Sourced from httpx's releases.

Version 0.20.0

0.20.0 (13th October, 2021)

The 0.20.0 release adds an integrated command-line client, and also includes some design changes. The most notable of these is that redirect responses are no longer automatically followed, unless specifically requested.

This design decision prioritises a more explicit approach to redirects, in order to avoid code that unintentionally issues multiple requests as a result of misconfigured URLs.

For example, previously a client configured to send requests to http://api.github.com/ would end up sending every API request twice, as each request would be redirected to https://api.github.com/.

If you do want auto-redirect behaviour, you can enable this either by configuring the client instance with Client(follow_redirects=True), or on a per-request basis, with .get(..., follow_redirects=True).

This change is a classic trade-off between convenience and precision, with no "right" answer. See [discussion #1785](https://github.com/encode/httpx/discussions/1785) for more context.

The other major design change is an update to the Transport API, which is the low-level interface against which requests are sent. Previously this interface used only primitive datastructures, like so...

(status_code, headers, stream, extensions) = transport.handle_request(method, url, headers, stream, extensions)
try
    ...
finally:
    stream.close()

Now the interface is much simpler...

response = transport.handle_request(request)
try
    ...
finally:
    response.close()

Changed

• The allow_redirects flag is now follow_redirects and defaults to False.
• The raise_for_status() method will now raise an exception for any responses except those with 2xx status codes. Previously only 4xx and 5xx status codes would result in an exception.
• The low-level transport API changes to the much simpler response = transport.handle_request(request).
• The client.send() method no longer accepts a timeout=... argument, but the client.build_request() does. This required by the signature change of the Transport API. The request timeout configuration is now stored on the request instance, as request.extensions['timeout'].

Added

• Added the httpx command-line client.
• Response instances now include .is_informational, .is_success, .is_redirect, .is_client_error, and .is_server_error properties for checking 1xx, 2xx, 3xx, 4xx, and 5xx response types. Note that the behaviour of .is_redirect is slightly different in that it now returns True for all 3xx responses, in order to allow for a consistent set of properties onto the different HTTP status code types. The response.has_redirect_location location may be used to determine responses with properly formed URL redirects.

Fixed

• response.iter_bytes() no longer raises a ValueError when called on a response with no content. (Pull #1827)
• The 'wsgi.error' configuration now defaults to sys.stderr, and is corrected to be a TextIO interface, not a BytesIO interface. Additionally, the WSGITransport now accepts a wsgi_error confguration. (Pull #1828)
• Follow the WSGI spec by properly closing the iterable returned by the application. (Pull #1830)

Sourced from httpx's changelog.

0.20.0 (13th October, 2021)

The 0.20.0 release adds an integrated command-line client, and also includes some design changes. The most notable of these is that redirect responses are no longer automatically followed, unless specifically requested.

This design decision prioritises a more explicit approach to redirects, in order to avoid code that unintentionally issues multiple requests as a result of misconfigured URLs.

For example, previously a client configured to send requests to http://api.github.com/ would end up sending every API request twice, as each request would be redirected to https://api.github.com/.

If you do want auto-redirect behaviour, you can enable this either by configuring the client instance with Client(follow_redirects=True), or on a per-request basis, with .get(..., follow_redirects=True).

This change is a classic trade-off between convenience and precision, with no "right" answer. See [discussion #1785](https://github.com/encode/httpx/discussions/1785) for more context.

The other major design change is an update to the Transport API, which is the low-level interface against which requests are sent. Previously this interface used only primitive datastructures, like so...

(status_code, headers, stream, extensions) = transport.handle_request(method, url, headers, stream, extensions)
try
    ...
finally:
    stream.close()

Now the interface is much simpler...

response = transport.handle_request(request)
try
    ...
finally:
    response.close()

Changed

• The allow_redirects flag is now follow_redirects and defaults to False.
• The raise_for_status() method will now raise an exception for any responses except those with 2xx status codes. Previously only 4xx and 5xx status codes would result in an exception.
• The low-level transport API changes to the much simpler response = transport.handle_request(request).

