Urllib3

Latest version: v2.2.1

Safety actively analyzes 613705 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 8

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

[urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

- Fixed issue where `InsecureRequestWarning` was emitted for HTTPS connections when using Emscripten. (3331)
- Fixed `HTTPConnectionPool.urlopen` to stop automatically casting non-proxy headers to `HTTPHeaderDict`. This change was premature as it did not apply to proxy headers and `HTTPHeaderDict` does not handle byte header values correctly yet. (3343)
- Changed `ProtocolError` to `InvalidChunkLength` when response terminates before the chunk length is sent. (2860)
- Changed `ProtocolError` to be more verbose on incomplete reads with excess content. (3261)

2.2.0

🖥️ urllib3 now works in the browser

:tada: **This release adds experimental support for [using urllib3 in the browser with Pyodide](https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html)!** :tada:

Thanks to Joe Marshall (joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from `http.client`. Please report all bugs to the [urllib3 issue tracker](https://github.com/urllib3/urllib3/issues).

🚀 urllib3 is fundraising for HTTP/2 support

[urllib3 is raising ~$40,000 USD](https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support) to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects [please consider contributing financially](https://opencollective.com/urllib3) to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

- Added support for [Emscripten and Pyodide](https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html), including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951))
- Added support for `HTTPResponse.read1()` method. ([3186](https://github.com/urllib3/urllib3/issues/3186))
- Added rudimentary support for HTTP/2. ([3284](https://github.com/urllib3/urllib3/issues/3284))
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy. ([2244](https://github.com/urllib3/urllib3/issues/2244))
- Fixed `HTTPConnection.proxy_is_verified` and `HTTPSConnection.proxy_is_verified` to be always set to a boolean after connecting to a proxy. It could be `None` in some cases previously. ([3130](https://github.com/urllib3/urllib3/issues/3130))
- Fixed an issue where `headers` passed in a request with `json=` would be mutated ([3203](https://github.com/urllib3/urllib3/issues/3203))
- Fixed `HTTPSConnection.is_verified` to be set to `False` when connecting from a HTTPS proxy to an HTTP target. It was set to `True` previously. ([3267](https://github.com/urllib3/urllib3/issues/3267))
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([3268](https://github.com/urllib3/urllib3/issues/3268))
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([3325](https://github.com/urllib3/urllib3/issues/3325))

Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the `--integration` pytest flag. ([3181](https://github.com/urllib3/urllib3/issues/3181))

2.1.0

Read the [v2 migration guide](https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html) for help upgrading to the latest version of urllib3.

Removals

- Removed support for the deprecated urllib3[secure] extra. ([2680](https://github.com/urllib3/urllib3/issues/2680))
- Removed support for the deprecated SecureTransport TLS implementation. ([2681](https://github.com/urllib3/urllib3/issues/2681))
- Removed support for the end-of-life Python 3.7. ([3143](https://github.com/urllib3/urllib3/issues/3143))


Bugfixes

- Allowed loading CA certificates from memory for proxies. ([3065](https://github.com/urllib3/urllib3/issues/3065))
- Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding. ([3174](https://github.com/urllib3/urllib3/issues/3174))

2.0.7

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

Not secure
* Added the `Cookie` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via `Retry.remove_headers_on_redirect`. (GHSA-v845-jxx5-vc9f)

2.0.5

Not secure
- Allowed pyOpenSSL third-party module without any deprecation warning. [3126](https://github.com/urllib3/urllib3/issues/3126)
- Fixed default ``blocksize`` of ``HTTPConnection`` classes to match high-level classes. Previously was 8KiB, now 16KiB. [3066](https://github.com/urllib3/urllib3/issues/3066>)

Page 1 of 8

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.