Sourced from starlette's releases.

Version 0.17.1

Fixed

• Fix IndexError in authentication requires when wrapped function arguments are distributed between *args and **kwargs #1335.

Version 0.17.0

Added

• Response.delete_cookie now accepts the same parameters as Response.set_cookie #1228.
• Update the Jinja2Templates constructor to allow PathLike #1292.

Fixed

• Fix BadSignature exception handling in SessionMiddleware #1264.
• Change HTTPConnection.__getitem__ return type from str to typing.Any #1118.
• Change ImmutableMultiDict.getlist return type from typing.List[str] to typing.List[typing.Any] #1235.
• Handle OSError exceptions on StaticFiles #1220.
• Fix StaticFiles 404.html in HTML mode #1314.
• Prevent anyio.ExceptionGroup in error views under a BaseHTTPMiddleware #1262.

Removed

• Remove GraphQL support #1198.

Version 0.16.0

Added

• Added Encode funding option #1219

Fixed

• starlette.websockets.WebSocket instances are now hashable and compare by identity #1039
• A number of fixes related to running task groups in lifespan #1213, #1227

Deprecated/removed

• The method starlette.templates.Jinja2Templates.get_env was removed #1218
• The ClassVar starlette.testclient.TestClient.async_backend was removed, the backend is now configured using constructor kwargs #1211
• Passing an Async Generator Function or a Generator Function to starlette.router.Router(lifespan_context=) is deprecated. You should wrap your lifespan in @contextlib.asynccontextmanager. #1227 #1110

Version 0.15.0

0.15.0

This release includes major changes to the low-level asynchronous parts of Starlette. As a result, Starlette now depends on AnyIO and some minor API changes have occurred. Another significant change with this release is the deprecation of built-in GraphQL support.

Added

• Starlette now supports Trio as an async runtime via AnyIO - #1157.
• TestClient.websocket_connect() now must be used as a context manager.

... (truncated)

Sourced from starlette's changelog.

0.17.1

November 17, 2021

Fixed

• Fix IndexError in authentication requires when wrapped function arguments are distributed between *args and **kwargs #1335.

0.17.0

November 4, 2021

Added

• Response.delete_cookie now accepts the same parameters as Response.set_cookie #1228.
• Update the Jinja2Templates constructor to allow PathLike #1292.

Fixed

• Fix BadSignature exception handling in SessionMiddleware #1264.
• Change HTTPConnection.__getitem__ return type from str to typing.Any #1118.
• Change ImmutableMultiDict.getlist return type from typing.List[str] to typing.List[typing.Any] #1235.
• Handle OSError exceptions on StaticFiles #1220.
• Fix StaticFiles 404.html in HTML mode #1314.
• Prevent anyio.ExceptionGroup in error views under a BaseHTTPMiddleware #1262.

Removed

• Remove GraphQL support #1198.

0.16.0

July 19, 2021

Added

• Added Encode funding option #1219

Fixed

• starlette.websockets.WebSocket instances are now hashable and compare by identity #1039
• A number of fixes related to running task groups in lifespan #1213, #1227

Deprecated/removed

• The method starlette.templates.Jinja2Templates.get_env was removed #1218
• The ClassVar starlette.testclient.TestClient.async_backend was removed, the backend is now configured using constructor kwargs #1211
• Passing an Async Generator Function or a Generator Function to starlette.router.Router(lifespan_context=) is deprecated. You should wrap your lifespan in @contextlib.asynccontextmanager. #1227 #1110

... (truncated)

• 881af38 Version 0.17.1 (#1338)
• 649161c Add authentication requires args length check (#1335)
• 6af5c51 Fix release date for 0.17.0 on release notes (#1330)
• 2b3f5e6 Version 0.17.0 (#1324)
• 6c9bc55 Prevent anyio.ExceptionGroup in error views under a BaseHTTPMiddleware (#1262)
• d87c93e add host-based routing docs (#1313)
• accca04 Bump Python 3.10 on pipeline (#1299)
• 26b5be4 Fix Staticfiles 404.html in HTML mode (#1314)
• 8160899 Update third-party-packages.md (#1316)
• 3282d23 Add Imia library. (#1300)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from starlette's releases.

