Scheduled daily dependency update on Thursday

[pyup-bot]

Update certifi from 2021.10.8 to 2025.1.31.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/certifi
• Repo: https://github.com/certifi/python-certifi

Update charset-normalizer from 2.0.6 to 3.4.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/charset-normalizer

Update idna from 3.2 to 3.10.

Changelog

3.10

+++++++++++++++++

- Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes
to UTS46 processing that will require more work to properly implement.

3.9

++++++++++++++++

- Update to Unicode 16.0.0
- Deprecate setup.cfg in favour of pyproject.toml
- Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8

++++++++++++++++

- Fix regression where IDNAError exception was not being produced for
certain inputs.
- Add support for Python 3.13, drop support for Python 3.5 as it is no
longer testable.
- Documentation improvements
- Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

3.7

++++++++++++++++

- Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6

++++++++++++++++

- Fix regression to include tests in source distribution.

3.5

++++++++++++++++

- Update to Unicode 15.1.0
- String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
- Fix typing error for codec encoding
- "setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
- Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
- Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.

3.4

++++++++++++++++

- Update to Unicode 15.0.0
- Migrate to pyproject.toml for build information (PEP 621)
- Correct another instance where generic exception was raised instead of
IDNAError for malformed input
- Source distribution uses zeroized file ownership for improved
reproducibility

Thanks to Seth Michael Larson for contributions to this release.

3.3

++++++++++++++++

- Update to Unicode 14.0.0
- Update to in-line type annotations
- Throw IDNAError exception correctly for some malformed input
- Advertise support for Python 3.10
- Improve testing regime on Github
- Fix Russian typo in documentation

Thanks to Jon Defresne, Hugo van Kemenade, Seth Michael Larson,
Patrick Ventuzelo and Boris Verhovsky for contributions to this
release.

Links

• PyPI: https://pypi.org/project/idna
• Changelog: https://data.safetycli.com/changelogs/idna/

Update requests from 2.26.0 to 2.32.3.

Changelog

2.32.3

-------------------

**Bugfixes**
- Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (6716)
- Fixed issue where Requests started failing to run on Python versions compiled
without the `ssl` module. (6724)

2.32.2

-------------------

**Deprecations**
- To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed `_get_connection` to
a new public API, `get_connection_with_tls_context`. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (6710)

2.32.1

-------------------

**Bugfixes**
- Add missing test certs to the sdist distributed on PyPI.

2.32.0

-------------------

**Security**
- Fixed an issue where setting `verify=False` on the first request from a
Session will cause subsequent requests to the _same origin_ to also ignore
cert verification, regardless of the value of `verify`.
(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

**Improvements**
- `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (6667)
- Requests now supports optional use of character detection
(`chardet` or `charset_normalizer`) when repackaged or vendored.
This enables `pip` and other projects to minimize their vendoring
surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present. (6702)

**Bugfixes**
- Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (6589)
- Fixed deserialization bug in JSONDecodeError. (6629)
- Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (6644)

**Deprecations**

- Requests has officially added support for CPython 3.12 (6503)
- Requests has officially added support for PyPy 3.9 and 3.10 (6641)
- Requests has officially dropped support for CPython 3.7 (6642)
- Requests has officially dropped support for PyPy 3.7 and 3.8 (6641)

**Documentation**
- Various typo fixes and doc improvements.

**Packaging**
- Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist. (6506)
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using `hatchling`. This should not impact the average user, but extremely old
versions of packaging utilities may have issues with the new packaging format.

2.31.0

-------------------

**Security**
- Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of `Proxy-Authorization` headers to destination servers when
following HTTPS redirects.

When proxies are defined with user info (`https://user:passproxy:8080`), Requests
will construct a `Proxy-Authorization` header that is attached to the request to
authenticate with the proxy.

In cases where Requests receives a redirect response, it previously reattached
the `Proxy-Authorization` header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are *strongly* encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.

Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.

Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q)
and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681).

2.30.0

-------------------

**Dependencies**
- ⚠️ Added support for urllib3 2.0. ⚠️

This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.

Users who wish to stay on urllib3 1.x can pin to `urllib3<2`.

2.29.0

-------------------

**Improvements**

- Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (6226)
- Requests relaxes header component requirements to support bytes/str subclasses. (6356)

2.28.2

-------------------

**Dependencies**

- Requests now supports charset\_normalizer 3.x. (6261)

**Bugfixes**

- Updated MissingSchema exception to suggest https scheme rather than http. (6188)

2.28.1

-------------------

**Improvements**

- Speed optimization in `iter_content` with transition to `yield from`. (6170)

**Dependencies**

- Added support for chardet 5.0.0 (6179)
- Added support for charset-normalizer 2.1.0 (6169)

2.28.0

-------------------

**Deprecations**

- ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (6091)
- Requests has officially dropped support for Python 3.6 (including pypy3.6). (6091)

**Improvements**

- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
an encoding to make `json()` API consistent. (6097)
- Parse header components consistently, raising an InvalidHeader error in
all invalid cases. (6154)
- Added provisional 3.11 support with current beta build. (6155)
- Requests got a makeover and we decided to paint it black. (6095)

**Bugfixes**

- Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable
cert verification. All Requests 2.x versions before 2.28.0 are affected. (6074)
- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with
`requests.exceptions.SSLError` for `content` and `iter_content`. (6057)
- Fixed issue where invalid Windows registry entries caused proxy resolution
to raise an exception rather than ignoring the entry. (6149)
- Fixed issue where entire payload could be included in the error message for
JSONDecodeError. (6036)

2.27.1

-------------------

**Bugfixes**

- Fixed parsing issue that resulted in the `auth` component being
dropped from proxy URLs. (6028)

