​3692)
• Wrap multiple context managers in parentheses if combined in a single with statement
  (#​3489)
• Fix bug in line length calculations for power operations (#​3942)
• Add trailing commas to collection literals even if there's a comment after the last
  entry (#​3393)
• When using --skip-magic-trailing-comma or -C, trailing commas are stripped from
  subscript expressions with more than 1 element (#​3209)
• Add extra blank lines in stubs in a few cases (#​3564, #​3862)
• Accept raw strings as docstrings (#​3947)
• Split long lines in case blocks (#​4024)
• Stop removing spaces from walrus operators within subscripts (#​3823)
• Fix incorrect formatting of certain async statements (#​3609)
• Allow combining # fmt: skip with other comments (#​3959)

There are already a few improvements in the --preview style, which are slated for the
2025 stable style. Try them out and
share your feedback. In the past, the preview
style has included some features that we were not able to stabilize. This year, we're
adding a separate --unstable style for features with known problems. Now, the
--preview style only includes features that we actually expect to make it into next
year's stable style.

Stable style

Several bug fixes were made in features that are moved to the stable style in this
release:

• Fix comment handling when parenthesising conditional expressions (#​4134)
• Fix bug where spaces were not added around parenthesized walruses in subscripts,
  unlike other binary operators (#​4109)
• Remove empty lines before docstrings in async functions (#​4132)
• Address a missing case in the change to allow empty lines at the beginning of all
  blocks, except immediately before a docstring (#​4130)
• For stubs, fix logic to enforce empty line after nested classes with bodies (#​4141)

Preview style

• Add --unstable style, covering preview features that have known problems that would
  block them from going into the stable style. Also add the --enable-unstable-feature
  flag; for example, use
  --enable-unstable-feature hug_parens_with_braces_and_square_brackets to apply this
  preview feature throughout 2024, even if a later Black release downgrades the feature
  to unstable (#​4096)
• Format module docstrings the same as class and function docstrings (#​4095)
• Fix crash when using a walrus in a dictionary (#​4155)
• Fix unnecessary parentheses when wrapping long dicts (#​4135)
• Stop normalizing spaces before # fmt: skip comments (#​4146)

Configuration

• Print warning when configuration in pyproject.toml contains an invalid key (#​4165)
• Fix symlink handling, properly ignoring symlinks that point outside of root (#​4161)
• Fix cache mtime logic that resulted in false positive cache hits (#​4128)
• Remove the long-deprecated --experimental-string-processing flag. This feature can
  currently be enabled with --preview --enable-unstable-feature string_processing.
  (#​4096)

Integrations

• Revert the change to run Black's pre-commit integration only on specific git hooks
  (#​3940) for better compatibility with older versions of pre-commit (#​4137)

v23.12.1

Compare Source

Packaging

• Fixed a bug that included dependencies from the d extra by default (#​4108)

v23.12.0

Compare Source

Highlights

It's almost 2024, which means it's time for a new edition of Black's stable style!
Together with this release, we'll put out an alpha release 24.1a1 showcasing the draft
2024 stable style, which we'll finalize in the January release. Please try it out and
share your feedback.

This release (23.12.0) will still produce the 2023 style. Most but not all of the
changes in --preview mode will be in the 2024 stable style.

Stable style

• Fix bug where # fmt: off automatically dedents when used with the --line-ranges
  option, even when it is not within the specified line range. (#​4084)
• Fix feature detection for parenthesized context managers (#​4104)

Preview style

• Prefer more equal signs before a break when splitting chained assignments (#​4010)
• Standalone form feed characters at the module level are no longer removed (#​4021)
• Additional cases of immediately nested tuples, lists, and dictionaries are now
  indented less (#​4012)
• Allow empty lines at the beginning of all blocks, except immediately before a
  docstring (#​4060)
• Fix crash in preview mode when using a short --line-length (#​4086)
• Keep suites consisting of only an ellipsis on their own lines if they are not
  functions or class definitions (#​4066) (#​4103)

Configuration

• --line-ranges now skips Black's internal stability check in --safe mode. This
  avoids a crash on rare inputs that have many unformatted same-content lines. (#​4034)

Packaging

• Upgrade to mypy 1.7.1 (#​4049) (#​4069)
• Faster compiled wheels are now available for CPython 3.12 (#​4070)

