Version 3.0.0

3.0.0 (2023-09-24)

Added

• Static type annotations throughout the whole package.
• cert argument for client authentication with certificate can now pass the password/passphrase using a 3-values tuple (cert, key, password).
  The three parameters in the tuple must be of type str.
• verify argument behavior has been extended and now accepts your CA bundle as str instead of a path. It also accepts your CA bundle as bytes directly.
  This helps when you do not have access to the fs.
• Operating system truststore will be used instead of certifi. Root CAs are automatically grabbed from your computer configuration.
• Oriented-object headers. Access them through the new property oheaders in your Response.
• Propagated the argument retries in niquests.api for all functions.
• Added argument retries in the Session constructor.
• Property conn_info to the PreparedRequest and Response that hold a reference to a ConnectionInfo.
  This class exposes the following properties: certificate_der (bytes), certificate_dict (dict) as provided by the standard
  library (ssl), destination_address (tuple[ipAddress, portNumber]), cipher (str), tls_version (TLSVersion), and http_version.
• Two hooks, namely pre_send and pre_request. The pre_request event is fired just after the initial construction of
  a PreparedRequest instance. Finally, the pre_send will be triggered just after picking a (live) connection
  for your request. The two events receive a PreparedRequest instance.

Changed

• Calling the method json from Response when no encoding was provided no longer relies on internal encoding inference.
  We fall back on charset-normalizer with a limited set of charsets allowed (UTF-8/16/32 or ASCII).
• No longer will the text method from Response return str if content cannot be decoded. It returns None instead.
• If specified charset in content-type does not exist (LookupError) the text method from Response will rely on charset detection.
• If specified charset in content-type is not made for text decoding (e.g. base64), the text method from Response returns None.
• With above four changes, the json method will raise RequestsJSONDecodeError when the payload (body) cannot be decoded.
• Passing invalid files description no longer just skip invalid entries, it raises ValueError from now on.
• Non-str HTTP-Verb are refused.
• Passing files with minimal description (meaning no tuple but just the fp) no longer guess its name when fp.name return bytes.
• No longer will the default timeout be unset, thus making you wait indefinitely.
  Functions get, head, and options ships with a default of 30 seconds.
  Then put, post, patch and delete uses a default of 120 seconds.
  Finally, the request function also have 120 seconds.
• Basic authorization username and password are now encoded using utf-8 instead of latin-1 prior to being base64 encoded.

Removed

• Property apparent_encoding in favor of a discrete internal inference.
• Support for the legacy chardet detector in case it was present in environment.
  Extra chardet_on_py3 is now unavailable.
• requests.compat no longer hold reference to chardet.
• Deprecated requests.packages that was meant to avoid breakage from people importing urllib3 or chardet within this package.
  They were vendored in early versions of Requests. A long time ago.
• Deprecated function get_encodings_from_content from utils.
• Deprecated function get_unicode_from_response from utils.
• BasicAuth middleware no longer supports anything else than bytes or str for username and password.
• requests.compat is stripped of every reference that no longer vary between supported interpreter version.
• Charset fall back ISO-8859-1 when content-type is text and no charset was specified.
• Main functions get, post, put, patch, delete, and head no longer accept kwargs. They have a fixed list of typed argument.
  It is no longer possible to specify non-supported additional keyword arguments from a Session instance or directly through requests.api functions.
  e.g. function delete no longer accepts json, or files arguments. as per RFCs specifications. You can still override this behavior through the request function.
• Mixin classes RequestEncodingMixin, and RequestHooksMixin due to OOP violations. Now deported directly into child classes.
• Function unicode_is_ascii as it is part of the stable str stdlib on Python 3 or greater.
• Alias function session for Session context manager that was kept for BC reasons since the v1.
• pyOpenSSL/urllib3 injection in case built-in ssl module does not have SNI support as it is not the case anymore for every supported interpreters.
• Constant DEFAULT_CA_BUNDLE_PATH, and submodule certs due to dropping certifi.
• Function extract_zipped_paths because rendered useless as it was made to handle an edge case where certifi is "zipped".
• Extra security when installing this package. It was previously emptied in the previous major.
• Warning emitted when passing a file opened in text-mode instead of binary. urllib3.future can overrule
  the content-length if it detects an error. You should not encounter broken request being sent.
• Support for simplejson if was present in environment.
• Submodule compat.

Fixed

• An invalid content-type definition would cause the charset to be evaluated to True, thus making the program crash.
• Given proxies could be mutated when environment proxies were evaluated and injected. This package should not modify your inputs.
  For context see psf#6118
• A server could specify a Location header that does not comply with HTTP specifications and could lead to an unexpected exception.
  We try to fall back to Unicode decoding if the typical and expected Latin-1 would fail. If that fails too, a proper exception is raised.
  For context see psf#6026
• Top-level init now specify correctly the exposed api. Fixes mypy error .. does not explicitly export attribute ...

Version 3.0.0 Beta 1

3.0.0b1 (2023-09-22)

Removed

• Support for simplejson if was present in environment.
• Submodule compat.

