Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
• https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/werkzeug/milestone/22?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
• Milestone: https://github.com/pallets/werkzeug/milestone/19?closed=1

2.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.1.x branch is now the supported bugfix branch, the 2.0.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
• Milestone: https://github.com/pallets/werkzeug/milestone/16?closed=1

2.0.3

• Changes: https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-3
• Milestone: https://github.com/pallets/werkzeug/milestone/18?closed=1

... (truncated)

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

• Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533
• Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508
• parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531
• Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421
• Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549
• Fix handling of header extended parameters such that they are no longer quoted. :issue:2529
• LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558
• A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.
• Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

• Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489
• Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489
• Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493
• Parsing of some invalid header characters is more robust. :pr:2494
• When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480
• LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485
• Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

• 22a254f release version 2.2.3
• 517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
• babc8d9 rewrite docs about request data limits
• 09449ee clean up docs
• fe899d0 limit the maximum number of multipart form parts
• cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
• 8c2b4b8 don't strip leading = when parsing cookie
• 7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
• 19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
• a83d3b8 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
• https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/werkzeug/milestone/22?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
• Milestone: https://github.com/pallets/werkzeug/milestone/19?closed=1

2.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.1.x branch is now the supported bugfix branch, the 2.0.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
• Milestone: https://github.com/pallets/werkzeug/milestone/16?closed=1

2.0.3

• Changes: https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-3
• Milestone: https://github.com/pallets/werkzeug/milestone/18?closed=1

... (truncated)

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

• Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533
• Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508
• parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531
• Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421
• Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549
• Fix handling of header extended parameters such that they are no longer quoted. :issue:2529
• LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558
• A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.
• Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

• Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489
• Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489
• Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493
• Parsing of some invalid header characters is more robust. :pr:2494
• When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480
• LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485
• Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

• 22a254f release version 2.2.3
• 517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
• babc8d9 rewrite docs about request data limits
• 09449ee clean up docs
• fe899d0 limit the maximum number of multipart form parts
• cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
• 8c2b4b8 don't strip leading = when parsing cookie
• 7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
• 19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
• a83d3b8 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Sourced from ipython's releases.

See https://pypi.org/project/ipython/

We do not use GitHub release anymore. Please see PyPI https://pypi.org/project/ipython/

• 15ea1ed release 8.10.0
• 560ad10 DOC: Update what's new for 8.10 (#13939)
• 7557ade DOC: Update what's new for 8.10
• 385d693 Merge pull request from GHSA-29gw-9793-fvw7
• e548ee2 Swallow potential exceptions from showtraceback() (#13934)
• 0694b08 MAINT: mock slowest test. (#13885)
• 8655912 MAINT: mock slowest test.
• a011765 Isolate the attack tests with setUp and tearDown methods
• c7a9470 Add some regression tests for this change
• fd34cf5 Swallow potential exceptions from showtraceback()
• Additional commits viewable in compare view

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

Sourced from urllib3's releases.

1.26.5

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed deprecation warnings emitted in Python 3.10.
• Updated vendored six library to 1.16.0.
• Improved performance of URL parser when splitting the authority component.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.4

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.3

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed bytes and string comparison issue with headers (Pull #2141)

• Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.2

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

• Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002) Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail

• Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS, Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...) (Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed

... (truncated)

Sourced from urllib3's changelog.

1.26.5 (2021-05-26)

• Fixed deprecation warnings emitted in Python 3.10.
• Updated vendored six library to 1.16.0.
• Improved performance of URL parser when splitting the authority component.

1.26.4 (2021-03-15)

• Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

1.26.3 (2021-01-26)

• Fixed bytes and string comparison issue with headers (Pull #2141)

• Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

1.26.2 (2020-11-12)

• Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1 (2020-11-11)

• Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0 (2020-11-10)

• NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.

• Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

• Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning

... (truncated)

• d161647 Release 1.26.5
• 2d4a3fe Improve performance of sub-authority splitting in URL
• 2698537 Update vendored six to 1.16.0
• 07bed79 Fix deprecation warnings for Python 3.10 ssl module
• d725a9b Add Python 3.10 to GitHub Actions
• 339ad34 Use pytest==6.2.4 on Python 3.10+
• f271c9c Apply latest Black formatting
• 1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
• a891304 Release 1.26.4
• 8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
• Additional commits viewable in compare view