Integrations

• Enable 3.12 CI (#​4035)
• Build docker images in parallel (#​4054)
• Build docker images with 3.12 (#​4055)

v23.11.0

Compare Source

Highlights

• Support formatting ranges of lines with the new --line-ranges command-line option
  (#​4020)

Stable style

• Fix crash on formatting bytes strings that look like docstrings (#​4003)
• Fix crash when whitespace followed a backslash before newline in a docstring (#​4008)
• Fix standalone comments inside complex blocks crashing Black (#​4016)
• Fix crash on formatting code like await (a ** b) (#​3994)
• No longer treat leading f-strings as docstrings. This matches Python's behaviour and
  fixes a crash (#​4019)

Preview style

• Multiline dicts and lists that are the sole argument to a function are now indented
  less (#​3964)
• Multiline unpacked dicts and lists as the sole argument to a function are now also
  indented less (#​3992)
• In f-string debug expressions, quote types that are visible in the final string are
  now preserved (#​4005)
• Fix a bug where long case blocks were not split into multiple lines. Also enable
  general trailing comma rules on case blocks (#​4024)
• Keep requiring two empty lines between module-level docstring and first function or
  class definition (#​4028)
• Add support for single-line format skip with other comments on the same line (#​3959)

Configuration

• Consistently apply force exclusion logic before resolving symlinks (#​4015)
• Fix a bug in the matching of absolute path names in --include (#​3976)

Performance

• Fix mypyc builds on arm64 on macOS (#​4017)

Integrations

• Black's pre-commit integration will now run only on git hooks appropriate for a code
  formatter (#​3940)

v23.10.1

Compare Source

Highlights

• Maintenance release to get a fix out for GitHub Action edge case (#​3957)

Preview style

• Fix merging implicit multiline strings that have inline comments (#​3956)
• Allow empty first line after block open before a comment or compound statement (#​3967)

Packaging

• Change Dockerfile to hatch + compile black (#​3965)

Integrations

• The summary output for GitHub workflows is now suppressible using the summary
  parameter. (#​3958)
• Fix the action failing when Black check doesn't pass (#​3957)

Documentation

• It is known Windows documentation CI is broken
  https://github.com/psf/black/issues/39683968

v23.10.0

Compare Source

Stable style

• Fix comments getting removed from inside parenthesized strings (#​3909)

Preview style

• Fix long lines with power operators getting split before the line length (#​3942)
• Long type hints are now wrapped in parentheses and properly indented when split across
  multiple lines (#​3899)
• Magic trailing commas are now respected in return types. (#​3916)
• Require one empty line after module-level docstrings. (#​3932)
• Treat raw triple-quoted strings as docstrings (#​3947)

Configuration

• Fix cache versioning logic when BLACK_CACHE_DIR is set (#​3937)

Parser

• Fix bug where attributes named type were not acccepted inside match statements
  (#​3950)
• Add support for PEP 695 type aliases containing lambdas and other unusual expressions
  (#​3949)

Output

• Black no longer attempts to provide special errors for attempting to format Python 2
  code (#​3933)
• Black will more consistently print stacktraces on internal errors in verbose mode
  (#​3938)

Integrations

• The action output displayed in the job summary is now wrapped in Markdown (#​3914)

v23.9.1

Compare Source

Due to various issues, the previous release (23.9.0) did not include compiled mypyc
wheels, which make Black significantly faster. These issues have now been fixed, and
this release should come with compiled wheels once again.

There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.

Packaging

• Upgrade to mypy 1.5.1 (#​3864)

Performance

• Store raw tuples instead of NamedTuples in Black's cache, improving performance and
  decreasing the size of the cache (#​3877)

v23.9.0

Compare Source

Preview style

• More concise formatting for dummy implementations (#​3796)
• In stub files, add a blank line between a statement with a body (e.g an
  if sys.version_info > (3, x):) and a function definition on the same level (#​3862)
• Fix a bug whereby spaces were removed from walrus operators within subscript(#​3823)

Configuration

• Black now applies exclusion and ignore logic before resolving symlinks (#​3846)

Performance

• Avoid importing IPython if notebook cells do not contain magics (#​3782)
• Improve caching by comparing file hashes as fallback for mtime and size (#​3821)

Blackd

• Fix an issue in blackd with single character input (#​3558)