... (truncated)

• 35164b7 Version 0.20 (#1890)
• deb1a2b Update index.md (#1883)
• 2212dda Bump Python 3.10 in the CI (#1886)
• 1752e4d Run CI on 3.9.5 (#1887)
• e1abaf1 Tidy up the formatting of HTTP/2 requests (#1860)
• d41840e Fix typo. (#1859)
• 7e01677 List 'click' and 'rich' in the project dependencies (#1858)
• f299244 Update README.md (#1857)
• ee9250d Add cli support (#1855)
• a761e17 is_informational / is_success / is_redirect / is_client_error / is_server_err...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

2021-10-13 07:00:51.411 | WARNING  | uvicorn.protocols.http.httptools_impl:data_received:134 - Invalid HTTP request received.
Traceback (most recent call last):

  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 116, in spawn_main
    exitcode = _main(fd, parent_sentinel)
               │     │   └ 3
               │     └ 10
               └ <function _main at 0x7f936fb1fb80>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 129, in _main
    return self._bootstrap(parent_sentinel)
           │    │          └ 3
           │    └ <function BaseProcess._bootstrap at 0x7f936fcf61f0>
           └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
    │    └ <function BaseProcess.run at 0x7f936fcf3820>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
    │    │        │    │        │    └ {'config': <uvicorn.config.Config object at 0x7f936fd9dd30>, 'target': <bound method Server.run of <uvicorn.server.Server obj...
    │    │        │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    │        │    └ ()
    │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    └ <function subprocess_started at 0x7f936ecddf70>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started
    target(sockets=sockets)
    │              └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
    └ <bound method Server.run of <uvicorn.server.Server object at 0x7f936fd9dcd0>>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/server.py", line 68, in run
    return asyncio.run(self.serve(sockets=sockets))
           │       │   │    │             └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
           │       │   │    └ <function Server.serve at 0x7f936ecdd4c0>
           │       │   └ <uvicorn.server.Server object at 0x7f936fd9dcd0>
           │       └ <function run at 0x7f936fac6310>
           └ <module 'asyncio' from '/usr/local/lib/python3.8/asyncio/__init__.py'>
  File "/usr/local/lib/python3.8/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
           │    │                  └ <coroutine object Server.serve at 0x7f936e14ddc0>
           │    └ <method 'run_until_complete' of 'uvloop.loop.Loop' objects>
           └ <uvloop.Loop running=True closed=False debug=False>
> File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 131, in data_received
    self.parser.feed_data(data)
    │    │      │         └ b'\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xa2\xd21\xdd\xf5\\Ai\xc4\xa8\xc1\xf9\n\xc9\xfaN\xe5\xe3\xf3\x13\xa3\x13\x17\\\...
    │    │      └ <method 'feed_data' of 'httptools.parser.parser.HttpParser' objects>
    │    └ <httptools.parser.parser.HttpRequestParser object at 0x7f936538ec70>
    └ <uvicorn.protocols.http.httptools_impl.HttpToolsProtocol object at 0x7f9364990ee0>
  File "httptools/parser/parser.pyx", line 212, in httptools.parser.parser.HttpParser.feed_data

httptools.parser.errors.HttpParserInvalidMethodError: Invalid method encountered
2021-10-13 07:00:51.419 | WARNING  | uvicorn.protocols.http.httptools_impl:data_received:134 - Invalid HTTP request received.
Traceback (most recent call last):