Version 0.16.0

Added

• Added Encode funding option #1219

Fixed

• starlette.websockets.WebSocket instances are now hashable and compare by identity #1039
• A number of fixes related to running task groups in lifespan #1213, #1227

Deprecated/removed

• The method starlette.templates.Jinja2Templates.get_env was removed #1218
• The ClassVar starlette.testclient.TestClient.async_backend was removed, the backend is now configured using constructor kwargs #1211
• Passing an Async Generator Function or a Generator Function to starlette.router.Router(lifespan_context=) is deprecated. You should wrap your lifespan in @contextlib.asynccontextmanager. #1227 #1110

Version 0.15.0

0.15.0

This release includes major changes to the low-level asynchronous parts of Starlette. As a result, Starlette now depends on AnyIO and some minor API changes have occurred. Another significant change with this release is the deprecation of built-in GraphQL support.

Added

• Starlette now supports Trio as an async runtime via AnyIO - #1157.
• TestClient.websocket_connect() now must be used as a context manager.
• Initial support for Python 3.10 - #1201.
• The compression level used in GZipMiddleware is now adjustable - #1128.

Fixed

• Several fixes to CORSMiddleware. See #1111, #1112, #1113, #1199.
• Improved exception messages in the case of duplicated path parameter names - #1177.
• RedirectResponse now uses quote instead of quote_plus encoding for the Location header to better match the behaviour in other frameworks such as Django - #1164.
• Exception causes are now preserved in more cases - #1158.
• Session cookies now use the ASGI root path in the case of mounted applications - #1147.
• Fixed a cache invalidation bug when static files were deleted in certain circumstances - #1023.
• Improved memory usage of BaseHTTPMiddleware when handling large responses - #1012 fixed via #1157

Deprecated/removed

• Built-in GraphQL support via the GraphQLApp class has been deprecated and will be removed in a future release. Please see #619. GraphQL is not supported on Python 3.10.
• The executor parameter to GraphQLApp was removed. Use executor_class instead.
• The workers parameter to WSGIMiddleware was removed. This hasn't had any effect since Starlette v0.6.3.

Sourced from starlette's changelog.

0.16.0

July 19, 2021

Added

• Added Encode funding option #1219

Fixed

• starlette.websockets.WebSocket instances are now hashable and compare by identity #1039
• A number of fixes related to running task groups in lifespan #1213, #1227

Deprecated/removed

• The method starlette.templates.Jinja2Templates.get_env was removed #1218
• The ClassVar starlette.testclient.TestClient.async_backend was removed, the backend is now configured using constructor kwargs #1211
• Passing an Async Generator Function or a Generator Function to starlette.router.Router(lifespan_context=) is deprecated. You should wrap your lifespan in @contextlib.asynccontextmanager. #1227 #1110

0.15.0

June 23, 2021

This release includes major changes to the low-level asynchronous parts of Starlette. As a result, Starlette now depends on AnyIO and some minor API changes have occurred. Another significant change with this release is the deprecation of built-in GraphQL support.

Added

• Starlette now supports Trio as an async runtime via AnyIO - #1157.
• TestClient.websocket_connect() now must be used as a context manager.
• Initial support for Python 3.10 - #1201.
• The compression level used in GZipMiddleware is now adjustable - #1128.