Integrations

• Black now has an
  official pre-commit mirror. Swapping
  https://github.com/psf/black to https://github.com/psf/black-pre-commit-mirror in
  your .pre-commit-config.yaml will make Black about 2x faster (#​3828)
• The .black.env folder specified by ENV_PATH will now be removed on the completion
  of the GitHub Action (#​3759)

pycqa/flake8 (flake8)

v7.0.0

Compare Source

v6.1.0

Compare Source

kubernetes-client/python (kubernetes)

v29.0.0

Compare Source

Kubernetes API Version: v1.29.0

Bug or Regression

• Fix UTF-8 failures in Watch (#​2100, @​davidopic)
• Fix upper version boundary of urllib3, since other dependencies don't support urllib3 in version 2 (#​2105, @​jsaalfeld)

v28.1.0

Compare Source

Kubernetes API Version: v1.28.2

API Change

• Fixed a bug where CEL expressions in CRD validation rules would incorrectly compute a high estimated cost for functions that return strings, lists or maps.
  The incorrect cost was evident when the result of a function was used in subsequent operations. (kubernetes/kubernetes#119807, @​jpbetz) [SIG API Machinery, Auth and Cloud Provider]
• Mark Job onPodConditions as optional in pod failure policy (kubernetes/kubernetes#120208, @​mimowo) [SIG API Machinery and Apps]

pytest-dev/pytest (pytest)

v8.1.1

Compare Source

pytest 8.1.1 (2024-03-08)

::: {.note}
::: {.title}
Note
:::

This release is not a usual bug fix release -- it contains features and improvements, being a follow up
to 8.1.0, which has been yanked from PyPI.
:::

Features

• #​11475: Added the new consider_namespace_packages{.interpreted-text role="confval"} configuration option, defaulting to False.

  If set to True, pytest will attempt to identify modules that are part of namespace packages when importing modules.

• #​11653: Added the new verbosity_test_cases{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity.
  See Fine-grained verbosity <pytest.fine_grained_verbosity>{.interpreted-text role="ref"} for more details.

Improvements

• #​10865: pytest.warns{.interpreted-text role="func"} now validates that warnings.warn{.interpreted-text role="func"} was called with a [str]{.title-ref} or a [Warning]{.title-ref}.
  Currently in Python it is possible to use other types, however this causes an exception when warnings.filterwarnings{.interpreted-text role="func"} is used to filter those warnings (see CPython #​103577 for a discussion).
  While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.

• #​11311: When using --override-ini for paths in invocations without a configuration file defined, the current working directory is used
  as the relative directory.

  Previoulsy this would raise an AssertionError{.interpreted-text role="class"}.

• #​11475: --import-mode=importlib <import-mode-importlib>{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :pysys.path{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.

  This means that installed packages will be imported under their canonical name if possible first, for example app.core.models, instead of having the module name always be derived from their path (for example .env310.lib.site_packages.app.core.models).

• #​11801: Added the iter_parents() <_pytest.nodes.Node.iter_parents>{.interpreted-text role="func"} helper method on nodes.
  It is similar to listchain <_pytest.nodes.Node.listchain>{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.

• #​11850: Added support for sys.last_exc{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.

• #​11962: In case no other suitable candidates for configuration file are found, a pyproject.toml (even without a [tool.pytest.ini_options] table) will be considered as the configuration file and define the rootdir.

• #​11978: Add --log-file-mode option to the logging plugin, enabling appending to log-files. This option accepts either "w" or "a" and defaults to "w".

  Previously, the mode was hard-coded to be "w" which truncates the file before logging.

• #​12047: When multiple finalizers of a fixture raise an exception, now all exceptions are reported as an exception group.
  Previously, only the first exception was reported.

Bug Fixes

• #​11475: Fixed regression where --importmode=importlib would import non-test modules more than once.

• #​11904: Fixed a regression in pytest 8.0.0 that would cause test collection to fail due to permission errors when using --pyargs.

  This change improves the collection tree for tests specified using --pyargs, see 12043{.interpreted-text role="pull"} for a comparison with pytest 8.0 and <8.

• #​12011: Fixed a regression in 8.0.1 whereby setup_module xunit-style fixtures are not executed when --doctest-modules is passed.

• #​12014: Fix the stacklevel used when warning about marks used on fixtures.

• #​12039: Fixed a regression in 8.0.2 where tests created using tmp_path{.interpreted-text role="fixture"} have been collected multiple times in CI under Windows.