  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 116, in spawn_main
    exitcode = _main(fd, parent_sentinel)
               │     │   └ 3
               │     └ 10
               └ <function _main at 0x7f936fb1fb80>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 129, in _main
    return self._bootstrap(parent_sentinel)
           │    │          └ 3
           │    └ <function BaseProcess._bootstrap at 0x7f936fcf61f0>
           └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
    │    └ <function BaseProcess.run at 0x7f936fcf3820>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
    │    │        │    │        │    └ {'config': <uvicorn.config.Config object at 0x7f936fd9dd30>, 'target': <bound method Server.run of <uvicorn.server.Server obj...
    │    │        │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    │        │    └ ()
    │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    └ <function subprocess_started at 0x7f936ecddf70>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started
    target(sockets=sockets)
    │              └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
    └ <bound method Server.run of <uvicorn.server.Server object at 0x7f936fd9dcd0>>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/server.py", line 68, in run
    return asyncio.run(self.serve(sockets=sockets))
           │       │   │    │             └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
           │       │   │    └ <function Server.serve at 0x7f936ecdd4c0>
           │       │   └ <uvicorn.server.Server object at 0x7f936fd9dcd0>
           │       └ <function run at 0x7f936fac6310>
           └ <module 'asyncio' from '/usr/local/lib/python3.8/asyncio/__init__.py'>
  File "/usr/local/lib/python3.8/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
           │    │                  └ <coroutine object Server.serve at 0x7f936e14ddc0>
           │    └ <method 'run_until_complete' of 'uvloop.loop.Loop' objects>
           └ <uvloop.Loop running=True closed=False debug=False>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/server.py", line 107, in handler
    await handle_http(
          └ <function handle_http at 0x7f936ecdd040>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/_handlers/http.py", line 83, in handle_http
    protocol.data_received(data)
    │        │             └ bytearray(b'\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x8c\xf3M\x9d)\xa4\\|gY\xf3\xe8\xe1\xe1`\xc1u4\xffb\x84\xb5\xe5\xb5\x...
    │        └ <function HttpToolsProtocol.data_received at 0x7f936d0ee0d0>
    └ <uvicorn.protocols.http.httptools_impl.HttpToolsProtocol object at 0x7f9364990940>
> File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 131, in data_received
    self.parser.feed_data(data)
    │    │      │         └ bytearray(b'\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x8c\xf3M\x9d)\xa4\\|gY\xf3\xe8\xe1\xe1`\xc1u4\xffb\x84\xb5\xe5\xb5\x...
    │    │      └ <method 'feed_data' of 'httptools.parser.parser.HttpParser' objects>
    │    └ <httptools.parser.parser.HttpRequestParser object at 0x7f936538eb80>
    └ <uvicorn.protocols.http.httptools_impl.HttpToolsProtocol object at 0x7f9364990940>
  File "httptools/parser/parser.pyx", line 212, in httptools.parser.parser.HttpParser.feed_data

httptools.parser.errors.HttpParserInvalidMethodError: Invalid method encountered
2021-10-13 07:00:51.490 | WARNING  | uvicorn.protocols.http.httptools_impl:data_received:134 - Invalid HTTP request received.
Traceback (most recent call last):

  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 116, in spawn_main
    exitcode = _main(fd, parent_sentinel)
               │     │   └ 3
               │     └ 10
               └ <function _main at 0x7f936fb1fb80>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 129, in _main
    return self._bootstrap(parent_sentinel)
           │    │          └ 3
           │    └ <function BaseProcess._bootstrap at 0x7f936fcf61f0>
           └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
    │    └ <function BaseProcess.run at 0x7f936fcf3820>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
    │    │        │    │        │    └ {'config': <uvicorn.config.Config object at 0x7f936fd9dd30>, 'target': <bound method Server.run of <uvicorn.server.Server obj...
    │    │        │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    │        │    └ ()
    │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    └ <function subprocess_started at 0x7f936ecddf70>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started
    target(sockets=sockets)
    │              └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
    └ <bound method Server.run of <uvicorn.server.Server object at 0x7f936fd9dcd0>>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/server.py", line 68, in run
    return asyncio.run(self.serve(sockets=sockets))
           │       │   │    │             └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
           │       │   │    └ <function Server.serve at 0x7f936ecdd4c0>
           │       │   └ <uvicorn.server.Server object at 0x7f936fd9dcd0>
           │       └ <function run at 0x7f936fac6310>
           └ <module 'asyncio' from '/usr/local/lib/python3.8/asyncio/__init__.py'>
  File "/usr/local/lib/python3.8/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
           │    │                  └ <coroutine object Server.serve at 0x7f936e14ddc0>
           │    └ <method 'run_until_complete' of 'uvloop.loop.Loop' objects>
           └ <uvloop.Loop running=True closed=False debug=False>
> File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 131, in data_received
    self.parser.feed_data(data)
    │    │      │         └ b"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03&\xd4|\x8b\x80\x9d\xef\x9a\xc5\x9af\xf5:\xaf\xc2\xab\xd9e\xbdJ\xa7\xdd`c^M\xda\...
    │    │      └ <method 'feed_data' of 'httptools.parser.parser.HttpParser' objects>
    │    └ <httptools.parser.parser.HttpRequestParser object at 0x7f93649a2040>
    └ <uvicorn.protocols.http.httptools_impl.HttpToolsProtocol object at 0x7f93649a0340>
  File "httptools/parser/parser.pyx", line 212, in httptools.parser.parser.HttpParser.feed_data

httptools.parser.errors.HttpParserInvalidMethodError: Invalid method encountered
2021-10-13 07:00:51.747 | WARNING  | uvicorn.protocols.http.httptools_impl:data_received:134 - Invalid HTTP request received.
Traceback (most recent call last):

