Sourced from requests's releases.

v2.28.0

2.28.0 (2022-06-09)

Deprecations

• ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091)
• Requests has officially dropped support for Python 3.6 (including pypy3). (#6091)

Improvements

• Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#6097)
• Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154)
• Added provisional 3.11 support with current beta build. (#6155)
• Requests got a makeover and we decided to paint it black. (#6095)

Bugfixes

• Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
• Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#6057)
• Fixed issue where invalid Windows registry entires caused proxy resolution to raise an exception rather than ignoring the entry. (#6149)
• Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6079)

New Contributors

• @​marwanpro made their first contribution in psf/requests#6035
• @​chyzzqo2 made their first contribution in psf/requests#6036
• @​Chavithra made their first contribution in psf/requests#6044
• @​sha016 made their first contribution in psf/requests#5978
• @​BoboTiG made their first contribution in psf/requests#4766
• @​davidshivaji made their first contribution in psf/requests#6133
• @​ogayot made their first contribution in psf/requests#6136

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2280-2022-06-09

v2.27.1

2.27.1 (2022-01-05)

Bugfixes

• Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#6028)

Full Changelog: https://github.com/psf/requests/blob/v2.27.1/HISTORY.md#2271-2022-01-05

... (truncated)

Sourced from requests's changelog.

2.28.0 (2022-06-09)

Deprecations

• ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091)
• Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)

Improvements

• Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#6097)
• Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154)
• Added provisional 3.11 support with current beta build. (#6155)
• Requests got a makeover and we decided to paint it black. (#6095)

Bugfixes

• Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
• Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#6057)
• Fixed issue where invalid Windows registry entires caused proxy resolution to raise an exception rather than ignoring the entry. (#6149)
• Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6036)

2.27.1 (2022-01-05)

Bugfixes

• Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#6028)

2.27.0 (2022-01-03)

Improvements

• Officially added support for Python 3.10. (#5928)

• Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#5856)

• Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed

... (truncated)

• da9996f v2.28.0
• 1dcf3b7 Add GitHub action to automate linting (#6157)
• e36f345 Add valdation for header name (#6154)
• 60865f2 Run 3.11 CI on all platforms (#6155)
• 3af2f45 Fix output of test_lowlevel tests in case of timeout (#6136)
• 0f358ea Reduce lock thread runs to daily (#6150)
• 210095f Tolerate bad registry entries in Windows proxy settings (#6149)
• a5e7169 Cleanup the docs sidebar (#6144)
• 79f2ec3 Grammar fix (#6133)
• cb233a1 Fix several ResourceWarnings in test_requests.py (#4766)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from lxml's changelog.

4.9.0 (2022-06-01)

Bugs fixed

• GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

• Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

• Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

• GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

• b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
• 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
• 853c9e9 Prepare release of 4.9.0.
• d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
• 7f7f226 Update changelog.
• 06631bb #undefine "PyUnicode_IS_READY" and friends in Py3.12 since CPython still defi...
• ef0b0b4 Remove Py3.12 from CI targets again since it's not available yet.
• dcab105 Allow cross-compiling for Windows ARM64 (GH-343)
• bd60508 Adapt to PyUnicode wstr removal in Py3.12.
• 63bd40d Update changelog.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from requests's changelog.

2.27.1 (2022-01-05)

Bugfixes

• Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#6028)

2.27.0 (2022-01-03)

Improvements

• Officially added support for Python 3.10. (#5928)

• Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#5856)

• Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#6017)

• Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#5917)

Bugfixes

• Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#5851)

• Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#5239)

• Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#5914)

• Fixed bug where two Host headers were sent for chunked requests. (#5391)

• Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#5924)

• Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#5924)

• Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#5414)

... (truncated)

• 31a89d9 v2.27.1
• 8fa9724 Merge pull request #6028 from nateprewitt/prox_auth_fix
• 38f3f8e Fix auth parsing for proxies
• 0192aac v2.27.0
• e50dc12 Fix doc link
• 17e6e27 General cleanup for 2.27.0
• ab38e2c Make the data vs json parameters more clear (#5382)
• 77d1e9a Merge pull request #5894 from dbaxa/do-not-re-build-proxies-when-proxies-have...
• b0829a8 Merge pull request #6020 from nateprewitt/pypy_37
• 28d537d Merge pull request #5917 from nateprewitt/proxy_scheme_unknown_fix
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from requests's changelog.

2.27.0 (2022-01-03)

Improvements

• Officially added support for Python 3.10. (#5928)

• Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#5856)

• Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#6017)

• Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#5917)

Bugfixes

• Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#5851)

• Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#5239)

• Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#5914)

• Fixed bug where two Host headers were sent for chunked requests. (#5391)

• Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#5924)

• Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#5924)

• Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#5414)

Deprecations

• Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.

