Sourced from cryptography's changelog.

38.0.3 - 2022-11-01

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
  which resolves *CVE-2022-3602* and *CVE-2022-3786*.
.. _v38-0-2:
38.0.2 - 2022-10-11 (YANKED)

.. attention::

This release was subsequently yanked from PyPI due to a regression in OpenSSL.

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.

.. _v38-0-1:

38.0.1 - 2022-09-07

* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
  seen in large CRLs).
.. _v38-0-0:
38.0.0 - 2022-09-06

• Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
• We no longer ship manylinux2010 wheels. Users should upgrade to the latest pip to ensure this doesn't cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
• Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check :doc:/installation for documentation on installing a newer rustc if required.
• :meth:~cryptography.fernet.Fernet.decrypt and related methods now accept both str and bytes tokens.
• Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue <https://github.com/pyca/cryptography/issues/6368>_ for complete details.
• Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
• When parsing :class:~cryptography.x509.CertificateRevocationList and

... (truncated)

• 7d9c6c3 Bump for 38.0.3 release (#7761)
• 39f8011 attempt to workaround downstream package testing situation (#7725) (#7757)
• 5b12ac8 Use PyPy binaries from manylinux image instead of our own (#7678) (#7693)
• 277ee0d 38.0.2 release (#7691)
• ce119b8 version properly in the changelog (#7578)
• 3ff5218 Backport tlv fix, 38.0.1 bump (#7576)
• 52d6f1a version bump for 38 release (#7567)
• 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
• aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
• 1742975 support setting more PKCS12 serialization encryption options (#7560)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

v0.88.0

Compare Source

Upgrades

• ⬆ Bump Starlette to version 0.22.0 to fix bad encoding for query parameters in new TestClient. PR #​5659 by @​azogue.

Docs

• ✏️ Fix typo in docs for docs/en/docs/advanced/middleware.md. PR #​5376 by @​rifatrakib.

Translations

• 🌐 Add Portuguese translation for docs/pt/docs/deployment/docker.md. PR #​5663 by @​ayr-ton.

Internal

• 👷 Tweak build-docs to improve CI performance. PR #​5699 by @​tiangolo.
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #​5566 by @​pre-commit-ci[bot].
• ⬆️ Upgrade Ruff. PR #​5698 by @​tiangolo.
• 👷 Remove pip cache for Smokeshow as it depends on a requirements.txt. PR #​5700 by @​tiangolo.
• 💚 Fix pip cache for Smokeshow. PR #​5697 by @​tiangolo.
• ?? Fix and tweak CI cache handling. PR #​5696 by @​tiangolo.
• 👷 Update setup-python action in tests to use new caching feature. PR #​5680 by @​madkinsz.
• ⬆ Bump black from 22.8.0 to 22.10.0. PR #​5569 by @​dependabot[bot].

v0.87.0

Compare Source

Highlights of this release:

• Upgraded Starlette
  • Now the TestClient is based on HTTPX instead of Requests. 🚀
  • There are some possible breaking changes in the TestClient usage, but @​Kludex built bump-testclient to help you automatize migrating your tests. Make sure you are using Git and that you can undo any unnecessary changes (false positive changes, etc) before using bump-testclient.
• New WebSocketException (and docs), re-exported from Starlette.
• Upgraded and relaxed dependencies for package extras all (including new Uvicorn version), when you install "fastapi[all]".
• New docs about how to Help Maintain FastAPI.

Features

• ⬆️ Upgrade and relax dependencies for extras "all". PR #​5634 by @​tiangolo.
• ✨ Re-export Starlette's WebSocketException and add it to docs. PR #​5629 by @​tiangolo.
• 📝 Update references to Requests for tests to HTTPX, and add HTTPX to extras. PR #​5628 by @​tiangolo.
• ⬆ Upgrade Starlette to 0.21.0, including the new TestClient based on HTTPX. PR #​5471 by @​pawelrubin.

Docs

• ✏️ Tweak Help FastAPI from PR review after merging. PR #​5633 by @​tiangolo.
• ✏️ Clarify docs on CORS. PR #​5627 by @​paxcodes.
• 📝 Update Help FastAPI: Help Maintain FastAPI. PR #​5632 by @​tiangolo.