  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 116, in spawn_main
    exitcode = _main(fd, parent_sentinel)
               │     │   └ 3
               │     └ 10
               └ <function _main at 0x7f936fb1fb80>
  File "/usr/local/lib/python3.8/multiprocessing/spawn.py", line 129, in _main
    return self._bootstrap(parent_sentinel)
           │    │          └ 3
           │    └ <function BaseProcess._bootstrap at 0x7f936fcf61f0>
           └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
    │    └ <function BaseProcess.run at 0x7f936fcf3820>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
    │    │        │    │        │    └ {'config': <uvicorn.config.Config object at 0x7f936fd9dd30>, 'target': <bound method Server.run of <uvicorn.server.Server obj...
    │    │        │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    │        │    └ ()
    │    │        └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
    │    └ <function subprocess_started at 0x7f936ecddf70>
    └ <SpawnProcess name='SpawnProcess-1' parent=7 started>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started
    target(sockets=sockets)
    │              └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
    └ <bound method Server.run of <uvicorn.server.Server object at 0x7f936fd9dcd0>>
  File "/usr/local/lib/python3.8/site-packages/uvicorn/server.py", line 68, in run
    return asyncio.run(self.serve(sockets=sockets))
           │       │   │    │             └ [<socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('0.0.0.0', 8080)>]
           │       │   │    └ <function Server.serve at 0x7f936ecdd4c0>
           │       │   └ <uvicorn.server.Server object at 0x7f936fd9dcd0>
           │       └ <function run at 0x7f936fac6310>
           └ <module 'asyncio' from '/usr/local/lib/python3.8/asyncio/__init__.py'>
  File "/usr/local/lib/python3.8/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
           │    │                  └ <coroutine object Server.serve at 0x7f936e14ddc0>
           │    └ <method 'run_until_complete' of 'uvloop.loop.Loop' objects>
           └ <uvloop.Loop running=True closed=False debug=False>
> File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 131, in data_received
    self.parser.feed_data(data)
    │    │      │         └ b'\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xc63\x87Y\x9c\xafV\x1a\t\xa3\x11\x84\xc9\x0e\xd2k\x03\xd1\x9d\x89\x1bIw\x04\x1...
    │    │      └ <method 'feed_data' of 'httptools.parser.parser.HttpParser' objects>
    │    └ <httptools.parser.parser.HttpRequestParser object at 0x7f936538eb80>
    └ <uvicorn.protocols.http.httptools_impl.HttpToolsProtocol object at 0x7f9364990ca0>
  File "httptools/parser/parser.pyx", line 212, in httptools.parser.parser.HttpParser.feed_data

httptools.parser.errors.HttpParserInvalidMethodError: Invalid method encountered

Sourced from pytest-cov's changelog.

4.0.0 (2022-09-28)

Note that this release drops support for multiprocessing.

• --cov-fail-under no longer causes pytest --collect-only to fail Contributed by Zac Hatfield-Dodds in [#511](https://github.com/pytest-dev/pytest-cov/issues/511) <https://github.com/pytest-dev/pytest-cov/pull/511>_.

• Dropped support for multiprocessing (mostly because issue 82408 <https://github.com/python/cpython/issues/82408>_). This feature was mostly working but very broken in certain scenarios and made the test suite very flaky and slow.

  There is builtin multiprocessing support in coverage and you can migrate to that. All you need is this in your .coveragerc::

  [run] concurrency = multiprocessing parallel = true sigterm = true

• Fixed deprecation in setup.py by trying to import setuptools before distutils. Contributed by Ben Greiner in [#545](https://github.com/pytest-dev/pytest-cov/issues/545) <https://github.com/pytest-dev/pytest-cov/pull/545>_.

• Removed undesirable new lines that were displayed while reporting was disabled. Contributed by Delgan in [#540](https://github.com/pytest-dev/pytest-cov/issues/540) <https://github.com/pytest-dev/pytest-cov/pull/540>_.

• Documentation fixes. Contributed by Andre Brisco in [#543](https://github.com/pytest-dev/pytest-cov/issues/543) <https://github.com/pytest-dev/pytest-cov/pull/543>_ and Colin O'Dell in [#525](https://github.com/pytest-dev/pytest-cov/issues/525) <https://github.com/pytest-dev/pytest-cov/pull/525>_.