• 0192aac v2.27.0
• e50dc12 Fix doc link
• 17e6e27 General cleanup for 2.27.0
• ab38e2c Make the data vs json parameters more clear (#5382)
• 77d1e9a Merge pull request #5894 from dbaxa/do-not-re-build-proxies-when-proxies-have...
• b0829a8 Merge pull request #6020 from nateprewitt/pypy_37
• 28d537d Merge pull request #5917 from nateprewitt/proxy_scheme_unknown_fix
• 86bbee7 Update 3.10-dev to 3.10 and add pypy-3.7
• 0d5347e Only compute should_bypass_proxies if needed
• ef59aa0 Move from urlparse to parse_url for prepending schemes
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from lxml's changelog.

4.7.1 (2021-12-13)

Features added

• Chunked Unicode string parsing via parser.feed() now encodes the input data to the native UTF-8 encoding directly, instead of going through Py_UNICODE / wchar_t encoding first, which previously required duplicate recoding in most cases.

Bugs fixed

• The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/[email protected]/thread/6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/

• lxml.objectify previously accepted non-XML numbers with underscores (like "1_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again.

• LP#1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt).

Other changes

• Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).

4.7.0 (2021-12-13)

• Release retracted due to missing files in lxml/includes/.

4.6.5 (2021-12-12)

Bugs fixed

• A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.

• A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.

• 745ac26 Move zlib.h and friends into a subdirectory "extlibs" in lxml/includes/ to se...
• f0a575a Add a test to get at least minimal coverage for the lxml.html.builder module.
• 016be64 Remove useless macOS-M1 build target since there are currently no GHA build s...
• 3934435 Prepare release of lxml 4.7.1.
• 891f273 Do not overwrite the wildcard includes for the "lxml.includes" package when a...
• 4848bfc Make sure the apidocs are generated from the freshly built modules.
• bef75f9 Fix some doc links.
• 5c4f6a2 Prepare release of lxml 4.7.0.
• 68607a1 Merge branch 'lxml-4.6'
• a9611ba Fix a test in Py2.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from lxml's changelog.

4.6.5 (2021-12-12)

Bugs fixed

• A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.

• A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.

• a9611ba Fix a test in Py2.
• a3eacbc Prepare release of 4.6.5.
• b7ea687 Update changelog.
• 69a7473 Cleaner: cover some more cases where scripts could sneak through in specially...
• 54d2985 Fix condition in test decorator.
• 4b220b5 Use the non-depcrecated TextTestResult instead of _TextTestResult (GH-333)
• d85c6de Exclude a test when using the macOS system libraries because it fails with li...
• cd4bec9 Add macOS-M1 as wheel build platform.
• fd0d471 Install automake and libtool in macOS build to be able to install the latest ...
• f233023 Cleaner: Remove SVG image data URLs since they can embed script content.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

• 5815441 version bump
• a86fcd7 remove skip mark in test
• 99611aa Merge pull request #532 from hhatto/fix-issue518
• 1607835 refactoring
• 0bed2c0 add unit test for w503 and w504 confliction case
• c6750ba change: both W503 and W504 are specified, priority is given to W503 (for #518)
• 7d9c1e1 Merge pull request #530 from hhatto/fix-issue529
• 3a89645 fix E402 with all (for #529)
• ef15dd5 Merge pull request #525 from NovaDev94/master
• 7984fe7 Fix a bug causing both W503 and W504 to be ignored
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from mock's changelog.

4.0.0

• No Changes from 4.0.0b1.

4.0.0b1

• The release is a fresh cut of cpython's 4a686504__. All changes to mock from that commit and before are included in this release along with the subsequent changes listed below.

  __ https://github.com/python/cpython/commit/4a686504eb2bbf69adf78077458508a7ba131667

• Issue #37972: Subscripts to the unittest.mock.call objects now receive the same chaining mechanism as any other custom attributes, so that the following usage no longer raises a `TypeError`:

  call().foo().__getitem__('bar')

  Patch by blhsing

• Issue #38839: Fix some unused functions in tests. Patch by Adam Johnson.

• Issue #39485: Fix a bug in unittest.mock.create_autospec that would complain about the wrong number of arguments for custom descriptors defined in an extension module returning functions.

• Issue #39082: Allow AsyncMock to correctly patch static/class methods

• Issue #38093: Fixes AsyncMock so it doesn't crash when used with AsyncContextManagers or AsyncIterators.

• Issue #38859: AsyncMock now returns StopAsyncIteration on the exaustion of a side_effects iterable. Since PEP-479 its Impossible to raise a StopIteration exception from a coroutine.

• Issue #38163: Child mocks will now detect their type as either synchronous or asynchronous, asynchronous child mocks will be AsyncMocks and synchronous child mocks will be either MagicMock or Mock (depending on their parent type).