2.27.0

-------------------

**Improvements**

- Officially added support for Python 3.10. (5928)

- Added a `requests.exceptions.JSONDecodeError` to unify JSON exceptions between
Python 2 and 3. This gets raised in the `response.json()` method, and is
backwards compatible as it inherits from previously thrown exceptions.
Can be caught from `requests.exceptions.RequestException` as well. (5856)

- Improved error text for misnamed `InvalidSchema` and `MissingSchema`
exceptions. This is a temporary fix until exceptions can be renamed
(Schema->Scheme). (6017)

- Improved proxy parsing for proxy URLs missing a scheme. This will address
recent changes to `urlparse` in Python 3.9+. (5917)

**Bugfixes**

- Fixed defect in `extract_zipped_paths` which could result in an infinite loop
for some paths. (5851)

- Fixed handling for `AttributeError` when calculating length of files obtained
by `Tarfile.extractfile()`. (5239)

- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.InvalidHeader` with
`requests.exceptions.InvalidHeader`. (5914)

- Fixed bug where two Host headers were sent for chunked requests. (5391)

- Fixed regression in Requests 2.26.0 where `Proxy-Authorization` was
incorrectly stripped from all requests sent with `Session.send`. (5924)

- Fixed performance regression in 2.26.0 for hosts with a large number of
proxies available in the environment. (5924)

- Fixed idna exception leak, wrapping `UnicodeError` with
`requests.exceptions.InvalidURL` for URLs with a leading dot (.) in the
domain. (5414)

**Deprecations**

- Requests support for Python 2.7 and 3.6 will be ending in 2022. While we
don't have exact dates, Requests 2.27.x is likely to be the last release
series providing support.

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://data.safetycli.com/changelogs/requests/
• Docs: https://requests.readthedocs.io

Update urllib3 from 1.26.7 to 2.3.0.

Changelog

2.3.0

==================

Features
--------

- Added ``HTTPResponse.shutdown()`` to stop any ongoing or future reads for a specific response. It calls ``shutdown(SHUT_RD)`` on the underlying socket. This feature was `sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>`__. (`#2868 <https://github.com/urllib3/urllib3/issues/2868>`__)
- Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly 
requests and streaming, and makes it possible to use in Node.js if you launch it as  ``node --experimental-wasm-stack-switching``. (`3400 <https://github.com/urllib3/urllib3/issues/3400>`__)
- Added the ``proxy_is_tunneling`` property to ``HTTPConnection`` and ``HTTPSConnection``. (`3285 <https://github.com/urllib3/urllib3/issues/3285>`__)
- Added pickling support to ``NewConnectionError`` and ``NameResolutionError``. (`3480 <https://github.com/urllib3/urllib3/issues/3480>`__)


Bugfixes
--------

- Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (`3489 <https://github.com/urllib3/urllib3/issues/3489>`__)


Deprecations and Removals
-------------------------

- Removed support for Python 3.8. (`3492 <https://github.com/urllib3/urllib3/issues/3492>`__)

2.2.3

==================

Features
--------

- Added support for Python 3.13. (`3473 <https://github.com/urllib3/urllib3/issues/3473>`__)

Bugfixes
--------

- Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1.
All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (`3053 <https://github.com/urllib3/urllib3/issues/3053>`__)
- Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting https://github.com/python/cpython/issues/103472. (`#3252 <https://github.com/urllib3/urllib3/issues/3252>`__)
- Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (`3413 <https://github.com/urllib3/urllib3/issues/3413>`__)
- Fixed a crash where certain standard library hash functions were absent in restricted environments. (`3432 <https://github.com/urllib3/urllib3/issues/3432>`__)
- Fixed mypy error when adding to ``HTTPConnection.default_socket_options``. (`3448 <https://github.com/urllib3/urllib3/issues/3448>`__)

HTTP/2 (experimental)
---------------------

HTTP/2 support is still in early development.

- Excluded Transfer-Encoding: chunked from HTTP/2 request body (`3425 <https://github.com/urllib3/urllib3/issues/3425>`__)
- Added version checking for ``h2`` (https://pypi.org/project/h2/) usage.

Now only accepting supported h2 major version 4.x.x. (`3290 <https://github.com/urllib3/urllib3/issues/3290>`__)
- Added a probing mechanism for determining whether a given target origin
supports HTTP/2 via ALPN. (`3301 <https://github.com/urllib3/urllib3/issues/3301>`__)
- Add support for sending a request body with HTTP/2 (`3302 <https://github.com/urllib3/urllib3/issues/3302>`__)


Deprecations and Removals
-------------------------

- Note for downstream distributors: the ``_version.py`` file has been removed and is now created at build time by hatch-vcs. (`3412 <https://github.com/urllib3/urllib3/issues/3412>`__)
- Drop support for end-of-life PyPy3.8 and PyPy3.9. (`3475 <https://github.com/urllib3/urllib3/issues/3475>`__)

2.2.2

==================

- Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``.
- Allowed passing negative integers as ``amt`` to read methods of ``http.client.HTTPResponse`` as an alternative to ``None``. (`3122 <https://github.com/urllib3/urllib3/issues/3122>`__)
- Fixed return types representing copying actions to use ``typing.Self``. (`3363 <https://github.com/urllib3/urllib3/issues/3363>`__)

