⬆ Bump the pip group with 10 updates

[dependabot]

Bumps the pip group with 10 updates:

Package	From	To
black	23.3.0	24.3.0
pillow	9.5.0	10.3.0
aiohttp	3.8.4	3.9.2
certifi	2023.5.7	2023.7.22
fastapi	0.97.0	0.109.1
hnswlib	0.7.0	0.8.0
jinja2	3.1.2	3.1.3
pyarrow	12.0.1	14.0.1
starlette	0.27.0	0.35.1
urllib3	2.0.3	2.0.7

Updates black from 23.3.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates pillow from 9.5.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates aiohttp from 3.8.4 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

• Fixed server-side websocket connection leak.

  Related issues and pull requests on GitHub: #7978.

• Fixed web.FileResponse doing blocking I/O in the event loop.

  Related issues and pull requests on GitHub: #8012.

• Fixed double compress when compression enabled and compressed file exists in server file responses.

  Related issues and pull requests on GitHub: #8014.

• Added runtime type check for ClientSession timeout parameter.

  Related issues and pull requests on GitHub: #8021.

• Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

  Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

  Related issues and pull requests on GitHub: #8074.

• Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

• Fixed server-side websocket connection leak.

  Related issues and pull requests on GitHub: :issue:7978.

• Fixed web.FileResponse doing blocking I/O in the event loop.

  Related issues and pull requests on GitHub: :issue:8012.

• Fixed double compress when compression enabled and compressed file exists in server file responses.

  Related issues and pull requests on GitHub: :issue:8014.

• Added runtime type check for ClientSession timeout parameter.

  Related issues and pull requests on GitHub: :issue:8021.

• Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

  Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

  Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

• 24a6d64 Release v3.9.2 (#8082)
• 9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
• 435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
• d33bc21 Improve validation in HTTP parser (#8074) (#8078)
• 0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
• 3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
• 419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
• a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
• 437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
• 034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
• Additional commits viewable in compare view

Updates certifi from 2023.5.7 to 2023.7.22

Commits

• 8fb96ed 2023.07.22
• afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
• 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
• 44df761 Hash pin Actions and enable dependabot (#228)
• See full diff in compare view

Updates fastapi from 0.97.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

• ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

• ✨ Include HTTP 205 in status codes with no body. PR #10969 by @​tiangolo.

Refactors

• ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
• ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
• 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
• ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

• 📝 Tweak wording in help-fastapi.md. PR #11040 by @​tiangolo.
• 📝 Tweak docs for Behind a Proxy. PR #11038 by @​tiangolo.
• 📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @​Donnype.
• 📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @​jtemporal.
• 📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @​tiangolo.
• ✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @​RafalSkolasinski.
• 📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @​papb.
• ✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @​nilslindemann.
• ✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @​nilslindemann.
• ✏️ Fix typos for Spanish documentation. PR #10957 by @​jlopezlira.
• 📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @​jacob-indigo.
• ✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @​theoohoho.
• ✏️ Remove broken links from external_links.yml. PR #10943 by @​Torabek.
• 📝 Update template docs with more info about url_for. PR #5937 by @​EzzEddin.
• 📝 Update usage of Token model in security docs. PR #9313 by @​piotrszacilowski.
• ✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @​papb.
• 📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @​aanchlia.
• 📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @​hungtsetse.
• 📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @​softwarebloat.
• 📝 Review and rewording of en/docs/contributing.md. PR #10480 by @​nilslindemann.
• 📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @​mnrozhkov.
• 📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @​malicious.
• 📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @​JenySadadia.
• 📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @​nilslindemann.
• ✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @​ahmedabdou14.