• Issue #38473: Use signature from inner mock for autospecced methods attached with unittest.mock.attach_mock. Patch by Karthikeyan Singaravelan.

• Issue #38136: Changes AsyncMock call count and await count to be two different counters. Now await count only counts when a coroutine has been awaited, not when it has been called, and vice-versa. Update the documentation around this.

• Issue #37555: Fix NonCallableMock._call_matcher returning tuple instead of _Call object when self._spec_signature exists. Patch by Elizabeth Uselton

• Issue #37251: Remove __code__ check in AsyncMock that incorrectly evaluated function specs as async objects but failed to evaluate classes with __await__ but no __code__ attribute defined as async objects.

• Issue #38669: Raise TypeError when passing target as a string with unittest.mock.patch.object.

• Issue #25597: Ensure, if wraps is supplied to unittest.mock.MagicMock, it is used to calculate return values for the magic methods instead of using the default return values. Patch by Karthikeyan Singaravelan.

• Issue #38108: Any synchronous magic methods on an AsyncMock now return a MagicMock. Any asynchronous magic methods on a MagicMock now return an AsyncMock.

• Issue #21478: Record calls to parent when autospecced object is attached to a mock using unittest.mock.attach_mock. Patch by Karthikeyan Singaravelan.

• Issue #38857: AsyncMock fix for return values that are awaitable types. This also covers side_effect iterable values that happend to be awaitable, and wraps callables that return an awaitable type. Before these awaitables were being awaited instead of being returned as is.

• Issue #38932: Mock fully resets child objects on reset_mock(). Patch by Vegard Stikbakke

• Issue #37685: Fixed __eq__, __lt__ etc implementations in some classes. They now return NotImplemented for unsupported type of the other operand. This allows the other operand to play role (for example the equality comparison with ~unittest.mock.ANY will return True).

• Issue #37212: unittest.mock.call now preserves the order of keyword arguments in repr output. Patch by Karthikeyan Singaravelan.

• Issue #37828: Fix default mock name in unittest.mock.Mock.assert_called exceptions. Patch by Abraham Toriz Cruz.

• Issue #36871: Improve error handling for the assert_has_calls and assert_has_awaits methods of mocks. Fixed a bug where any errors encountered while binding the expected calls to the mock's spec were silently swallowed, leading to misleading error output.

• Issue #21600: Fix mock.patch.stopall to stop active patches that were created with mock.patch.dict.

• Issue #38161: Removes _AwaitEvent from AsyncMock.

• Issue #36871: Ensure method signature is used instead of constructor signature of a class while asserting mock object against method calls. Patch by Karthikeyan Singaravelan.

• ea9f715 Prepare for 4.0.0 release
• 9e5e038 sigh
• 87ca406 this skip is no longer needed
• 8fb893c sigh
• 7a4a7d2 another packaging test bugfix
• 4bc7455 paranoid packaging check for 3.6
• 35c733d fixup: package checks
• 8c6dcdf Merge pull request #476 from cjw296/restart_for_4
• ba8cbf9 Preparing for 4.1.0 release.
• 9004d44 ReST bugfix
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

How often will the code scanning analysis run?

By default, code scanning will trigger a scan with the CodeQL engine on the following events:

• On every pull request — to flag up potential security problems for you to investigate before merging a PR.
• On every push to your default branch and other protected branches — this keeps the analysis results on your repository’s Security tab up to date.
• Once a week at a fixed time — to make sure you benefit from the latest updated security analysis even when no code was committed or PRs were opened.

What will this cost?

Nothing! The CodeQL engine will run inside GitHub Actions, making use of your unlimited free compute minutes for public repositories.

What types of problems does CodeQL find?

The CodeQL engine that powers GitHub code scanning is the exact same engine that powers LGTM.com. The exact set of rules has been tweaked slightly, but you should see almost exactly the same types of alerts as you were used to on LGTM.com: we’ve enabled the security-and-quality query suite for you.

How do I upgrade my CodeQL engine?

No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.

The analysis doesn’t seem to be working

If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, please follow the instructions here to debug the analysis.

How do I disable LGTM.com?

If you have LGTM’s automatic pull request analysis enabled, then you can follow these steps to disable the LGTM pull request analysis. You don’t actually need to remove your repository from LGTM.com; it will automatically be removed in the next few months as part of the deprecation of LGTM.com (more info here).

Which source code hosting platforms does code scanning support?

GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.

How do I know this PR is legitimate?

This PR is filed by the official LGTM.com GitHub App, in line with the deprecation timeline that was announced on the official GitHub Blog. The proposed GitHub Action workflow uses the official open source GitHub CodeQL Action. If you have any other questions or concerns, please join the discussion here in the official GitHub community!

I have another question / how do I get in touch?

Please join the discussion here to ask further questions and send us suggestions!