Translations

• 🌐 Fix highlight lines for Japanese translation for docs/tutorial/query-params.md. PR #​2969 by @​ftnext.
• 🌐 Add French translation for docs/fr/docs/advanced/additional-status-code.md. PR #​5477 by @​axel584.
• 🌐 Add Portuguese translation for docs/pt/docs/tutorial/request-forms-and-files.md. PR #​5579 by @​batlopes.
• 🌐 Add Japanese translation for docs/ja/docs/advanced/websockets.md. PR #​4983 by @​xryuseix.

Internal

• ✨ Use Ruff for linting. PR #​5630 by @​tiangolo.
• 🛠 Add Arabic issue number to Notify Translations GitHub Action. PR #​5610 by @​tiangolo.
• ⬆ Bump dawidd6/action-download-artifact from 2.24.1 to 2.24.2. PR #​5609 by @​dependabot[bot].
• ⬆ Bump dawidd6/action-download-artifact from 2.24.0 to 2.24.1. PR #​5603 by @​dependabot[bot].
• 📝 Update coverage badge to use Samuel Colvin's Smokeshow. PR #​5585 by @​tiangolo.

Sourced from fastapi's releases.

0.65.2

Security fixes

• 🔒 Check Content-Type request header before assuming JSON. Initial PR #2118 by @​patrickkwang.

This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json).

So, a request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

See CVE-2021-32677 for more details.

Thanks to Dima Boger for the security report! 🙇🔒

Internal

• 🔧 Update sponsors badge, course bundle. PR #3340 by @​tiangolo.
• 🔧 Add new gold sponsor Jina 🎉. PR #3291 by @​tiangolo.
• 🔧 Add new banner sponsor badge for FastAPI courses bundle. PR #3288 by @​tiangolo.
• 👷 Upgrade Issue Manager GitHub Action. PR #3236 by @​tiangolo.

• 4d91f97 🔖 Release version 0.65.2
• aabe2c7 📝 Update release notes
• 377234a 🔒 Create Security Policy
• 38b7858 📝 Update release notes
• fa7e3c9 🐛 Check Content-Type request header before assuming JSON (#2118)
• 90120dd 📝 Update release notes
• 3677254 🔧 Update sponsors badge, course bundle (#3340)
• 40bb0c5 📝 Update release notes
• 60918d2 🔧 Add new gold sponsor Jina 🎉 (#3291)
• 3afce2c 📝 Update release notes
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from pre-commit's releases.

pre-commit v2.5.0

Features

• Expose a PRE_COMMIT=1 environment variable when running hooks
  • #1467 PR by @tech-chad.
  • #1426 issue by @lorenzwalthert.

Fixes

• Fix UnicodeDecodeError on windows when using the py launcher to detect executables with non-ascii characters in the path
  • #1474 PR by @asottile.
  • #1472 issue by DrFobos.
• Fix DeprecationWarning on python3.9 for random.shuffle method
  • #1480 PR by @asottile.
  • #1479 issue by @isidentical.
• Normalize slashes earlier such that global files / exclude use forward slashes on windows as well.
  • #1494 PR by @asottile.
  • #1476 issue by @harrybiddle.

Sourced from pre-commit's changelog.

2.5.0 - 2020-06-08

Features

• Expose a PRE_COMMIT=1 environment variable when running hooks
  • #1467 PR by @tech-chad.
  • #1426 issue by @lorenzwalthert.

Fixes

• Fix UnicodeDecodeError on windows when using the py launcher to detect executables with non-ascii characters in the path
  • #1474 PR by @asottile.
  • #1472 issue by DrFobos.
• Fix DeprecationWarning on python3.9 for random.shuffle method
  • #1480 PR by @asottile.
  • #1479 issue by @isidentical.
• Normalize slashes earlier such that global files / exclude use forward slashes on windows as well.
  • #1494 PR by @asottile.
  • #1476 issue by @harrybiddle.

