• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

• A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

• GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

• Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

• Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

• GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

4.8.0 (2022-02-17)

Features added

• GH#337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

• The ElementMaker now supports QName values as tags, which always override the default namespace of the factory.

Bugs fixed

• GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.

... (truncated)

• d01872c Prevent parse failure in new test from leaking into later test runs.
• d65e632 Prepare release of lxml 4.9.1.
• 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
• 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
• 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
• b9f7074 Remove debug print from test.
• b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
• 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
• 853c9e9 Prepare release of 4.9.0.
• d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
• Additional commits viewable in compare view

• d43c7c7 release 7.16.3
• 5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x
• 8df8971 back to dev
• 9f477b7 release 7.16.2
• 138f266 bring back release helper from master branch
• 5aa3634 Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...
• bcae8e0 Backport PR #13335: What's new 7.16.2
• 8fcdcd3 Pin Jedi to <0.17.2.
• 2486838 release 7.16.1
• 20bdc6f fix conda build
• Additional commits viewable in compare view

Sourced from urllib3's releases.

1.26.5

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed deprecation warnings emitted in Python 3.10.
• Updated vendored six library to 1.16.0.
• Improved performance of URL parser when splitting the authority component.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.4

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.3

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed bytes and string comparison issue with headers (Pull #2141)

• Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.2

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

• Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002) Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail

• Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS, Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...) (Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed

... (truncated)

Sourced from urllib3's changelog.

1.26.5 (2021-05-26)

• Fixed deprecation warnings emitted in Python 3.10.
• Updated vendored six library to 1.16.0.
• Improved performance of URL parser when splitting the authority component.

1.26.4 (2021-03-15)

• Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

1.26.3 (2021-01-26)

• Fixed bytes and string comparison issue with headers (Pull #2141)

• Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

1.26.2 (2020-11-12)

• Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1 (2020-11-11)

• Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0 (2020-11-10)

• NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.

• Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

• Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning

... (truncated)

• d161647 Release 1.26.5
• 2d4a3fe Improve performance of sub-authority splitting in URL
• 2698537 Update vendored six to 1.16.0
• 07bed79 Fix deprecation warnings for Python 3.10 ssl module
• d725a9b Add Python 3.10 to GitHub Actions
• 339ad34 Use pytest==6.2.4 on Python 3.10+
• f271c9c Apply latest Black formatting
• 1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
• a891304 Release 1.26.4
• 8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
• Additional commits viewable in compare view

Sourced from pygments's releases.

2.7.4

• Updated lexers:

  • Apache configurations: Improve handling of malformed tags (#1656)

  • CSS: Add support for variables (#1633, #1666)

  • Crystal (#1650, #1670)

  • Coq (#1648)

  • Fortran: Add missing keywords (#1635, #1665)

  • Ini (#1624)

  • JavaScript and variants (#1647 -- missing regex flags, #1651)

  • Markdown (#1623, #1617)

  • Shell

    • Lex trailing whitespace as part of the prompt (#1645)
    • Add missing in keyword (#1652)

  • SQL - Fix keywords (#1668)

  • Typescript: Fix incorrect punctuation handling (#1510, #1511)

• Fix infinite loop in SML lexer (#1625)

• Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

• Limit recursion with nesting Ruby heredocs (#1638)

• Fix a few inefficient regexes for guessing lexers

• Fix the raw token lexer handling of Unicode (#1616)

• Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

• Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

• Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

2.7.3

• Updated lexers:

  • Ada (#1581)
  • HTML (#1615, #1614)
  • Java (#1594, #1586)
  • JavaScript (#1605, #1589, #1588)
  • JSON (#1569 -- this is a complete rewrite)
  • Lean (#1601)
  • LLVM (#1612)
  • Mason (#1592)
  • MySQL (#1555, #1551)
  • Rust (#1608)
  • Turtle (#1590, #1553)

• Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (#1600)

• The ImgFormatter now calculates the exact character width, which fixes some issues with overlapping text (#1213, #1611)

... (truncated)

Sourced from pygments's changelog.