Fixed

• Several fixes to CORSMiddleware. See #1111, #1112, #1113, #1199.
• Improved exception messages in the case of duplicated path parameter names - #1177.
• RedirectResponse now uses quote instead of quote_plus encoding for the Location header

... (truncated)

• e45c579 prepare release 0.16.0 (#1233)
• b0a6d6f ignore charset_normalizer related warning (#1242)
• 8a3e41a Document the lifespan event handler parameter (#1110)
• 537ab6a use an async context manager factory for lifespan (#1227)
• 254d0d9 ensure TestClient requests run in the same EventLoop as lifespan (#1213)
• d222b87 TestClient accepts backend and backend_options as arguments to constructor (#...
• 906e907 reset the __eq__ and __hash__ of HTTPConnection to allow WebSockets to be...
• 0ef4418 :wrench: Add funding option (#1219)
• 070d749 Make Jinja2Templates.get_env private & rename (#1218)
• 6626636 mkdocs: Set site_url (#1215)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 1f84ed9 Bump pylint to 2.15.8, update changelog (#7899)
• 6178e41 Define Protocol as abstract to prevent abstract-method FP (#7839) (#7879)
• 438025d add test and expl for line-too-long useless-supp FP (#7887)
• 19c0534 Fix missing-param-doc for escaped underscores (#7878)
• e1856b2 [github actions] Reinstate tests and check on maintenance branch
• 5fb17e0 multiple-statements no longer triggers for function stubs using inlined `...
• 5a96370 Bump pylint to 2.15.7, update changelog (#7845)
• 43109b6 Revert "Fix crash when using enumerate with start and a class attribu...
• ff73282 Fix logging-fstring-interpolation false positive (#7846) (#7854)
• 86b8c64 Fix crash when using enumerate with start and a class attribute (#7824)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 5a96370 Bump pylint to 2.15.7, update changelog (#7845)
• 43109b6 Revert "Fix crash when using enumerate with start and a class attribu...
• ff73282 Fix logging-fstring-interpolation false positive (#7846) (#7854)
• 86b8c64 Fix crash when using enumerate with start and a class attribute (#7824)
• ebf2824 Execute tests on maintenance branche's PR
• 9ec1aa0 Do not crash if next() is called without arguments (#7831)
• ac2da87 Upgrade the versions of astroid and dill (#7838)
• 06d5d1a Add content: write rights for backporting job (#7826)
• df5ebb5 Fix used-before-assignment for variable annotations guarded by TYPE_CHECKIN...
• 1baf4be Deduplicate module file paths to prevent redundant scans. (#7747)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b2af2b2 Release branch 2.15.6 (#7785)
• e5c81a9 Replace deprecated sre_constants.error with re.error
• ff159a6 Bump timeout for docs check [ci] (#7771)
• 9df5e8a Suppress stop-iteration-return on itertools.cycle (#7766)
• fa618cb Fix false positive for unhashable-member when subclassing dict. (#7757)
• 19c205d false positive unnecessary-list-index-lookup for enumerate (#7685)
• 7b0bc19 Fix a crash when looking up an init method (#7744)
• 98ceab7 Update Primer venv caching [ci] (#7708)
• d56f848 Improve Github action workflows (#7651)
• 8b0bb16 Fix astroid error for custom next method (#7622)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• bb17694 Merge pull request #7660 from cdce8p/release-2.15.5
• fc7dc5e Bump pylint to 2.15.5, update changelog