2.2.1

==================

- Fixed issue where ``InsecureRequestWarning`` was emitted for HTTPS connections when using Emscripten. (`3331 <https://github.com/urllib3/urllib3/issues/3331>`__)
- Fixed ``HTTPConnectionPool.urlopen`` to stop automatically casting non-proxy headers to ``HTTPHeaderDict``. This change was premature as it did not apply to proxy headers and ``HTTPHeaderDict`` does not handle byte header values correctly yet. (`3343 <https://github.com/urllib3/urllib3/issues/3343>`__)
- Changed ``InvalidChunkLength`` to ``ProtocolError`` when response terminates before the chunk length is sent. (`2860 <https://github.com/urllib3/urllib3/issues/2860>`__)
- Changed ``ProtocolError`` to be more verbose on incomplete reads with excess content. (`3261 <https://github.com/urllib3/urllib3/issues/3261>`__)

2.2.0

==================

- Added support for `Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>`__, including streaming support in cross-origin isolated browser environments where threading is enabled. (`#2951 <https://github.com/urllib3/urllib3/issues/2951>`__)
- Added support for ``HTTPResponse.read1()`` method. (`3186 <https://github.com/urllib3/urllib3/issues/3186>`__)
- Added rudimentary support for HTTP/2. (`3284 <https://github.com/urllib3/urllib3/issues/3284>`__)
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy. (`2244 <https://github.com/urllib3/urllib3/issues/2244>`__)
- Fixed ``HTTPConnection.proxy_is_verified`` and ``HTTPSConnection.proxy_is_verified``
to be always set to a boolean after connecting to a proxy. It could be
``None`` in some cases previously. (`3130 <https://github.com/urllib3/urllib3/issues/3130>`__)
- Fixed an issue where ``headers`` passed in a request with ``json=`` would be mutated (`3203 <https://github.com/urllib3/urllib3/issues/3203>`__)
- Fixed ``HTTPSConnection.is_verified`` to be set to ``False`` when connecting
from a HTTPS proxy to an HTTP target. It was set to ``True`` previously. (`3267 <https://github.com/urllib3/urllib3/issues/3267>`__)
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (`3268 <https://github.com/urllib3/urllib3/issues/3268>`__)
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (`3325 <https://github.com/urllib3/urllib3/issues/3325>`__)
- Note for downstream distributors: To run integration tests, you now need to run the tests a second
time with the ``--integration`` pytest flag. (`3181 <https://github.com/urllib3/urllib3/issues/3181>`__)

2.1.0

==================

- Removed support for the deprecated urllib3[secure] extra. (`2680 <https://github.com/urllib3/urllib3/issues/2680>`__)
- Removed support for the deprecated SecureTransport TLS implementation. (`2681 <https://github.com/urllib3/urllib3/issues/2681>`__)
- Removed support for the end-of-life Python 3.7. (`3143 <https://github.com/urllib3/urllib3/issues/3143>`__)
- Allowed loading CA certificates from memory for proxies. (`3065 <https://github.com/urllib3/urllib3/issues/3065>`__)
- Fixed decoding Gzip-encoded responses which specified ``x-gzip`` content-encoding. (`3174 <https://github.com/urllib3/urllib3/issues/3174>`__)

2.0.7

==================

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6

==================

* Added the ``Cookie`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``.

2.0.5

==================

- Allowed pyOpenSSL third-party module without any deprecation warning. (`3126 <https://github.com/urllib3/urllib3/issues/3126>`__)
- Fixed default ``blocksize`` of ``HTTPConnection`` classes to match high-level classes. Previously was 8KiB, now 16KiB. (`3066 <https://github.com/urllib3/urllib3/issues/3066>`__)

2.0.4

==================

- Added support for union operators to ``HTTPHeaderDict`` (`2254 <https://github.com/urllib3/urllib3/issues/2254>`__)
- Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`3078 <https://github.com/urllib3/urllib3/issues/3078>`__)
- Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client (`2757 <https://github.com/urllib3/urllib3/issues/2757>`__)
- Relied on the standard library for checking hostnames in supported PyPy releases (`3087 <https://github.com/urllib3/urllib3/issues/3087>`__)

2.0.3

==================

- Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`3020 <https://github.com/urllib3/urllib3/issues/3020>`__)
- Deprecated URLs which don't have an explicit scheme (`2950 <https://github.com/urllib3/urllib3/pull/2950>`_)
- Fixed response decoding with Zstandard when compressed data is made of several frames. (`3008 <https://github.com/urllib3/urllib3/issues/3008>`__)
- Fixed ``assert_hostname=False`` to correctly skip hostname check. (`3051 <https://github.com/urllib3/urllib3/issues/3051>`__)

2.0.2

==================

- Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data
was still available to be read even if the underlying socket is closed. This prevents
a compressed response from being truncated. (`3009 <https://github.com/urllib3/urllib3/issues/3009>`__)

2.0.1

==================

- Fixed a socket leak when fingerprint or hostname verifications fail. (`2991 <https://github.com/urllib3/urllib3/issues/2991>`__)
- Fixed an error when ``HTTPResponse.read(0)`` was the first ``read`` call or when the internal response body buffer was otherwise empty. (`2998 <https://github.com/urllib3/urllib3/issues/2998>`__)

2.0.0

==================

Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`__ for help upgrading to the latest version of urllib3.