Translations

• 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
• 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

• 7633d15 🔖 Release version 0.109.1
• a4de147 📝 Update release notes
• 9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
• ebf9723 📝 Update release notes
• 8590d0c 👥 Update FastAPI People (#11074)
• 063d7ff 📝 Update release notes
• 3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
• 6c4a143 📝 Update release notes
• d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
• 6f6e786 📝 Update release notes
• Additional commits viewable in compare view

Updates hnswlib from 0.7.0 to 0.8.0

Release notes

Sourced from hnswlib's releases.

v0.8.0

Highlights:

• Multi-vector document search and epsilon search (for now, only in C++)
• By default, there is no statistic aggregation, which speeds up the multi-threaded search (it does not seem like people are using it anyway: [Issue #495](nmslib/hnswlib#495)).
• Various bugfixes and improvements
• get_items now have return_type parameter, which can be either 'numpy' or 'list'

Huge thanks to the contributors:

1. Dmitry Yashunin (dyashuni) - Led the addition of a custom stop condition, multivector and epsilon search functionalities, and various code refinements and bug fixes.
2. Alexander Vieth (alxvth) - Contributed to resolving global linkage issues and improving Mac setup in the CI environment.
3. Taras Tsugrii (ttsugriy) - Focused on fixing build warnings, enhancing bruteforce removePoint functionality, and improving memory management.
4. aurora327 - Implemented more efficient AVX512 instruction sets in functions.
5. Étienne Mollier (emollier) - added a cap on the 'M' parameter and a typo.
6. Johan Rade (jrade) - Addressed a linking error when compiling with Visual Studio.
7. James Melville (jlmelville) - Addressed reordering warning, sign mismatch in loops, and standardized error handling using macros (#508 has the details)
8. stephematician - Resolved initialization order warning in GNU compilers.
9. moritz-h - Added CMake install targets and set CMake version range.
10. drons - Implemented functions for precise memory footprint control and fixed memory leak issues.
11. Atsushi Tatsuma (yoshoku) - Added a missing virtual destructor to BaseFilterFunctor.

Commits

• 3f34296 Merge pull request #523 from nmslib/develop
• 5a8fd34 Update README.md
• b9e0597 Bump library version
• ba284f5 update repo testing code
• 2142dc6 Stop condition (#490)
• d44bd5d Merge pull request #511 from stephematician/master
• 898bf5d Merge pull request #509 from jlmelville/patch-1
• c4418ea Merge pull request #508 from jlmelville/develop
• ae5ba1b Merge pull request #501 from jrade/master
• a9e62cb Add link to PR in comment
• Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• d9de4bb release version 3.1.3
• 50124e1 skip test pypi
• 9ea7222 use trusted publishing
• da703f7 use trusted publishing
• bce1746 use trusted publishing
• 7277d80 update pre-commit hooks
• 5c8a105 Make nested-trans-block exceptions nicer (#1918)
• 19a55db Make nested-trans-block exceptions nicer
• 7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
• 7dd3680 xmlattr filter disallows keys with spaces
• Additional commits viewable in compare view

Updates pyarrow from 12.0.1 to 14.0.1

Commits

• ba53748 MINOR: [Release] Update versions for 14.0.1
• 529f376 MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1
• b84bbca MINOR: [Release] Update CHANGELOG.md for 14.0.1
• f141709 GH-38607: [Python] Disable PyExtensionType autoload (#38608)
• 5a37e74 GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)
• 2dcee3f MINOR: [Release] Update versions for 14.0.0
• 297428c MINOR: [Release] Update .deb/.rpm changelogs for 14.0.0
• 3e9734f MINOR: [Release] Update CHANGELOG.md for 14.0.0
• 9f90995 GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)
• bd61239 GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)
• Additional commits viewable in compare view

Updates starlette from 0.27.0 to 0.35.1

Release notes

Sourced from starlette's releases.

Version 0.35.1

Fixed

• Stop using the deprecated "method" parameter in FileResponse inside of StaticFiles #2406.
• Make typing-extensions optional again #2409.

---

Full Changelog: encode/starlette@0.35.0...0.35.1

Version 0.35.0

Added

• Add *args to Middleware and improve its type hints #2381.

Fixed

• Use Iterable instead Iterator on iterate_in_threadpool #2362.