Improved Documentation

• #​11790: Documented the retention of temporary directories created using the tmp_path fixture in more detail.

Trivial/Internal Changes

• #​11785: Some changes were made to private functions which may affect plugins which access them:

  • FixtureManager._getautousenames() now takes a Node itself instead of the nodeid.
  • FixtureManager.getfixturedefs() now takes the Node itself instead of the nodeid.
  • The _pytest.nodes.iterparentnodeids() function is removed without replacement.
    Prefer to traverse the node hierarchy itself instead.
    If you really need to, copy the function from the previous pytest release.

• #​12069: Delayed the deprecation of the following features to 9.0.0:

  • node-ctor-fspath-deprecation{.interpreted-text role="ref"}.
  • legacy-path-hooks-deprecated{.interpreted-text role="ref"}.

  It was discovered after 8.1.0 was released that the warnings about the impeding removal were not being displayed, so the team decided to revert the removal.

  This is the reason for 8.1.0 being yanked.

pytest 8.1.0 (YANKED)

::: {.note}
::: {.title}
Note
:::

This release has been yanked: it broke some plugins without the proper warning period, due to
some warnings not showing up as expected.

See #​12069.
:::

v8.1.0

Compare Source

pytest 8.1.0 (YANKED)

[!IMPORTANT]
This release has been yanked: it broke some plugins without the proper warning period, due to some warnings not showing up as expected. See #​12069.

Features

• #​11475: Added the new consider_namespace_packages{.interpreted-text role="confval"} configuration option, defaulting to False.

  If set to True, pytest will attempt to identify modules that are part of namespace packages when importing modules.

• #​11653: Added the new verbosity_test_cases{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity.
  See Fine-grained verbosity <pytest.fine_grained_verbosity>{.interpreted-text role="ref"} for more details.

Improvements

• #​10865: pytest.warns{.interpreted-text role="func"} now validates that warnings.warn{.interpreted-text role="func"} was called with a [str]{.title-ref} or a [Warning]{.title-ref}.
  Currently in Python it is possible to use other types, however this causes an exception when warnings.filterwarnings{.interpreted-text role="func"} is used to filter those warnings (see CPython #​103577 for a discussion).
  While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.

• #​11311: When using --override-ini for paths in invocations without a configuration file defined, the current working directory is used
  as the relative directory.

  Previoulsy this would raise an AssertionError{.interpreted-text role="class"}.

• #​11475: --import-mode=importlib <import-mode-importlib>{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :pysys.path{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.

  This means that installed packages will be imported under their canonical name if possible first, for example app.core.models, instead of having the module name always be derived from their path (for example .env310.lib.site_packages.app.core.models).

• #​11801: Added the iter_parents() <_pytest.nodes.Node.iter_parents>{.interpreted-text role="func"} helper method on nodes.
  It is similar to listchain <_pytest.nodes.Node.listchain>{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.

• #​11850: Added support for sys.last_exc{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.

• #​11962: In case no other suitable candidates for configuration file are found, a pyproject.toml (even without a [tool.pytest.ini_options] table) will be considered as the configuration file and define the rootdir.

• #​11978: Add --log-file-mode option to the logging plugin, enabling appending to log-files. This option accepts either "w" or "a" and defaults to "w".

  Previously, the mode was hard-coded to be "w" which truncates the file before logging.

• #​12047: When multiple finalizers of a fixture raise an exception, now all exceptions are reported as an exception group.
  Previously, only the first exception was reported.

Bug Fixes

• #​11904: Fixed a regression in pytest 8.0.0 that would cause test collection to fail due to permission errors when using --pyargs.

  This change improves the collection tree for tests specified using --pyargs, see 12043{.interpreted-text role="pull"} for a comparison with pytest 8.0 and <8.

• #​12011: Fixed a regression in 8.0.1 whereby setup_module xunit-style fixtures are not executed when --doctest-modules is passed.

• #​12014: Fix the stacklevel used when warning about marks used on fixtures.

• #​12039: Fixed a regression in 8.0.2 where tests created using tmp_path{.interpreted-text role="fixture"} have been collected multiple times in CI under Windows.

Improved Documentation

• #​11790: Documented the retention of temporary directories created using the tmp_path fixture in more detail.