Removed
-------

* Removed support for Python 2.7, 3.5, and 3.6 (`883 <https://github.com/urllib3/urllib3/issues/883>`__, `#2336 <https://github.com/urllib3/urllib3/issues/2336>`__).
* Removed fallback on certificate ``commonName`` in ``match_hostname()`` function.
This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName``
is used to verify the hostname by default. To enable verifying the hostname against
``commonName`` use ``SSLContext.hostname_checks_common_name = True`` (`2113 <https://github.com/urllib3/urllib3/issues/2113>`__).
* Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL,
wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__).
* Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support.
When an incompatible OpenSSL version is detected an ``ImportError`` is raised (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__).
* Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`2082 <https://github.com/urllib3/urllib3/issues/2082>`__).
* Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment (`2044 <https://github.com/urllib3/urllib3/issues/2044>`__).
* Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` (`2086 <https://github.com/urllib3/urllib3/issues/2086>`__).
* Removed ``urllib3.HTTPResponse.from_httplib`` (`2648 <https://github.com/urllib3/urllib3/issues/2648>`__).
* Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used (`1897 <https://github.com/urllib3/urllib3/issues/1897>`__).
* Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API.
This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()``
function instead of the ``urllib3.request`` module (`2269 <https://github.com/urllib3/urllib3/issues/2269>`__).
* Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library (`2233 <https://github.com/urllib3/urllib3/issues/2233>`__).
* Removed the deprecated ``urllib3.contrib.ntlmpool`` module (`2339 <https://github.com/urllib3/urllib3/issues/2339>`__).
* Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__).
* Removed ``urllib3.exceptions.SNIMissingWarning`` (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__).
* Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Removed the ``strict`` parameter/attribute from ``HTTPConnection``, ``HTTPSConnection``, ``HTTPConnectionPool``, ``HTTPSConnectionPool``, and ``HTTPResponse`` (`2064 <https://github.com/urllib3/urllib3/issues/2064>`__).

Deprecated
----------

* Deprecated ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` which will be removed in urllib3 v2.1.0. Instead use ``HTTPResponse.headers`` and ``HTTPResponse.headers.get(name, default)``. (`1543 <https://github.com/urllib3/urllib3/issues/1543>`__, `#2814 <https://github.com/urllib3/urllib3/issues/2814>`__).
* Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 (`2691 <https://github.com/urllib3/urllib3/issues/2691>`__).
* Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 (`2692 <https://github.com/urllib3/urllib3/issues/2692>`__).
* Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__).
* Deprecated the ``strict`` parameter of ``PoolManager.connection_from_context()`` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`2267 <https://github.com/urllib3/urllib3/issues/2267>`__)
* Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 (`2271 <https://github.com/urllib3/urllib3/issues/2271>`__).
* Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__).
* Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__).
* Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).

Added
-----

* Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance (`2150 <https://github.com/urllib3/urllib3/issues/2150>`__).
* Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined.
Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method (`2243 <https://github.com/urllib3/urllib3/issues/2243>`__).
* Added type hints to the ``urllib3`` module (`1897 <https://github.com/urllib3/urllib3/issues/1897>`__).
* Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set
``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__).
* Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed.
Added the ``zstd`` extra which installs the ``zstandard`` package (`1992 <https://github.com/urllib3/urllib3/issues/1992>`__).
* Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` (`2083 <https://github.com/urllib3/urllib3/issues/2083>`__).
* Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool (`2197 <https://github.com/urllib3/urllib3/issues/2197>`__).
* Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace (`2216 <https://github.com/urllib3/urllib3/issues/2216>`__).
* Added support for configuring header merging behavior with HTTPHeaderDict
When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate
header values will be repeated. But if ``combine=True`` is passed into a call to
``HTTPHeaderDict.add``, then the added header value will be merged in with an existing
value into a comma-separated list (``X-My-Header: foo, bar``) (`2242 <https://github.com/urllib3/urllib3/issues/2242>`__).
* Added ``NameResolutionError`` exception when a DNS error occurs (`2305 <https://github.com/urllib3/urllib3/issues/2305>`__).
* Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` (`2409 <https://github.com/urllib3/urllib3/issues/2409>`__).
* Added a configurable ``backoff_max`` parameter to the ``Retry`` class.
If a custom ``backoff_max`` is provided to the ``Retry`` class, it
will replace the ``Retry.DEFAULT_BACKOFF_MAX`` (`2494 <https://github.com/urllib3/urllib3/issues/2494>`__).
* Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI (`2520 <https://github.com/urllib3/urllib3/issues/2520>`__).
* Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Added optional ``backoff_jitter`` parameter to ``Retry``. (`2952 <https://github.com/urllib3/urllib3/issues/2952>`__)

Changed
-------

* Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method:

* Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed).
* Never returns more bytes than requested.
* Can issue any number of system calls: zero, one or multiple.

If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` (`2128 <https://github.com/urllib3/urllib3/issues/2128>`__).
* Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` (`2648 <https://github.com/urllib3/urllib3/issues/2648>`__).
* Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version``
and ``SSLContext.maximum_version`` values.  Regardless of ``ssl_version`` passed
``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` (`2110 <https://github.com/urllib3/urllib3/issues/2110>`__).
* Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 (`2373 <https://github.com/urllib3/urllib3/issues/2373>`__).
* Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`2482 <https://github.com/urllib3/urllib3/pull/2482>`__).
* Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with
a default value. The new default will be cipher suites configured by the operating system (`2168 <https://github.com/urllib3/urllib3/issues/2168>`__).
* Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`2257 <https://github.com/urllib3/urllib3/issues/2257>`__).
* Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` (`2589 <https://github.com/urllib3/urllib3/issues/2589>`__).
* Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` (`2515 <https://github.com/urllib3/urllib3/issues/2515>`__).
* Changed ``enforce_content_length`` default to True, preventing silent data loss when reading streamed responses (`2514 <https://github.com/urllib3/urllib3/issues/2514>`__).
* Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance (`2080 <https://github.com/urllib3/urllib3/issues/2080>`__).
* Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` (`2628 <https://github.com/urllib3/urllib3/issues/2628>`__).
* Changed usage of the deprecated ``socket.error`` to ``OSError`` (`2120 <https://github.com/urllib3/urllib3/issues/2120>`__).
* Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading
data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) (`1985 <https://github.com/urllib3/urllib3/issues/1985>`__).
* Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``.
* Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible (`2452 <https://github.com/urllib3/urllib3/pull/2452>`__).
* Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` (`2537 <https://github.com/urllib3/urllib3/pull/2537>`__).
* Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts (`2348 <https://github.com/urllib3/urllib3/pull/2348>`__).
* Changed ``HTTPResponse.read()`` to raise an error when calling with ``decode_content=False`` after using ``decode_content=True`` to prevent data loss (`2800 <https://github.com/urllib3/urllib3/issues/2800>`__).