Added

• Oriented-object headers. Access them through the new property oheaders in your Response.
• Propagated the argument retries in niquests.api for all functions.
• Added argument retries in the Session constructor.

Fixed

• No configured retry of your HTTP requests but getting exception MaxRetryError nonetheless.

Version 3.0.0 Beta 0

This is the first preview for the v3.0 release.
It is not ready for production. We are close!

---

3.0.0b0 (2023-09-21)

Removed

• Property apparent_encoding in favor of a discrete internal inference.
• Support for the legacy chardet detector in case it was present in environment.
  Extra chardet_on_py3 is now unavailable.
• requests.compat no longer hold reference to chardet.
• Deprecated requests.packages that was meant to avoid breakage from people importing urllib3 or chardet within this package.
  They were vendored in early versions of Requests. A long time ago.
• Deprecated function get_encodings_from_content from utils.
• Deprecated function get_unicode_from_response from utils.
• BasicAuth middleware no-longer support anything else than bytes or str for username and password.
• requests.compat is stripped of every reference that no longer vary between supported interpreter version.
• Charset fall back ISO-8859-1 when content-type is text and no charset was specified.
• Main function get, post, put, patch, delete, and head no longer accept kwargs. They have a fixed list of typed argument.
  It is no longer possible to specify non-supported additional keyword argument from a Session instance or directly through requests.api functions.
  e.g. function delete no-longer accept json, or files arguments. as per RFCs specifications. You can still override this behavior through the request function.
• Mixin classes RequestEncodingMixin, and RequestHooksMixin due to OOP violations. Now deported directly into child classes.
• Function unicode_is_ascii as it is part of the stable str stdlib on Python 3 or greater.
• Alias function session for Session context manager that was kept for BC reasons since the v1.
• pyOpenSSL/urllib3 injection in case built-in ssl module does not have SNI support as it is not the case anymore for every supported interpreters.
• Constant DEFAULT_CA_BUNDLE_PATH, and submodule certs due to dropping certifi.
• Function extract_zipped_paths because rendered useless as it was made to handle an edge case where certifi is "zipped".
• Extra security when installing this package. It was previously emptied in the previous major.

Changed

• Calling the method json from Response when no encoding was provided no longer relies on internal encoding inference.
  We fall back on charset-normalizer with a limited set of charsets allowed (UTF-8/16/32 or ASCII).
• No longer will the text method from Response return str if content cannot be decoded. It returns None instead.
• If specified charset in content-type does not exist (LookupError) the text method from Response will rely on charset detection.
• If specified charset in content-type is not made for text decoding (e.g. base64), the text method from Response returns None.
• With above four changes, the json method will raise RequestsJSONDecodeError when the payload (body) cannot be decoded.
• Passing invalid files description no longer just skip invalid entries, it raises ValueError from now on.
• Non-str HTTP-Verb are refused.
• Passing files with minimal description (meaning no tuple but just the fp) no longer guess its name when fp.name returns bytes.
• No longer will the default timeout be unset, thus making you waiting indefinitely.
  Functions get, head, and options ships with a default of 30 seconds.
  Then put, post, patch and delete uses a default of 120 seconds.
  Finally, the request function also have 120 seconds.
• Basic authorization username and password are now encoded using utf-8 instead of latin-1 prior to being base64 encoded.

Added

• Static type annotations thorough the whole package.
• cert argument for client authentication with certificate can now pass the password/passphrase using a 3-values tuple (cert, key, password).
  The three parameters in the tuple must be of type str.
• verify argument behavior has been extended and now accept your CA bundle as str instead of a path. It also accepts your CA bundle as bytes directly.
  This helps when you do not have access to the fs.
• Operating system truststore will be used instead of certifi. Root CAs are automatically grabbed from your computer configuration.

Fixed

• An invalid content-type definition would cause the charset to be evaluated to True, thus making the program crash.
• Given proxies could be mutated when environment proxies were evaluated and injected. This package should not modify your inputs.
  For context see psf#6118
• A server could specify a Location header that does not comply with HTTP specifications and could lead to an unexpected exception.
  We try to fall back to Unicode decoding if the typical and expected Latin-1 would fail. If that fails too, a proper exception is raised.
  For context see psf#6026

v2.32.1

2.32.1 (2023-09-12)

Bugfixes

• Fix QUIC cache when using requests.request without persistent Session

Dependencies

• urllib3.future minimal version supported raised to 2.0.932 (ship with critical fixes)

v2.32.0

2.32.0 (2023-08-29)

Dependencies

• ⚠️ Switch urllib3 for urllib3.future ⚠️
  This may contain minor breaking changes, so we advise careful testing and
  reviewing.

Features

• Support for HTTP/2.
• Support for HTTP/3 over QUIC.
• Added property http_version that return an integer (11, 20, and 30) within Response to identify which protocol has been negotiated.
• Added quic_cache_layer mutable mapping optional argument to Session for optional external caching of QUIC server capabilities.

Improvements

• HTTP/1.1 no longer relies on the standard library http.client but h11.
• Response representation __repr__ now yield the HTTP version.

Removed

• Warning filter for charset_normalizer as it was removed long ago.