• Added support for LCOV output format via --cov-report=lcov. Only works with coverage 6.3+. Contributed by Christian Fetzer in [#536](https://github.com/pytest-dev/pytest-cov/issues/536) <https://github.com/pytest-dev/pytest-cov/issues/536>_.

• Modernized pytest hook implementation. Contributed by Bruno Oliveira in [#549](https://github.com/pytest-dev/pytest-cov/issues/549) <https://github.com/pytest-dev/pytest-cov/pull/549>_ and Ronny Pfannschmidt in [#550](https://github.com/pytest-dev/pytest-cov/issues/550) <https://github.com/pytest-dev/pytest-cov/pull/550>_.

• 28db055 Bump version: 3.0.0 → 4.0.0
• 57e9354 Really update the changelog.
• 56b810b Update chagelog.
• f7fced5 Add support for LCOV output
• 1211d31 Fix flake8 error
• b077753 Use modern approach to specify hook options
• 00713b3 removed incorrect docs on data_file.
• b3dda36 Improve workflow with a collecting status check. (#548)
• 218419f Prevent undesirable new lines to be displayed when report is disabled
• 60b73ec migrate build command from distutils to setuptools
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from fastapi's releases.

0.65.2

Security fixes

• 🔒 Check Content-Type request header before assuming JSON. Initial PR #2118 by @​patrickkwang.

This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json).

So, a request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

See CVE-2021-32677 for more details.

Thanks to Dima Boger for the security report! 🙇🔒

Internal

• 🔧 Update sponsors badge, course bundle. PR #3340 by @​tiangolo.
• 🔧 Add new gold sponsor Jina 🎉. PR #3291 by @​tiangolo.
• 🔧 Add new banner sponsor badge for FastAPI courses bundle. PR #3288 by @​tiangolo.
• 👷 Upgrade Issue Manager GitHub Action. PR #3236 by @​tiangolo.

0.65.1

Security fixes

• 📌 Upgrade pydantic pin, to handle security vulnerability CVE-2021-29510. PR #3213 by @​tiangolo.

0.65.0

Breaking Changes - Upgrade

• ⬆️ Upgrade Starlette to 0.14.2, including internal UJSONResponse migrated from Starlette. This includes several bug fixes and features from Starlette. PR #2335 by @​hanneskuettner.

Translations

• 🌐 Initialize new language Polish for translations. PR #3170 by @​neternefer.

Internal

• 👷 Add GitHub Action cache to speed up CI installs. PR #3204 by @​tiangolo.
• ⬆️ Upgrade setup-python GitHub Action to v2. PR #3203 by @​tiangolo.
• 🐛 Fix docs script to generate a new translation language with overrides boilerplate. PR #3202 by @​tiangolo.
• ✨ Add new Deta banner badge with new sponsorship tier 🙇. PR #3194 by @​tiangolo.
• 👥 Update FastAPI People. PR #3189 by @​github-actions[bot].
• 🔊 Update FastAPI People to allow better debugging. PR #3188 by @​tiangolo.

0.64.0

Features

... (truncated)

• 4d91f97 🔖 Release version 0.65.2
• aabe2c7 📝 Update release notes
• 377234a 🔒 Create Security Policy
• 38b7858 📝 Update release notes
• fa7e3c9 🐛 Check Content-Type request header before assuming JSON (#2118)
• 90120dd 📝 Update release notes
• 3677254 🔧 Update sponsors badge, course bundle (#3340)
• 40bb0c5 📝 Update release notes
• 60918d2 🔧 Add new gold sponsor Jina 🎉 (#3291)
• 3afce2c 📝 Update release notes
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from fastapi's releases.

0.65.1

Security fixes

• 📌 Upgrade pydantic pin, to handle security vulnerability CVE-2021-29510. PR #3213 by @​tiangolo.

0.65.0

Breaking Changes - Upgrade

• ⬆️ Upgrade Starlette to 0.14.2, including internal UJSONResponse migrated from Starlette. This includes several bug fixes and features from Starlette. PR #2335 by @​hanneskuettner.

Translations

• 🌐 Initialize new language Polish for translations. PR #3170 by @​neternefer.