• 2f25085 v2.5.0
• e69e3e0 Merge pull request #1494 from pre-commit/normalize_slashes_more
• 5fb721f normalize slashes even earlier on windows for filenames
• 79359ed Merge pull request #1480 from pre-commit/random_meth
• e120828 use the shuffle method of Random instead
• d71699d Merge pull request #1474 from pre-commit/unicode_error_py_launcher
• 0781dac avoid a UnicodeError on windows with non-charmap characters
• 42562a1 Merge pull request #1471 from pre-commit/all-repos_autofix_faster-tests
• 254c428 slightly speed up tests by avoiding pre-commit install
• ab63f93 Merge pull request #1467 from tech-chad/env_variable_pre-commit
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

v9.0.1: mkdocs-material-9.0.1

Compare Source

• Removed pipdeptree dependency for built-in info plugin
• Fixed appearance of linked tags when hovered (9.0.0 regression)
• Fixed #​4810: Abbreviations run out of screen on touch devices
• Fixed #​4813: View source and edit button links are the same

v9.0.0: mkdocs-material-9.0.0

Compare Source

Additions and improvements

• Added support for rich search previews
• Added support for tokenizer lookahead
• Added support for better search highlighting
• Added support for excluding content from search
• Added support for configurable search pipeline
• Added support for offline search via offline plugin
• Added support for multiple instances of built-in tags plugin
• Added support for removing copy-to-clipboard button
• Added support for removing footer navigation
• Added support for button to view the source of a page
• Improved readability of query string for search sharing
• Improved stability of search plugin when using --dirtyreload
• Improved search result group button, now sticky and stable
• Updated Norwegian translations
• Updated MkDocs to 1.4.2

Removals

• Removed deprecated alternative admonition qualifiers
• Removed :is() selectors (in output) for easier overriding
• Removed .title suffix on translations
• Removed legacy method for providing page title in feedback URL
• Removed support for indexing only titles in search
• Removed support for custom search transforms
• Removed support for custom search workers
• Removed temporary snow feature (easter egg)

Fixes

• Fixed Norwegian and Korean language code
• Fixed detection of composition events in search interface
• Fixed search plugin not using title set via front matter
• Fixed search highlighting of tags
• Fixed search sharing URL using post transformed string
• Fixed theme-color meta tag getting out-of-sync with palette toggle
• Fixed prev/next page keyboard navigation when footer is not present
• Fixed overflowing navigation tabs not being scrollable
• Fixed inclusion of code block line numbers from search

v39.0.0

Compare Source

v2.21.0

Compare Source

===================

Features

• Require new-enough virtualenv to prevent 3.10 breakage
  • #​2467 PR by @​asottile.
• Respect aliases with SKIP for environment install.
  • #​2480 PR by @​kmARC.
  • #​2478 issue by @​kmARC.
• Allow pre-commit run --files against unmerged paths.
  • #​2484 PR by @​asottile.
• Also apply regex warnings to repo: local hooks.
  • #​2524 PR by @​chrisRedwine.
  • #​2521 issue by @​asottile.
• rust is now a "first class" language -- supporting language_version and installation when not present.
  • #​2534 PR by @​Holzhaus.
• r now uses more-reliable binary installation.
  • #​2460 PR by @​lorenzwalthert.
• GIT_ALLOW_PROTOCOL is now passed through for git operations.
  • #​2555 PR by @​asottile.
• GIT_ASKPASS is now passed through for git operations.
  • #​2564 PR by @​mattp-.
• Remove toml dependency by using cargo add directly.
  • #​2568 PR by @​m-rsha.
• Support dotnet hooks which have dotted prefixes.
  • #​2641 PR by @​rkm.
  • #​2629 issue by @​rkm.

Fixes

• Properly adjust --commit-msg-filename if run from a sub directory.
  • #​2459 PR by @​asottile.
• Simplify --intent-to-add detection by using git diff.
  • #​2580 PR by @​m-rsha.
• Fix R.exe selection on windows.
  • #​2605 PR by @​lorenzwalthert.
  • #​2599 issue by @​SInginc.
• Skip default nuget source when installing dotnet packages.
  • #​2642 PR by @​rkm.