• 8def9a0 [doc] Upgrade the contributors list and CONTRIBUTORS.txt
• 9c239c2 Sort examples/pylintrc for 2.15.5
• 97ebe0b Sort --generate-rcfile output
• 1579c43 Use relative paths in create_contributor_list.py (#7656)
• c2d42ba Remove index from unnecessary-dunder-call check (#7650)
• e8dc9b6 Swap plugin cache to pickle-able values when done (#7640)
• b051fab Add regression test for no-member with empty AnnAssign (#7632)
• 8cbc5a3 Upgrade astroid to 2.12.12 (#7649)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 20af036 Bump pylint to 2.15.4, update changelog
• 78f8423 [towncrier] Add whitespaces between fragment in towncrier (#7431)
• 49e15ab Disambiguate between str and enum member args to typing.Literal (#7414)
• 07f484f Upgrade astroid version following 2.12.11 release
• fa63d9b [doc] Upgrade the contributors list and CONTRIBUTORS.txt
• a258854 Raise syntax-error correctly on invalid encodings (#7553)
• 43ecd7d Fix handling of -- as separator between positional args and flags (#7551)
• 66ae21c Check py-version for async unnecessary-dunder-call (#7549)
• 983d5fc Fix crash in modified_iterating checker for set defined as a class attrib...
• 5c22a79 Prevent redefined-outer-name for if t.TYPE_CHECKING
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 403dac6 Bump pylint to 2.15.3, update changelog
• 38e2784 Bump astroid to 2.12.10
• f5e168e Fix undefined-loop-variable with NoReturn and Never (#7476)
• fbc9e66 Accept a comma-separated list of messages IDs in --help-msg (#7490)
• fe3436e False positive global-variable-not-assigned (#7479)
• 52cf631 [invalid-class-object] Fix crash when class is defined with a tuple
• 8e05ff6 Fix a crash in the modified-iterating-dict checker involving instance attri...
• 9b359ad Fix unhashable-member crash when lambda used as a dict key (#7454)
• 5716ad1 Bump pylint to 2.15.2, update changelog
• 49b5d5d Upgrade astroid version following 2.12.9 release
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 5716ad1 Bump pylint to 2.15.2, update changelog
• 49b5d5d Upgrade astroid version following 2.12.9 release
• 97b07f7 Add more cases that emit bad-plugin-value (#7284)
• c5aefa2 Bump pylint to 2.15.1, update changelog
• de613c2 Fix and refactors for docparams extension (#7398)
• e63a352 Fix 2.15 changelog (#7369)
• 5b85ecc Suppress OSError in config file discovery (#7423)
• 262723a Make missing-yield/raises-doc respect no-docstring-rgx option
• a21af6a Upgrade astroid version following 2.12.8 release
• b047220 Make disable-next only consider the succeeding line (#7411)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 24eaec2 Bump pylint to 2.15.0, update changelog (#7355)
• bb0df4a Update tox.ini (#7358)
• 1582e37 [literal-comparison] Cleanup of identical/duplicated functional tests
• 19b4fda [literal-comparison] Make the message explicit with the solution
• d200f81 Upgrade astroid version following 2.12.4 release (#7356)
• 32116ae Add tests for PyCQA#5767
• bf8281c Bump TODOs to the next minor version in preparation of release (#7349)
• af810ab Revert "[test] Temporary xfail deprecated methods py36 on pypy (#7244)" (#7345)
• dcd2b17 Upgrade astroid version following 2.12.3 release (#7344)
• c18c9a7 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from asgiref's changelog.