Fixed
-----

* Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`1252 <https://github.com/urllib3/urllib3/issues/1252>`__).
* Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout.
Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used (`2645 <https://github.com/urllib3/urllib3/issues/2645>`__).
* Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` (`2118 <https://github.com/urllib3/urllib3/issues/2118>`__).
* Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` (`2213 <https://github.com/urllib3/urllib3/issues/2213>`__).
* Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature (`2272 <https://github.com/urllib3/urllib3/issues/2272>`__).
* Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` (`2277 <https://github.com/urllib3/urllib3/issues/2277>`__).
* Fixed a socket leak if ``HTTPConnection.connect()`` fails (`2571 <https://github.com/urllib3/urllib3/pull/2571>`__).
* Fixed ``urllib3.contrib.pyopenssl.WrappedSocket`` and ``urllib3.contrib.securetransport.WrappedSocket`` close methods (`2970 <https://github.com/urllib3/urllib3/issues/2970>`__)

1.26.20

====================

* Fixed a crash where certain standard library hash functions were absent in
FIPS-compliant environments.
(`3432 <https://github.com/urllib3/urllib3/issues/3432>`__)
* Replaced deprecated dash-separated setuptools entries in ``setup.cfg``.
(`3461 <https://github.com/urllib3/urllib3/pull/3461>`__)
* Took into account macOS setting ``ECONNRESET`` instead of ``EPROTOTYPE`` in
its newer versions.
(`3416 <https://github.com/urllib3/urllib3/pull/3416>`__)
* Backported changes to our tests and CI configuration from v2.x to support
testing with CPython 3.12 and 3.13.
(`3436 <https://github.com/urllib3/urllib3/pull/3436>`__)

1.26.19

====================

* Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``.
* Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. (`3405 <https://github.com/urllib3/urllib3/issues/3405>`__)

1.26.18

====================

* Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17

====================

* Added the ``Cookie`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``. (`3139 <https://github.com/urllib3/urllib3/pull/3139>`_)

1.26.16

====================

* Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins
would cause connection pools to be closed while requests are in progress (`2954 <https://github.com/urllib3/urllib3/pull/2954>`_)

1.26.15

====================

* Fix socket timeout value when ``HTTPConnection`` is reused (`2645 <https://github.com/urllib3/urllib3/issues/2645>`__)
* Remove "!" character from the unreserved characters in IPv6 Zone ID parsing
(`2899 <https://github.com/urllib3/urllib3/issues/2899>`__)
* Fix IDNA handling of '\x80' byte (`2901 <https://github.com/urllib3/urllib3/issues/2901>`__)

1.26.14

====================

* Fixed parsing of port 0 (zero) returning None, instead of 0. (`2850 <https://github.com/urllib3/urllib3/issues/2850>`__)
* Removed deprecated getheaders() calls in contrib module. Fixed the type hint of ``PoolKey.key_retries`` by adding ``bool`` to the union. (`2865 <https://github.com/urllib3/urllib3/issues/2865>`__)

1.26.13

====================

* Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods.
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
even when the port number after removing the zeroes was valid.
* Fixed a deprecation warning when using cryptography v39.0.0.
* Removed the ``<4`` in the ``Requires-Python`` packaging metadata field.

1.26.12

====================

* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
for justification and info on how to migrate.

1.26.11

====================

* Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would
raise an ``OverflowError`` on Python 3.9 and earlier.

1.26.10

====================

* Removed support for Python 3.5
* Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.

1.26.9

===================

* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still
receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``.
This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.

1.26.8

===================

* Added extra message to ``urllib3.exceptions.ProxyError`` when urllib3 detects that
a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF``
to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0.
* Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname``
to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged
by downstream distributors.
* Fixed absolute imports, all imports are now relative.

Links

• PyPI: https://pypi.org/project/urllib3
• Changelog: https://data.safetycli.com/changelogs/urllib3/

Update atomicwrites from 1.4.0 to 1.4.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/atomicwrites
• Repo: https://github.com/untitaker/python-atomicwrites

Update attrs from 21.2.0 to 25.1.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/attrs

Update colorama from 0.4.4 to 0.4.6.

Changelog

0.4.6

* https://github.com/tartley/colorama/pull/139 Add alternative to 'init()',
 called 'just_fix_windows_console'. This fixes many longstanding problems
 with 'init', such as working incorrectly on modern Windows terminals, and
 wonkiness when init gets called multiple times. The intention is that it
 just makes all Windows terminals treat ANSI the same way as other terminals
 do. Many thanks the njsmith for fixing our messes. 
* https://github.com/tartley/colorama/pull/352 Support Windows 10's ANSI/VT
 console. This didn't exist when Colorama was created, and avoiding us
 causing havok there is long overdue. Thanks to segeviner for the initial
 approach, and to njsmith for getting it merged.
* https://github.com/tartley/colorama/pull/338 Internal overhaul of package
 metadata declaration, which abolishes our use of the now heavily
 discouraged setuptools (and hence setup.py, setup.cfg and MANIFEST.in), in
 favor of hatchling (and hence pyproject.toml), generously contributed by
 ofek (author of hatchling). This includes dropping support Python3.5 and
 3.6, which are EOL, and were already dropped from setuptools, so this
 should not affect our users.
* https://github.com/tartley/colorama/pull/353 Attention to detail award to
 LqdBcnAtWork for a spelling fix in demo06

0.4.5

* Catch a racy ValueError that could occur on exit.
* Create README-hacking.md, for Colorama contributors.
* Tweak some README unicode characters that don't render correctly on PyPI.
* Fix some tests that were failing on some operating systems.
* Add support for Python 3.9.
* Add support for PyPy3.
* Add support for pickling with the ``dill`` module.