Trivial/Internal Changes

• #​11785: Some changes were made to private functions which may affect plugins which access them:
  • FixtureManager._getautousenames() now takes a Node itself instead of the nodeid.
  • FixtureManager.getfixturedefs() now takes the Node itself instead of the nodeid.
  • The _pytest.nodes.iterparentnodeids() function is removed without replacement.
    Prefer to traverse the node hierarchy itself instead.
    If you really need to, copy the function from the previous pytest release.

v8.0.2

Compare Source

pytest 8.0.2 (2024-02-24)

Bug Fixes

• #​11895: Fix collection on Windows where initial paths contain the short version of a path (for example c:\PROGRA~1\tests).
• #​11953: Fix an IndexError crash raising from getstatementrange_ast.
• #​12021: Reverted a fix to [--maxfail]{.title-ref} handling in pytest 8.0.0 because it caused a regression in pytest-xdist whereby session fixture teardowns may get executed multiple times when the max-fails is reached.

v8.0.1

Compare Source

pytest 8.0.1 (2024-02-16)

Bug Fixes

• #​11875: Correctly handle errors from getpass.getuser{.interpreted-text role="func"} in Python 3.13.
• #​11879: Fix an edge case where ExceptionInfo._stringify_exception could crash pytest.raises{.interpreted-text role="func"}.
• #​11906: Fix regression with pytest.warns{.interpreted-text role="func"} using custom warning subclasses which have more than one parameter in their [__init__]{.title-ref}.
• #​11907: Fix a regression in pytest 8.0.0 whereby calling pytest.skip{.interpreted-text role="func"} and similar control-flow exceptions within a pytest.warns(){.interpreted-text role="func"} block would get suppressed instead of propagating.
• #​11929: Fix a regression in pytest 8.0.0 whereby autouse fixtures defined in a module get ignored by the doctests in the module.
• #​11937: Fix a regression in pytest 8.0.0 whereby items would be collected in reverse order in some circumstances.

v8.0.0: pytest 8.0.0 (2024-01-27)

Compare Source

See 8.0.0rc1 and 8.0.0rc2 for the full changes since pytest 7.4!

Bug Fixes

• #​11842: Properly escape the reason of a skip <pytest.mark.skip ref>{.interpreted-text role="ref"} mark when writing JUnit XML files.
• #​11861: Avoid microsecond exceeds 1_000_000 when using log-date-format with %f specifier, which might cause the test suite to crash.

urllib3/urllib3 (urllib3)

v2.2.1

Compare Source

==================

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#&#8203;3331 <https://github.com/urllib3/urllib3/issues/3331>__)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#&#8203;3343 <https://github.com/urllib3/urllib3/issues/3343>__)
• Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. (#&#8203;2860 <https://github.com/urllib3/urllib3/issues/2860>__)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. (#&#8203;3261 <https://github.com/urllib3/urllib3/issues/3261>__)

v2.2.0

Compare Source

==================

• Added support for Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>, including streaming support in cross-origin isolated browser environments where threading is enabled. (#&#8203;2951 <https://github.com/urllib3/urllib3/issues/2951>)
• Added support for HTTPResponse.read1() method. (#&#8203;3186 <https://github.com/urllib3/urllib3/issues/3186>__)
• Added rudimentary support for HTTP/2. (#&#8203;3284 <https://github.com/urllib3/urllib3/issues/3284>__)
• Fixed issue where requests against urls with trailing dots were failing due to SSL errors
  when using proxy. (#&#8203;2244 <https://github.com/urllib3/urllib3/issues/2244>__)
• Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified
  to be always set to a boolean after connecting to a proxy. It could be
  None in some cases previously. (#&#8203;3130 <https://github.com/urllib3/urllib3/issues/3130>__)
• Fixed an issue where headers passed in a request with json= would be mutated (#&#8203;3203 <https://github.com/urllib3/urllib3/issues/3203>__)
• Fixed HTTPSConnection.is_verified to be set to False when connecting
  from a HTTPS proxy to an HTTP target. It was set to True previously. (#&#8203;3267 <https://github.com/urllib3/urllib3/issues/3267>__)
• Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (#&#8203;3268 <https://github.com/urllib3/urllib3/issues/3268>__)
• Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (#&#8203;3325 <https://github.com/urllib3/urllib3/issues/3325>__)
• Note for downstream distributors: To run integration tests, you now need to run the tests a second
  time with the --integration pytest flag. (#&#8203;3181 <https://github.com/urllib3/urllib3/issues/3181>__)

v2.1.0

Compare Source

==================

Read the v2 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. (#&#8203;2680 <https://github.com/urllib3/urllib3/issues/2680>__)
• Removed support for the deprecated SecureTransport TLS implementation. (#&#8203;2681 <https://github.com/urllib3/urllib3/issues/2681>__)
• Removed support for the end-of-life Python 3.7. (#&#8203;3143 <https://github.com/urllib3/urllib3/issues/3143>__)