Version 2.7.4

(released January 12, 2021)

• Updated lexers:

  • Apache configurations: Improve handling of malformed tags (#1656)

  • CSS: Add support for variables (#1633, #1666)

  • Crystal (#1650, #1670)

  • Coq (#1648)

  • Fortran: Add missing keywords (#1635, #1665)

  • Ini (#1624)

  • JavaScript and variants (#1647 -- missing regex flags, #1651)

  • Markdown (#1623, #1617)

  • Shell

    • Lex trailing whitespace as part of the prompt (#1645)
    • Add missing in keyword (#1652)

  • SQL - Fix keywords (#1668)

  • Typescript: Fix incorrect punctuation handling (#1510, #1511)

• Fix infinite loop in SML lexer (#1625)

• Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

• Limit recursion with nesting Ruby heredocs (#1638)

• Fix a few inefficient regexes for guessing lexers

• Fix the raw token lexer handling of Unicode (#1616)

• Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

• Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

• Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

Version 2.7.3

(released December 6, 2020)

• Updated lexers:

  • Ada (#1581)
  • HTML (#1615, #1614)
  • Java (#1594, #1586)
  • JavaScript (#1605, #1589, #1588)
  • JSON (#1569 -- this is a complete rewrite)
  • Lean (#1601)
  • LLVM (#1612)
  • Mason (#1592)

... (truncated)

• 4d555d0 Bump version to 2.7.4.
• fc3b05d Update CHANGES.
• ad21935 Revert "Added dracula theme style (#1636)"
• e411506 Prepare for 2.7.4 release.
• 275e34d doc: remove Perl 6 ref
• 2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
• eb39c43 xquery: fix pop from empty stack
• 2738778 fix coding style in test_analyzer_lexer
• 02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
• c83fe48 support added for css variables (#1633)
• Additional commits viewable in compare view

Sourced from pyyaml's changelog.

5.4 (2021-01-19)

• yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
• yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
• yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
• yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
• yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

• yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• yaml/pyyaml#270 -- Fix typos and stylistic nit
• yaml/pyyaml#309 -- Fix up small typo
• yaml/pyyaml#161 -- Fix handling of slots
• yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• yaml/pyyaml#285 -- Add use of safe_load() function in README
• yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF
• yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff
• yaml/pyyaml#359 -- Use full_load in yaml-highlight example
• yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython
• yaml/pyyaml#329 -- Fix for Python 3.10
• yaml/pyyaml#310 -- Increase size of index, line, and column fields
• yaml/pyyaml#260 -- Remove some unused imports
• yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such
• yaml/pyyaml#363 -- Add tests for timezone

5.2 (2019-12-02)

• Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default yaml/pyyaml#279 -- A more flexible fix for custom tag constructors yaml/pyyaml#287 -- Change default loader for yaml.add_constructor yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver
• Make FullLoader safer by removing python/object/apply from the default FullLoader yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor
• Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff yaml/pyyaml#276 -- Fix logic for quoting special characters
• Other PRs: yaml/pyyaml#280 -- Update CHANGES for 5.1

5.1.2 (2019-07-30)

• Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+

... (truncated)

• 58d0cb7 5.4 release
• a60f7a1 Fix compatibility with Jython
• ee98abd Run CI on PR base branch changes
• ddf2033 constructor.timezone: _copy & deepcopy
• fc914d5 Avoid repeatedly appending to yaml_implicit_resolvers
• a001f27 Fix for CVE-2020-14343
• fe15062 Add 3.9 to appveyor file for completeness sake
• 1e1c7fb Add a newline character to end of pyproject.toml
• 0b6b7d6 Start sentences and phrases for capital letters
• c976915 Shell code improvements
• Additional commits viewable in compare view