Changes

• Handle root_path to keep compatibility with mounted ASGI applications and WSGI #2400.
• Turn scope["client"] to None on TestClient #2377.

---

Full Changelog: encode/starlette@0.34.0...0.35.0

Version 0.34.0

Added

• Use ParamSpec for run_in_threadpool #2375.
• Add UploadFile.__repr__ #2360.

Fixed

• Merge URLs properly on TestClient #2376.
• Take weak ETags in consideration on StaticFiles #2334.

Deprecated

• Deprecate FileResponse(method=...) parameter #2366.

---

Full Changelog: encode/starlette@0.33.0...0.34.0

Version 0.33.0

Added

... (truncated)

Changelog

Sourced from starlette's changelog.

0.35.1

January 11, 2024

Fixed

• Stop using the deprecated "method" parameter in FileResponse inside of StaticFiles #2406.
• Make typing-extensions optional again #2409.

0.35.0

January 11, 2024

Added

• Add *args to Middleware and improve its type hints #2381.

Fixed

• Use Iterable instead Iterator on iterate_in_threadpool #2362.

Changes

• Handle root_path to keep compatibility with mounted ASGI applications and WSGI #2400.
• Turn scope["client"] to None on TestClient #2377.

0.34.0

December 16, 2023

Added

• Use ParamSpec for run_in_threadpool #2375.
• Add UploadFile.__repr__ #2360.

Fixed

• Merge URLs properly on TestClient #2376.
• Take weak ETags in consideration on StaticFiles #2334.

Deprecated

• Deprecate FileResponse(method=...) parameter #2366.

0.33.0

December 1, 2023

Added

... (truncated)

Commits

• c817605 Version 0.35.1 (#2410)
• 6c4ffee Make typing-extensions optional again (#2409)
• 3734e85 ♻️ Do not use the deprecated method parameter in FileResponse inside of `...
• 1081520 Version 0.35.0 (#2404)
• c3c6314 ♻️ Refactor logic to handle root_path to keep compatibility with ASGI and c...
• 8f2307d Bump trio from 0.22.2 to 0.23.2 (#2395)
• d28d491 Bump ruff from 0.1.6 to 0.1.9 (#2396)
• 5f9da0b Bump coverage from 7.3.2 to 7.4.0 (#2397)
• 04684c2 Bump typing-extensions from 4.8.0 to 4.9.0 (#2393)
• 8924759 Bump importlib-metadata from 6.9.0 to 7.0.1 (#2394)
• Additional commits viewable in compare view

Updates urllib3 from 2.0.3 to 2.0.7

Release notes

Sourced from urllib3's releases.

2.0.7

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

2.0.4

• Added support for union operators to HTTPHeaderDict (#2254)
• Added BaseHTTPResponse to urllib3.__all__ (#3078)
• Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event to have the same behavior as the standard library HTTP client (#2757)
• Relied on the standard library for checking hostnames in supported PyPy releases (#3087)

Changelog

Sourced from urllib3's changelog.

2.0.7 (2023-10-17)

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)

2.0.4 (2023-07-19)

• Added support for union operators to HTTPHeaderDict ([#2254](https://github.com/urllib3/urllib3/issues/2254) <https://github.com/urllib3/urllib3/issues/2254>__)
• Added BaseHTTPResponse to urllib3.__all__ ([#3078](https://github.com/urllib3/urllib3/issues/3078) <https://github.com/urllib3/urllib3/issues/3078>__)
• Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event to have the same behavior as the standard library HTTP client ([#2757](https://github.com/urllib3/urllib3/issues/2757) <https://github.com/urllib3/urllib3/issues/2757>__)
• Relied on the standard library for checking hostnames in supported PyPy releases ([#3087](https://github.com/urllib3/urllib3/issues/3087) <https://github.com/urllib3/urllib3/issues/3087>__)

Commits

• 56f01e0 Release 2.0.7

[dependabot]

Superseded by #206.