3.6.0 (2022-12-20)

• Two new functions are added to the asgiref.sync module: iscoroutinefunction() and markcoroutinefunction().

  Python 3.12 deprecates asyncio.iscoroutinefunction() as an alias for inspect.iscoroutinefunction(), whilst also removing the _is_coroutine marker. The latter is replaced with the inspect.markcoroutinefunction decorator.

  The new asgiref.sync functions are compatibility shims for these functions that can be used until Python 3.12 is the minimum supported version.

  Note that these functions are considered beta, and as such, whilst not likely, are subject to change in a point release, until the final release of Python 3.12. They are included in asgiref now so that they can be adopted by Django 4.2, in preparation for support of Python 3.12.

• The loop argument to asgiref.timeout.timeout is deprecated. As per other asyncio based APIs, the running event loop is used by default. Note that asyncio provides timeout utilities from Python 3.11, and these should be preferred where available.

• Support for the ASGI_THREADS environment variable, used by SyncToAsync, is removed. In general, a running event-loop is not available to asgiref at import time, and so the default thread pool executor cannot be configured. Protocol servers, or applications, should set the default executor as required when configuring the event loop at application startup.

3.5.2 (2022-05-16)

• Allow async-callables class instances to be passed to AsyncToSync without warning

• Prevent giving async-callable class instances to SyncToAsync

3.5.1 (2022-04-30)

• sync_to_async in thread-sensitive mode now works corectly when the outermost thread is synchronous (#214)

3.5.0 (2022-01-22)

... (truncated)

• 79a1d01 Releasing 3.6.0.
• 7a6c631 Added release note for coroutine detection shims.
• bea951e Added Python 3.11 support
• ea79016 Updated timeout helper to use get_running_loop(). (#337)
• 36f37c9 Added coroutine detection shims for Python 3.12 (#360)
• 467c154 Updated pre-commit versions and fixed linting errors.
• 72c5ca1 Updated flake8 repo location in pre-commit config to github.
• 8b76e05 Tweak conf.py to fix Sphinx warnings (#355)
• 9acb1a2 Added missing HTTPResponseTrailersEvent to ASGISendEvent
• 3b5aaff Added HTTP Trailers extension
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 1ded4d0 Bump pylint to 2.15.9, update changelog (#7952)
• 785c629 [testutil] More information in output for functional test fail (#7948)
• 3c3ab98 [pypy3.8] Disable multiple-statements false positive on affected functional t...
• dca3940 Fix inconsistent argument exit code when argparse exit with its own error cod...
• 494e514 Fix ModuleNotFoundError when using pylint_django (#7940) (#7941)
• 83668de fix: bump dill to >= 0.3.6, prevents tests hanging with python3.11 (#7918)
• eadc308 [github actions] Fix enchant's install in the spelling job
• 391323e Avoid hanging forever after a parallel job was killed (#7834) (#7930)
• 4655b92 Prevent used-before-assignment in pattern matching with a guard (#7922) (#7...
• 1f84ed9 Bump pylint to 2.15.8, update changelog (#7899)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from lxml's changelog.

4.9.2 (2022-12-13)

Bugs fixed

• CVE-2022-2309: A Bug in libxml2 2.9.1[0-4] could let namespace declarations from a failed parser run leak into later parser runs. This bug was worked around in lxml and resolved in libxml2 2.10.0. https://gitlab.gnome.org/GNOME/libxml2/-/issues/378

Other changes

• LP#1981760: Element.attrib now registers as collections.abc.MutableMapping.

• lxml now has a static build setup for macOS on ARM64 machines (not used for building wheels). Patch by Quentin Leffray.

4.9.1 (2022-07-01)

Bugs fixed

• A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

• GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

• Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

• Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

• GH#343: Windows-AArch64 build support in Visual Studio.

... (truncated)

• c17c1ca Use same naming for Python version matrix variable in wheel workflow as in CI...
• fc2f7ea Use windows-2016 image instead of windows-2019 to fix the Py2.7 build.
• 98224b3 Install more recent library versions for the wheel build.
• ce4e5bc Fix release date.
• cece238 Add PyPy-3.8 CI target.
• 2c2308e Try to add a Windows CI build for Py2.7.
• 0b0b2b9 Exclude missing Python versions from CI jobs.
• b848b82 Try to fix CI "setup.py install" in Py3.11.
• 487a194 CI: exclude non-static Windows jobs.
• fc53d6f Show executed commands in CI runs.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from jinja2's releases.

3.1.2

This is a fix release for the 3.1.0 feature release.

• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2
• Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

3.1.1

• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1
• Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0
• Milestone: https://github.com/pallets/jinja/milestone/8?closed=1
• MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

Sourced from jinja2's changelog.

Version 3.1.2

Released 2022-04-28

• Add parameters to Environment.overlay to match __init__. :issue:1645
• Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

• The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

• Drop support for Python 3.6. :pr:1534

• Remove previously deprecated code. :pr:1544

  • WithExtension and AutoEscapeExtension are built-in now.
  • contextfilter and contextfunction are replaced by pass_context. evalcontextfilter and evalcontextfunction are replaced by pass_eval_context. environmentfilter and environmentfunction are replaced by pass_environment.
  • Markup and escape should be imported from MarkupSafe.
  • Compiled templates from very old Jinja versions may need to be recompiled.
  • Legacy resolve mode for Context subclasses is no longer supported. Override resolve_or_missing instead of resolve.
  • unicode_urlencode is renamed to url_quote.