Links

• PyPI: https://pypi.org/project/colorama
• Changelog: https://data.safetycli.com/changelogs/colorama/

Update coverage from 6.0.1 to 7.6.12.

Changelog

7.6.12

---------------------------

- Fix: some aarch64 distributions were missing (`issue 1927`_).  These are now
building reliably.

.. _issue 1927: https://github.com/nedbat/coveragepy/issues/1927

.. _changes_7-6-11:

7.6.11

---------------------------

- Fix: a memory leak in CTracer has been fixed.  The details are in `issue
1924`_ and `pytest-dev 676`_.  This should reduce the memory footprint for
everyone even if it hadn't caused a problem before.

- We now ship a py3-none-any.whl wheel file.  Thanks, `Russell Keith-Magee
<pull 1914_>`_.

.. _pull 1914: https://github.com/nedbat/coveragepy/pull/1914
.. _issue 1924: https://github.com/nedbat/coveragepy/issues/1924
.. _pytest-dev 676: https://github.com/pytest-dev/pytest-cov/issues/676

.. _changes_7-6-10:

7.6.10

---------------------------

- Fix: some descriptions of missing branches in HTML and LCOV reports were
incorrect when multi-line statements were involved (`issue 1874`_ and `issue
1875`_).  These are now fixed.

- Fix: Python 3.14 `defers evaluation of annotations <pep649_>`_ by moving them
into separate code objects.  That code is rarely executed, so coverage.py
would mark them as missing, as reported in `issue 1908`_.  Now they are
ignored by coverage automatically.

- Fixed an obscure and mysterious problem on PyPy 3.10 seemingly involving
mocks, imports, and trace functions: `issue 1902`_.  To be honest, I don't
understand the problem or the solution, but ``git bisect`` helped find it,
and now it's fixed.

- Docs: re-wrote the :ref:`subprocess` page to put multiprocessing first and to
highlight the correct use of :class:`multiprocessing.Pool
<python:multiprocessing.pool.Pool>`.

.. _issue 1874: https://github.com/nedbat/coveragepy/issues/1874
.. _issue 1875: https://github.com/nedbat/coveragepy/issues/1875
.. _issue 1902: https://github.com/nedbat/coveragepy/issues/1902
.. _issue 1908: https://github.com/nedbat/coveragepy/issues/1908
.. _pep649: https://docs.python.org/3.14/whatsnew/3.14.html#pep-649-deferred-evaluation-of-annotations


.. _changes_7-6-9:

7.6.9

--------------------------

- Fix: `Tomas Uribe fixed <pull 1901_>`_ a performance problem in the XML
report.  Large code bases should produce XML reports much faster now.

.. _pull 1901: https://github.com/nedbat/coveragepy/pull/1901


.. _changes_7-6-8:

7.6.8

--------------------------

- Fix: the LCOV report code assumed that a branch line that took no branches
meant that the entire line was unexecuted.  This isn't true in a few cases:
the line might always raise an exception, or might have been optimized away.
Fixes `issue 1896`_.

- Fix: similarly, the HTML report will now explain that a line that jumps to
none of its expected destinations must have always raised an exception.
Previously, it would say something nonsensical like, "line 4 didn't jump to
line 5 because line 4 was never true, and it didn't jump to line 7 because
line 4 was always true."  This was also shown in `issue 1896`_.

.. _issue 1896: https://github.com/nedbat/coveragepy/issues/1896


.. _changes_7-6-7:

7.6.7

--------------------------

- Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild,
so it's been restored to a conditional.  Sorry for the churn.


.. _changes_7-6-6:

7.6.6

--------------------------

- One of the new asserts from 7.6.5 caused problems in real projects, as
reported in `issue 1891`_.  The assert has been removed.

.. _issue 1891: https://github.com/nedbat/coveragepy/issues/1891


.. _changes_7-6-5:

7.6.5

--------------------------

- Fix: fine-tuned the exact Python version (3.12.6) when exiting from ``with``
statements changed how they traced.  This affected whether people saw the
fix for `issue 1880`_.

- Fix: isolate our code more from mocking in the os module that in rare cases
can cause `bizarre behavior <pytest-cov-666_>`_.

- Refactor: some code unreachable code paths in parser.py were changed to
asserts.  If you encounter any of these, please let me know!

.. _pytest-cov-666: https://github.com/pytest-dev/pytest-cov/issues/666


.. _changes_7-6-4:

7.6.4

--------------------------

- Fix: multi-line ``with`` statements could cause contained branches to be
incorrectly marked as missing (`issue 1880`_).  This is now fixed.

.. _issue 1880: https://github.com/nedbat/coveragepy/issues/1880


.. _changes_7-6-3:

7.6.3

--------------------------

- Fix: nested context managers could incorrectly be analyzed to flag a missing
branch on the last context manager, as described in `issue 1876`_.  This is
now fixed.

- Fix: the missing branch message about not exiting a module had an extra
"didn't," as described in `issue 1873`_.  This is now fixed.