Bugfixes

• Allowed loading CA certificates from memory for proxies. (#&#8203;3065 <https://github.com/urllib3/urllib3/issues/3065>__)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. (#&#8203;3174 <https://github.com/urllib3/urllib3/issues/3174>__)

v2.0.7

Compare Source

==================

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

v2.0.6

Compare Source

==================

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

v2.0.5

Compare Source

==================

• Allowed pyOpenSSL third-party module without any deprecation warning. (#&#8203;3126 <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. (#&#8203;3066 <https://github.com/urllib3/urllib3/issues/3066>__)

v2.0.4

Compare Source

==================

• Added support for union operators to HTTPHeaderDict (#&#8203;2254 <https://github.com/urllib3/urllib3/issues/2254>__)
• Added BaseHTTPResponse to urllib3.__all__ (#&#8203;3078 <https://github.com/urllib3/urllib3/issues/3078>__)
• Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event to have the same behavior as the standard library HTTP client (#&#8203;2757 <https://github.com/urllib3/urllib3/issues/2757>__)
• Relied on the standard library for checking hostnames in supported PyPy releases (#&#8203;3087 <https://github.com/urllib3/urllib3/issues/3087>__)

v2.0.3

Compare Source

==================

• Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (#&#8203;3020 <https://github.com/urllib3/urllib3/issues/3020>__)
• Deprecated URLs which don't have an explicit scheme (#&#8203;2950 <https://github.com/urllib3/urllib3/pull/2950>_)
• Fixed response decoding with Zstandard when compressed data is made of several frames. (#&#8203;3008 <https://github.com/urllib3/urllib3/issues/3008>__)
• Fixed assert_hostname=False to correctly skip hostname check. (#&#8203;3051 <https://github.com/urllib3/urllib3/issues/3051>__)

v2.0.2

Compare Source

==================

• Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data
  was still available to be read even if the underlying socket is closed. This prevents
  a compressed response from being truncated. (#&#8203;3009 <https://github.com/urllib3/urllib3/issues/3009>__)

v2.0.1

Compare Source

==================

• Fixed a socket leak when fingerprint or hostname verifications fail. (#&#8203;2991 <https://github.com/urllib3/urllib3/issues/2991>__)
• Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. (#&#8203;2998 <https://github.com/urllib3/urllib3/issues/2998>__)

v2.0.0

Compare Source

==================

Read the v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removed

• Removed support for Python 2.7, 3.5, and 3.6 (#&#8203;883 <https://github.com/urllib3/urllib3/issues/883>, #&#8203;2336 <https://github.com/urllib3/urllib3/issues/2336>).
• Removed fallback on certificate commonName in match_hostname() function.
  This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName
  is used to verify the hostname by default. To enable verifying the hostname against
  commonName use SSLContext.hostname_checks_common_name = True (#&#8203;2113 <https://github.com/urllib3/urllib3/issues/2113>__).
• Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL,
  wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#&#8203;2168 <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
  When an incompatible OpenSSL version is detected an ImportError is raised (#&#8203;2168 <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#&#8203;2082 <https://github.com/urllib3/urllib3/issues/2082>__).
• Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment (#&#8203;2044 <https://github.com/urllib3/urllib3/issues/2044>__).
• Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST (#&#8203;2086 <https://github.com/urllib3/urllib3/issues/2086>__).
• Removed urllib3.HTTPResponse.from_httplib (#&#8203;2648 <https://github.com/urllib3/urllib3/issues/2648>__).
• Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used (#&#8203;1897 <https://github.com/urllib3/urllib3/issues/1897>__).
• Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API.
  This change was made to ensure that from urllib3 import request imported the top-level request()
  function instead of the urllib3.request module (#&#8203;2269 <https://github.com/urllib3/urllib3/issues/2269>__).
• Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library (#&#8203;2233 <https://github.com/urllib3/urllib3/issues/2233>__).
• Removed the deprecated urllib3.contrib.ntlmpool module (#&#8203;2339 <https://github.com/urllib3/urllib3/issues/2339>__).
• Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module urllib3.util.ssl_ (#&#8203;2168 <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed urllib3.exceptions.SNIMissingWarning (#&#8203;2168 <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed the _prepare_conn method from HTTPConnectionPool. Previously this was only used to call HTTPSConnection.set_cert() by HTTPSConnectionPool (#&#8203;1985 <https://github.com/urllib3/urllib3/issues/1985>__).
• Removed tls_in_tls_required property from HTTPSConnection. This is now determined from the scheme parameter in HTTPConnection.set_tunnel() (#&#8203;1985 <https://github.com/urllib3/urllib3/issues/1985>__).
• Removed the strict parameter/attribute from HTTPConnection, HTTPSConnection, HTTPConnectionPool, HTTPSConnectionPool, and HTTPResponse (#&#8203;2064 <https://github.com/urllib3/urllib3/issues/2064>__).