Internal

• 👷 Add GitHub Action cache to speed up CI installs. PR #3204 by @​tiangolo.
• ⬆️ Upgrade setup-python GitHub Action to v2. PR #3203 by @​tiangolo.
• 🐛 Fix docs script to generate a new translation language with overrides boilerplate. PR #3202 by @​tiangolo.
• ✨ Add new Deta banner badge with new sponsorship tier 🙇. PR #3194 by @​tiangolo.
• 👥 Update FastAPI People. PR #3189 by @​github-actions[bot].
• 🔊 Update FastAPI People to allow better debugging. PR #3188 by @​tiangolo.

0.64.0

Features

• ✨ Add support for adding multiple examples in request bodies and path, query, cookie, and header params. New docs: Declare Request Example Data. Initial PR #1267 by @​austinorr.

Fixes

• 📌 Pin SQLAlchemy range for tests, as it doesn't use SemVer. PR #3001 by @​tiangolo.
• 🎨 Add newly required type annotations for mypy. PR #2882 by @​tiangolo.
• 🎨 Remove internal "type: ignore", now unnecessary. PR #2424 by @​AsakuraMizu.

Docs

• 📝 Add link to article in Russian "FastAPI: знакомимся с фреймворком". PR #2564 by @​trkohler.
• 📝 Add external link to blog post "Authenticate Your FastAPI App with Auth0". PR #2172 by @​dompatmore.
• 📝 Fix broken link to article: Machine learning model serving in Python using FastAPI and Streamlit. PR #2557 by @​davidefiocco.
• 📝 Add FastAPI Medium Article: Deploy a dockerized FastAPI application to AWS. PR #2515 by @​vjanz.
• ✏ Fix typo in Tutorial - Handling Errors. PR #2486 by @​johnthagen.
• ✏ Fix typo in Security OAuth2 scopes. PR #2407 by @​jugmac00.
• ✏ Fix typo/clarify docs for SQL (Relational) Databases. PR #2393 by @​kangni.
• 📝 Add external link to "FastAPI for Flask Users". PR #2280 by @​amitness.

Translations

• 🌐 Fix Chinese translation of Tutorial - Query Parameters, remove obsolete content. PR #3051 by @​louis70109.
• 🌐 Add French translation for Tutorial - Background Tasks. PR #3098 by @​Smlep.
• 🌐 Fix Korean translation for docs/ko/docs/index.md. PR #3159 by @​SueNaEunYang.

... (truncated)

• 43df5d0 🔖 Release FastAPI version 0.65.1
• eaa49eb 📝 Update release notes
• a629339 📌 Upgrade pydantic pin, to handle security vulnerability CVE-2021-29510 (#3213)
• b890bd1 🔖 Release version 0.65.0
• 3819a11 📝 Update release notes
• 4aed041 ⬆️ Upgrade Starlette to 0.14.2, including internal UJSONResponse migrated fr...
• 04ac466 📝 Update release notes
• d75126a 👷 Add GitHub Action cache to speed up CI installs (#3204)
• c654e83 📝 Update release notes
• 7c9d016 ⬆️ Upgrade setup-python GitHub Action to v2 (#3203)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sentry-sdk's releases.

1.12.1

Various fixes & improvements

• Link errors to OTel spans (#1787) by @​antonpirker

1.12.0

Basic OTel support

This adds support to automatically integrate OpenTelemetry performance tracing with Sentry.

See the documentation on how to set it up: https://docs.sentry.io/platforms/python/performance/instrumentation/opentelemetry/

Give it a try and let us know if you have any feedback or problems with using it.

By: @​antonpirker (#1772, #1766, #1765)

Various fixes & improvements

• Tox Cleanup (#1749) by @​antonpirker
• CI: Fix Github action checks (#1780) by @​Zylphrex
• Profiling: Introduce active thread id on scope (#1764) by @​Zylphrex
• Profiling: Eagerly hash stack for profiles (#1755) by @​Zylphrex
• Profiling: Resolve inherited method class names (#1756) by @​Zylphrex

1.11.1

Various fixes & improvements

• Move set_transaction_name out of event processor in fastapi/starlette (#1751) by @​sl0thentr0py
• Expose proxy_headers as top level config and use in ProxyManager: https://docs.sentry.io/platforms/python/configuration/options/#proxy-headers (#1746) by @​sl0thentr0py

1.11.0

Various fixes & improvements

• NEW: Support for MongoDB (#1590) by @​Agalin

  Queries to MongoDB are now instrumented!

  See https://docs.sentry.io/platforms/python/guides/pymongo/ for more information.