.. _issue 1873: https://github.com/nedbat/coveragepy/issues/1873
.. _issue 1876: https://github.com/nedbat/coveragepy/issues/1876


.. _changes_7-6-2:

7.6.2

--------------------------

- Dropped support for Python 3.8 and PyPy 3.8.

- Fix: a final wildcard match/case clause assigning to a name (``case _ as
value``) was incorrectly marked as a missing branch.  This is now fixed,
closing `issue 1860`_.

- Fewer things are considered branches now. Lambdas, comprehensions, and
generator expressions are no longer marked as missing branches if they don't
complete execution.  Closes `issue 1852`_.

- Fix: the HTML report didn't properly show multi-line f-strings that end with
a backslash continuation.  This is now fixed, closing `issue 1836`_, thanks
to `LiuYinCarl and Marco Ricci <pull 1838_>`_.

- Fix: the LCOV report now has correct line numbers (fixing `issue 1846`_) and
better branch descriptions for BRDA records (fixing `issue 1850`_).  There
are other changes to lcov also, including a new configuration option
:ref:`line_checksums <config_lcov_line_checksums>` to control whether line
checksums are included in the lcov report.  The default is false. To keep
checksums set it to true.  All this work is thanks to Zack Weinberg
(`pull 1849`_ and `pull 1851`_).

- Fixed the docs for multi-line regex exclusions, closing `issue 1863`_.

- Fixed a potential crash in the C tracer, closing `issue 1835`_, thanks to
`Jan Kühle <pull 1843_>`_.

.. _issue 1835: https://github.com/nedbat/coveragepy/issues/1835
.. _issue 1836: https://github.com/nedbat/coveragepy/issues/1836
.. _pull 1838: https://github.com/nedbat/coveragepy/pull/1838
.. _pull 1843: https://github.com/nedbat/coveragepy/pull/1843
.. _issue 1846: https://github.com/nedbat/coveragepy/issues/1846
.. _pull 1849: https://github.com/nedbat/coveragepy/pull/1849
.. _issue 1850: https://github.com/nedbat/coveragepy/issues/1850
.. _pull 1851: https://github.com/nedbat/coveragepy/pull/1851
.. _issue 1852: https://github.com/nedbat/coveragepy/issues/1852
.. _issue 1860: https://github.com/nedbat/coveragepy/issues/1860
.. _issue 1863: https://github.com/nedbat/coveragepy/issues/1863


.. _changes_7-6-1:

7.6.1

--------------------------

- Fix: coverage used to fail when measuring code using :func:`runpy.run_path
<python:runpy.run_path>` with a :class:`Path <python:pathlib.Path>` argument.
This is now fixed, thanks to `Ask Hjorth Larsen <pull 1819_>`_.

- Fix: backslashes preceding a multi-line backslashed string could confuse the
HTML report.  This is now fixed, thanks to `LiuYinCarl <pull 1828_>`_.

- Now we publish wheels for Python 3.13, both regular and free-threaded.

.. _pull 1819: https://github.com/nedbat/coveragepy/pull/1819
.. _pull 1828: https://github.com/nedbat/coveragepy/pull/1828


.. _changes_7-6-0:

7.6.0

--------------------------

- Exclusion patterns can now be multi-line, thanks to `Daniel Diniz <pull
1807_>`_.  This enables many interesting exclusion use-cases, including those
requested in issues `118 <issue 118_>`_ (entire files), `996
<issue 996_>`_ (multiple lines only when appearing together), `1741
<issue 1741_>`_ (remainder of a function), and `1803 <issue 1803_>`_
(arbitrary sequence of marked lines).  See the :ref:`multi_line_exclude`
section of the docs for more details and examples.

- The JSON report now includes per-function and per-class coverage information.
Thanks to `Daniel Diniz <pull 1809_>`_ for getting the work started. This
closes `issue 1793`_ and `issue 1532`_.

- Fixed an incorrect calculation of "(no class)" lines in the HTML classes
report.

- Python 3.13.0b3 is supported.

.. _issue 118: https://github.com/nedbat/coveragepy/issues/118
.. _issue 996: https://github.com/nedbat/coveragepy/issues/996
.. _issue 1532: https://github.com/nedbat/coveragepy/issues/1532
.. _issue 1741: https://github.com/nedbat/coveragepy/issues/1741
.. _issue 1793: https://github.com/nedbat/coveragepy/issues/1793
.. _issue 1803: https://github.com/nedbat/coveragepy/issues/1803
.. _pull 1807: https://github.com/nedbat/coveragepy/pull/1807
.. _pull 1809: https://github.com/nedbat/coveragepy/pull/1809

.. _changes_7-5-4:

7.5.4

--------------------------

- If you attempt to combine statement coverage data with branch coverage data,
coverage.py used to fail with the message "Can't combine arc data with line
data" or its reverse, "Can't combine line data with arc data."  These
messages used internal terminology, making it hard for people to understand
the problem.  They are now changed to mention "branch coverage data" and
"statement coverage data."

- Fixed a minor branch coverage problem with wildcard match/case cases using
names or guard clauses.

- Started testing on 3.13 free-threading (nogil) builds of Python.  I'm not
claiming full support yet.  Closes `issue 1799`_.

.. _issue 1799: https://github.com/nedbat/coveragepy/issues/1799


.. _changes_7-5-3:

7.5.3

--------------------------

- Performance improvements for combining data files, especially when measuring
line coverage. A few different quadratic behaviors were eliminated. In one
extreme case of combining 700+ data files, the time dropped from more than
three hours to seven minutes.  Thanks for Kraken Tech for funding the fix.

- Performance improvements for generating HTML reports, with a side benefit of
reducing memory use, closing `issue 1791`_.  Thanks to Daniel Diniz for
helping to diagnose the problem.