Deprecated

• Deprecated HTTPResponse.getheaders() and HTTPResponse.getheader() which will be removed in urllib3 v2.1.0. Instead use HTTPResponse.headers and HTTPResponse.headers.get(name, default). (#&#8203;1543 <https://github.com/urllib3/urllib3/issues/1543>, #&#8203;2814 <https://github.com/urllib3/urllib3/issues/2814>).
• Deprecated urllib3.contrib.pyopenssl module which will be removed in urllib3 v2.1.0 (#&#8203;2691 <https://github.com/urllib3/urllib3/issues/2691>__).
• Deprecated urllib3.contrib.securetransport module which will be removed in urllib3 v2.1.0 (#&#8203;2692 <https://github.com/urllib3/urllib3/issues/2692>__).
• Deprecated ssl_version option in favor of ssl_minimum_version. ssl_version will be removed in urllib3 v2.1.0 (#&#8203;2110 <https://github.com/urllib3/urllib3/issues/2110>__).
• Deprecated the strict parameter of PoolManager.connection_from_context() as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#&#8203;2267 <https://github.com/urllib3/urllib3/issues/2267>__)
• Deprecated the NewConnectionError.pool attribute which will be removed in urllib3 v2.1.0 (#&#8203;2271 <https://github.com/urllib3/urllib3/issues/2271>__).
• Deprecated format_header_param_html5 and format_header_param in favor of format_multipart_header_param (#&#8203;2257 <https://github.com/urllib3/urllib3/issues/2257>__).
• Deprecated RequestField.header_formatter parameter which will be removed in urllib3 v2.1.0 (#&#8203;2257 <https://github.com/urllib3/urllib3/issues/2257>__).
• Deprecated HTTPSConnection.set_cert() method. Instead pass parameters to the HTTPSConnection constructor (#&#8203;1985 <https://github.com/urllib3/urllib3/issues/1985>__).
• Deprecated HTTPConnection.request_chunked() method which will be removed in urllib3 v2.1.0. Instead pass chunked=True to HTTPConnection.request() (#&#8203;1985 <https://github.com/urllib3/urllib3/issues/1985>__).

Added

• Added top-level urllib3.request function which uses a preconfigured module-global PoolManager instance (#&#8203;2150 <https://github.com/urllib3/urllib3/issues/2150>__).
• Added the json parameter to urllib3.request(), PoolManager.request(), and ConnectionPool.request() methods to send JSON bodies in requests. Using this parameter will set the header Content-Type: application/json if Content-Type isn't already defined.
  Added support for parsing JSON response bodies with HTTPResponse.json() method (#&#8203;2243 <https://github.com/urllib3/urllib3/issues/2243>__).
• Added type hints to the urllib3 module (#&#8203;1897 <https://github.com/urllib3/urllib3/issues/1897>__).
• Added ssl_minimum_version and ssl_maximum_version options which set
  SSLContext.minimum_version and `SSLContext

---

Configuration

📅 Schedule: Branch creation - "after 1am and before 3am every weekday" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Updating dependencies
Resolving dependencies...


Because pytest-microceph (0.1.0) @ git+https://github.com/canonical/[email protected]#subdirectory=python/pytest_plugins/microceph depends on both pytest (^7.4.4) and pytest (^7.4.4), pytest is required.
So, because charm depends on pytest (>=8.1.1,<9.0.0), version solving failed.