• Profiling: Do not error if already setup (#1731) by @​Zylphrex

• Profiling: Use sleep scheduler by default (#1729) by @​Zylphrex

• Profiling: Extract more frame info (#1702) by @​Zylphrex

• Profiling: Tune the sample profile generation code for performance (#1694) by @​Zylphrex

• Fix: Reading FastAPI request body twice. (#1724) by @​antonpirker

• Fix: Django signals problem on sentry.io (#1732) by @​antonpirker

• Fix: Performance optimizations for Django signals (#1725) by @​antonpirker

• Fix: Move relay to port 5333 to avoid collisions (#1716) by @​sl0thentr0py

• Fix: strip_string() checks text length counting bytes not chars (#1711) by @​mgaligniana

• Chore: remove jira workflow (#1707) by @​vladanpaunovic

... (truncated)

Sourced from sentry-sdk's changelog.

1.12.1

Various fixes & improvements

• Link errors to OTel spans (#1787) by @​antonpirker

1.12.0

Basic OTel support

This adds support to automatically integrate OpenTelemetry performance tracing with Sentry.

See the documentation on how to set it up: https://docs.sentry.io/platforms/python/performance/instrumentation/opentelemetry/

Give it a try and let us know if you have any feedback or problems with using it.

By: @​antonpirker (#1772, #1766, #1765)

Various fixes & improvements

• Tox Cleanup (#1749) by @​antonpirker
• CI: Fix Github action checks (#1780) by @​Zylphrex
• Profiling: Introduce active thread id on scope (#1764) by @​Zylphrex
• Profiling: Eagerly hash stack for profiles (#1755) by @​Zylphrex
• Profiling: Resolve inherited method class names (#1756) by @​Zylphrex

1.11.1

Various fixes & improvements

• Move set_transaction_name out of event processor in fastapi/starlette (#1751) by @​sl0thentr0py
• Expose proxy_headers as top level config and use in ProxyManager: https://docs.sentry.io/platforms/python/configuration/options/#proxy-headers (#1746) by @​sl0thentr0py

1.11.0

Various fixes & improvements

• Fix signals problem on sentry.io (#1732) by @​antonpirker
• Fix reading FastAPI request body twice. (#1724) by @​antonpirker
• ref(profiling): Do not error if already setup (#1731) by @​Zylphrex
• ref(profiling): Use sleep scheduler by default (#1729) by @​Zylphrex
• feat(profiling): Extract more frame info (#1702) by @​Zylphrex
• Update actions/upload-artifact to v3.1.1 (#1718) by @​mattgauntseo-sentry
• Performance optimizations (#1725) by @​antonpirker
• feat(pymongo): add PyMongo integration (#1590) by @​Agalin
• Move relay to port 5333 to avoid collisions (#1716) by @​sl0thentr0py
• fix(utils): strip_string() checks text length counting bytes not chars (#1711) by @​mgaligniana
• chore: remove jira workflow (#1707) by @​vladanpaunovic
• build(deps): bump checkouts/data-schemas from a214fbc to 20ff3b9 (#1703) by @​dependabot

... (truncated)

• ab1496f release: 1.12.1
• 6959941 Link errors to OTel spans (#1787)
• 561cd4b Merge branch 'release/1.12.0'
• abfdce8 Updated changelog
• 0a02915 release: 1.12.0
• d0eed0e Basic OTel support (#1772)
• eb0db0a Tox Cleanup (#1749)
• dd26fbe fix(ci): Fix Github action checks (#1780)
• b1290c6 feat(profiling): Introduce active thread id on scope (#1764)
• 46697dd Add instrumenter config to switch between Otel and Sentry instrumentation. (#...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 9e9e840 2022.12.07
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from pytest-xdist's changelog.

pytest-xdist 3.1.0 (2022-12-01)

Features

• [#789](https://github.com/pytest-dev/pytest-xdist/issues/789) <https://github.com/pytest-dev/pytest-xdist/issues/789>_: Users can now set a default distribution mode in their configuration file:

  .. code-block:: ini

  [pytest]
  addopts = --dist loadscope
  

• [#842](https://github.com/pytest-dev/pytest-xdist/issues/842) <https://github.com/pytest-dev/pytest-xdist/issues/842>_: Python 3.11 is now officially supported.