.. _issue 1791: https://github.com/nedbat/coveragepy/issues/1791


.. _changes_7-5-2:

7.5.2

--------------------------

- Fix: nested matches of exclude patterns could exclude too much code, as
reported in `issue 1779`_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line.  Now module docstrings are never counted
as executable statements.  This can change coverage.py's count of the number
of statements in a file, which can slightly change the coverage percentage
reported.

- In the HTML report, the filter term and "hide covered" checkbox settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`_.

- Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam DeVoe
<pull 1788_>`_. Closes `issue 1787`_.

.. _pull 1776: https://github.com/nedbat/coveragepy/pull/1776
.. _issue 1779: https://github.com/nedbat/coveragepy/issues/1779
.. _issue 1787: https://github.com/nedbat/coveragepy/issues/1787
.. _pull 1788: https://github.com/nedbat/coveragepy/pull/1788


.. _changes_7-5-1:

7.5.1

--------------------------

- Fix: a pragma comment on the continuation lines of a multi-line statement
now excludes the statement and its body, the same as if the pragma is
on the first line. This closes `issue 754`_. The fix was contributed by
`Daniel Diniz <pull 1773_>`_.

- Fix: very complex source files like `this one <resolvent_lookup_>`_ could
cause a maximum recursion error when creating an HTML report.  This is now
fixed, closing `issue 1774`_.

- HTML report improvements:

- Support files (JavaScript and CSS) referenced by the HTML report now have
 hashes added to their names to ensure updated files are used instead of
 stale cached copies.

- Missing branch coverage explanations that said "the condition was never
 false" now read "the condition was always true" because it's easier to
 understand.

- Column sort order is remembered better as you move between the index pages,
 fixing `issue 1766`_.  Thanks, `Daniel Diniz <pull 1768_>`_.


.. _resolvent_lookup: https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py
.. _issue 754: https://github.com/nedbat/coveragepy/issues/754
.. _issue 1766: https://github.com/nedbat/coveragepy/issues/1766
.. _pull 1768: https://github.com/nedbat/coveragepy/pull/1768
.. _pull 1773: https://github.com/nedbat/coveragepy/pull/1773
.. _issue 1774: https://github.com/nedbat/coveragepy/issues/1774


.. _changes_7-5-0:

7.5.0

--------------------------

- Added initial support for function and class reporting in the HTML report.
There are now three index pages which link to each other: files, functions,
and classes.  Other reports don't yet have this information, but it will be
added in the future where it makes sense.  Feedback gladly accepted!
Finishes `issue 780`_.

- Other HTML report improvements:

- There is now a "hide covered" checkbox to filter out 100% files, finishing
 `issue 1384`_.

- The index page is always sorted by one of its columns, with clearer
 indications of the sorting.

- The "previous file" shortcut key didn't work on the index page, but now it
 does, fixing `issue 1765`_.

- The debug output showing which configuration files were tried now shows
absolute paths to help diagnose problems where settings aren't taking effect,
and is renamed from "attempted_config_files" to the more logical
"config_files_attempted."

- Python 3.13.0a6 is supported.

.. _issue 780: https://github.com/nedbat/coveragepy/issues/780
.. _issue 1384: https://github.com/nedbat/coveragepy/issues/1384
.. _issue 1765: https://github.com/nedbat/coveragepy/issues/1765


.. _changes_7-4-4:

7.4.4

--------------------------

- Fix: in some cases, even with ``[run] relative_files=True``, a data file
could be created with absolute path names.  When combined with other relative
data files, it was random whether the absolute file names would be made
relative or not. If they weren't, then a file would be listed twice in
reports, as detailed in `issue 1752`_.  This is now fixed: absolute file
names are always made relative when combining.  Thanks to Bruno Rodrigues dos
Santos for support.

- Fix: the last case of a match/case statement had an incorrect message if the
branch was missed.  It said the pattern never matched, when actually the
branch is missed if the last case always matched.

- Fix: clicking a line number in the HTML report now positions more accurately.

- Fix: the ``report:format`` setting was defined as a boolean, but should be a
string.  Thanks, `Tanaydin Sirin <pull 1754_>`_.  It is also now documented
on the :ref:`configuration page <config_report_format>`.

.. _issue 1752: https://github.com/nedbat/coveragepy/issues/1752
.. _pull 1754: https://github.com/nedbat/coveragepy/pull/1754


.. _changes_7-4-3:

7.4.3

--------------------------

- Fix: in some cases, coverage could fail with a RuntimeError: "Set changed
size during iteration." This is now fixed, closing `issue 1733`_.

.. _issue 1733: https://github.com/nedbat/coveragepy/issues/1733


.. _changes_7-4-2:

7.4.2

--------------------------

- Fix: setting ``COVERAGE_CORE=sysmon`` no longer errors on 3.11 and lower,
thanks `Hugo van Kemenade <pull 1747_>`_.  It now issues a warning that
sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: https://github.com/nedbat/coveragepy/pull/1747


.. _changes_7-4-1:

7.4.1

--------------------------

- Python 3.13.0a3 is supported.

- Fix: the JSON report now includes an explicit format version number, closing
`issue 1732`_.

.. _issue 1732: https://github.com/nedbat/coveragepy/issues/1732


.. _changes_7-4-0:

7.4.0

--------------------------

- In Python 3.12 and above, you can try an experimental core based on the new
:mod:`sys.monitoring <python:sys.monitoring>` module by defining a
``COVERAGE_CORE=sysmon`` environment variable.  This should be faster for
line coverage, 

[pyup-bot]

Closing this in favor of #1199