• Add support for native types in macros. :issue:1510

• The {% trans %} tag can use pgettext and npgettext by passing a context string as the first token in the tag, like {% trans "title" %}. :issue:1430

• Update valid identifier characters from Python 3.6 to 3.7. :pr:1571

• Filters and tests decorated with @async_variant are pickleable. :pr:1612

• Add items filter. :issue:1561

... (truncated)

• b08cd4b Merge pull request #1660 from pallets/release-3.1.2
• 1e68ba8 release version 3.1.2
• 8efee35 pre-commit updates latest release branch
• a24df26 ignore new mypy finding
• 9faee28 update requirements
• b802b5a Merge pull request #1655 from dvitek/dvitek/issue1654
• 746bb95 Fix race conditions in FileSystemBytecodeCache
• 466a200 update requirements
• 990602f Merge pull request #1647 from Tom-Brouwer/202204/add-missing-overlay-options
• 5d3d241 fix flake8-bugbear finding
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from ecdsa's releases.

ecdsa 0.18.0

New features:

• Support for EdDSA (Ed25519, Ed448) signature creation and verification.
• Support for Ed25519 and Ed448 in PKCS#8 and public key files.
• Support for point precomputation for EdDSA.

New API:

• CurveEdTw class to represent the Twisted Edwards curve parameters.
• PointEdwards class to represent points on Twisted Edwards curve and provide point arithmetic on it.
• curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

• Accept private EdDSA keys that include public key in the ASN.1 structure.
• Fix incompatibility with Python 3.3 in handling of memoryviews of empty strings.
• Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.
• Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

• Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.
• Make object names more consistent, make them into hyperlinks on the readthedocs documentation.
• Make security note more explicit (Ian Rodney)
• Fix the explicit vs named_curve confusion in VerifyingKey docs.

Maintenance:

• Fix few typos (thanks to Tim Gates and Kian Meng Ang).
• Updated black version; slight changes to formatting
• Include interoperability tests for Ed25519 and Ed448 with OpenSSL.

ecdsa 0.18.0 beta2

changes since 0.18.0-beta1

New features:

• Support for point precomputation for EdDSA.

Maintenance:

... (truncated)

Sourced from ecdsa's changelog.

• Release 0.18.0 (09 Jul 2022)

New API:

• curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

• Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.
• Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

• Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.
• Make object names more consistent, make them into hyperlinks on the readthedocs documentation.
• Make security note more explicit (Ian Rodney)
• Fix the explicit vs named_curve confusion in VerifyingKey docs.

Maintenance:

• Updated black version; slight changes to formatting

• Include interoperability tests for Ed25519 and Ed448 with OpenSSL.

• Release 0.18.0-beta2 (05 Jan 2022)

New features:

• Support for point precomputation for EdDSA.

Maintenance:

• Fix few typos (thanks to Tim Gates and Kian Meng Ang).

Bug fix:

• Accept private EdDSA keys that include public key in the ASN.1 structure.

• Fix incompatibility with Python 3.3 in handling of memoryviews of empty strings.

• Release 0.18.0-beta1 (03 Aug 2021)

New features:

• Support for EdDSA (Ed25519, Ed448) signature creation and verification.
• Support for Ed25519 and Ed448 in PKCS#8 and public key files.

New API:

• CurveEdTw class to represent the Twisted Edwards curve parameters.

• PointEdwards class to represent points on Twisted Edwards curve and provide point arithmetic on it.

• Release 0.17.0 (27 May 2021)

... (truncated)

• 341e0d8 Release 0.18.0
• ada68f8 fix typo in source index
• af3d97c Merge pull request #303 from tlsfuzzer/equation-fix
• 534eb3d fixup the curve equation
• 3a8bc4e Merge pull request #290 from tomato42/docs-updates
• 1943ef3 fixup formatting in keys module
• 4d9ed5d Expand quickstart - add basic operations
• 0d26993 expand on ECC basics
• 5151271 ec arithmetic additions
• f08f04d document that EdDSA is supported too
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)