Removals

• [#842](https://github.com/pytest-dev/pytest-xdist/issues/842) <https://github.com/pytest-dev/pytest-xdist/issues/842>_: Python 3.6 is no longer supported.

• 92a76bb Release 3.1.0
• 6226965 Merge pull request #851 from nicoddemus/789-default-dist-mode
• 7a0bc4c Let users configure dist mode in the configuration file
• c6bcd20 [pre-commit.ci] pre-commit autoupdate (#849)
• 99c80c3 Fix typo psutils -> psutil (#848)
• e14895a [pre-commit.ci] pre-commit autoupdate (#846)
• bb27210 Merge pull request #844 from pytest-dev/pre-commit-ci-update-config
• 4a33933 Use ternary operator to remove mypy error
• 41620d2 [pre-commit.ci] pre-commit autoupdate
• 6b6f133 Merge pull request #842 from nicoddemus/drop-py36-add-py311
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pycryptodomex's releases.

v3.16.0 - Ravensburg

New features

• Build wheels for musl Linux. Thanks to Ben Raz.

Resolved issues

• GH#639: ARC4 now also works with 'keys' as short as 8 bits.
• GH#669: fix segfaults when running in a manylinux2010 i686 image.

v3.16.0 - Ravensburg (pycryptodomex)

New features

• Build wheels for musl Linux. Thanks to Ben Raz.

Resolved issues

• GH#639: ARC4 now also works with 'keys' as short as 8 bits.
• GH#669: fix segfaults when running in a manylinux2010 i686 image.

Sourced from pycryptodomex's changelog.

3.16.0 (26 November 2022) ++++++++++++++++++++++++++

New features

• Build wheels for musl Linux. Thanks to Ben Raz.

Resolved issues

• GH#639: ARC4 now also works with 'keys' as short as 8 bits.
• GH#669: fix segfaults when running in a manylinux2010 i686 image.

• f54108b Bump version
• 3d065d6 Remove manylinux1 wheels only on Linux
• 60898fe Build wheel for PyPy3.7, drop PyPy3.6
• 428fd89 Delete manylinux1 wheels
• 80d6640 Use -mstackrealign for 32-bits systems and SSE2
• 32f64d5 Use most recent versions of python, ubuntu, upload-artifact
• dcab3e7 Refactor wheel build process
• 7e59254 Merge branch 'rc4_shorter_keys'
• dfcc12b Bump version
• ac3eab0 Allow RC4 keys to be as small as 8 bits
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from httpx's releases.

Version 0.23.1

0.23.1

Added

• Support for Python 3.11. (#2420)
• Allow setting an explicit multipart boundary in Content-Type header. (#2278)
• Allow tuple or list for multipart values, not just list. (#2355)
• Allow str content for multipart upload files. (#2400)
• Support connection upgrades. See https://www.encode.io/httpcore/extensions/#upgrade-requests

Fixed

• Don't drop empty query parameters. (#2354)

Removed

• Drop .read/.aread from SyncByteStream/AsyncByteStream (#2407)
• Drop RawURL. (#2241)

Sourced from httpx's changelog.

0.23.1

Added

• Support for Python 3.11. (#2420)
• Allow setting an explicit multipart boundary in Content-Type header. (#2278)
• Allow tuple or list for multipart values, not just list. (#2355)
• Allow str content for multipart upload files. (#2400)
• Support connection upgrades. See https://www.encode.io/httpcore/extensions/#upgrade-requests

Fixed

• Don't drop empty query parameters. (#2354)

Removed

• Drop .read/.aread from SyncByteStream/AsyncByteStream. (#2407)
• Drop RawURL. (#2241)

• f11eff4 Version 0.23.1 (#2442)
• a2a69e4 Mention default timeout differences from Requests in compatibility docs (#2433)
• 8752e26 Drop .read/.aread from SyncByteStream/AsyncByteStream (#2407)
• 9f9deea Run tests against Python 3.11 stable (#2420)
• 1aea953 Drop cgi module from test_multipart (#2424)
• db00b92 Bump uvicorn from 0.18.3 to 0.19.0 (#2429)
• 9175097 Bump black from 22.8.0 to 22.10.0 (#2428)
• 3b1578f Bump mypy from 0.971 to 0.982 (#2427)
• 1b2e3b7 Bump autoflake from 1.4 to 1.7.7 (#2430)
• 3f0675c Bump coverage from 6.4.4 to 6.5.0 (#2431)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)