Bump the pip group across 1 directory with 13 updates

[dependabot]

Bumps the pip group with 13 updates in the /backend directory:

Package	From	To
python-multipart	0.0.9	0.0.18
jupyterlab	3.6.7	3.6.8
aiohttp	3.9.3	3.10.11
certifi	2024.2.2	2024.7.4
idna	3.6	3.7
jinja2	3.1.3	3.1.5
langchain-core	0.1.32	0.1.35
pillow	10.2.0	10.3.0
requests	2.31.0	2.32.2
tornado	6.4	6.4.2
tqdm	4.66.2	4.66.3
urllib3	2.2.1	2.2.2
zipp	3.18.1	3.19.1

Updates python-multipart from 0.0.9 to 0.0.18

Release notes

Sourced from python-multipart's releases.

Version 0.0.18

What's Changed

• Hard break if found data after last boundary on MultipartParser by @​Kludex in Kludex/python-multipart#189

---

Full Changelog: Kludex/python-multipart@0.0.17...0.0.18

Version 0.0.17

What's Changed

• Handle PermissionError in fallback code for old import name by @​defnull in Kludex/python-multipart#182

---

Full Changelog: Kludex/python-multipart@0.0.16...0.0.17

Version 0.0.16

What's Changed

• Add dunder attributes to multipart package by @​Kludex in Kludex/python-multipart#177

---

Full Changelog: Kludex/python-multipart@0.0.15...0.0.16

Version 0.0.15

What's Changed

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

---

Full Changelog: Kludex/python-multipart@0.0.14...0.0.15

Version 0.0.14

What's Changed

• fix: use alternate scheme for importing multipart by @​henryiii in Kludex/python-multipart#168

Full Changelog: Kludex/python-multipart@0.0.13...0.0.14

Version 0.0.13

What's Changed

• Rename import to python_multipart by @​henryiii in Kludex/python-multipart#166

New Contributors

• @​henryiii made their first contribution in Kludex/python-multipart#166

Full Changelog: Kludex/python-multipart@0.0.12...0.0.13

... (truncated)

Changelog

Sourced from python-multipart's changelog.

0.0.18 (2024-11-28)

• Hard break if found data after last boundary on MultipartParser #189.

0.0.17 (2024-10-31)

• Handle PermissionError in fallback code for old import name #182.

0.0.16 (2024-10-27)

• Add dunder attributes to multipart package #177.

0.0.15 (2024-10-27)

• Replace FutureWarning to PendingDeprecationWarning #174.
• Add missing files to SDist #171.

0.0.14 (2024-10-24)

• Fix import scheme for multipart module (#168).

0.0.13 (2024-10-20)

• Rename import to python_multipart #166.

0.0.12 (2024-09-29)

• Improve error message when boundary character does not match #124.
• Add mypy strict typing #140.
• Enforce 100% coverage #159.

0.0.11 (2024-09-28)

• Improve performance, especially in data with many CR-LF #137.
• Handle invalid CRLF in header name #141.

0.0.10 (2024-09-21)

• Support on_header_begin #103.
• Improve type hints on FormParser #104.
• Fix OnFileCallback type #106.
• Improve type hints #110.
• Improve type hints on File #111.
• Add type hint to helper functions #112.
• Minor fix for Field.repr #114.
• Fix use of chunk_size parameter #136.
• Allow digits and valid token chars in headers #134.
• Fix headers being carried between parts #135.

Commits

• 5b1aed8 Version 0.0.18 (#191)
• 9205a0e Hard break if found data after last boundary on MultipartParser (#189)
• 170e604 Update ruff & mypy (#188)
• e53b541 Create SECURITY.md (#187)
• 02d1ec1 fuzz: fix boundary error (#179)
• 616b81e Version 0.0.17 (#183)
• ca52662 Handle PermissionError in fallback code for old import name (#182)
• 8764067 Version 0.0.16 (#177)
• ce85154 Version 0.0.15 (#175)
• 73fb55d ci: check-sdist (#172)
• Additional commits viewable in compare view

Updates jupyterlab from 3.6.7 to 3.6.8

Release notes

Sourced from jupyterlab's releases.

v3.6.8

3.6.8

(Full Changelog)

Bugs fixed

• Fix workspaces loading #15842 (@​krassowski)

Maintenance and upkeep improvements

• Run Python tests on MacOS with Python 12, replace canvas with jest-canvas-mock #16314 (@​krassowski)
• Ignore empty stdout data when logging in verdaccio #16459 (@​fcollonval)
• Install Firefox from brew on Mac on CI #16245 (@​krassowski)

Documentation improvements

• Run Python tests on MacOS with Python 12, replace canvas with jest-canvas-mock #16314 (@​krassowski)
• Remove SO links, add more recent issue to FAQ #15811 (@​krassowski)

Other merged PRs

• Removed broken gif links in README.md files #16151 (@​Tanmay-Deshmukh)

Contributors to this release

(GitHub contributors page for this release)

@​afshin | @​ajbozarth | @​AllanChain | @​andrii-i | @​bollwyvl | @​brichet | @​davidbrochart | @​diyoyo | @​echarles | @​ellisonbg | @​ericsnekbytes | @​fcollonval | @​FoSuCloud | @​g547315 | @​gabalafou | @​github-actions | @​guyq1997 | @​HaudinFlorence | @​j264415 | @​JasonWeill | @​joaopalmeiro | @​jtpio | @​jupyterlab-dev-mode | @​jupyterlab-probot | @​kiliansinger | @​kolibril13 | @​krassowski | @​linlol | @​lumberbot-app | @​mahendrapaipuri | @​meeseeksmachine | @​Mehak261124 | @​None | @​Rob-P-Smith | @​RRosio | @​srdas | @​tonyfast | @​trungleduc | @​welcome | @​williamstein | @​xc2 | @​Zsailer

Commits

• decbea1 [ci skip] New version
• 06ad9de Merge commit from fork
• 2ce23ac Backport PR #16245: Install Firefox from brew on Mac on CI (#16249)
• 51da49c Backport PR #16151: Removed broken gif links in README.md files (#16504)
• a6ee24f Backport PR #16459: Ignore empty stdout data when logging in verdaccio (#16463)
• 7b80cf9 Backport PR #16314: Run Python tests on MacOS with Python 12, replace `canvas...
• d3897d2 Backport PR #15842: Fix workspaces loading (#15847)
• 17a2c05 Backport PR #15811 on branch 3.6.x (Remove SO links, add more recent issue to...
• ccc9082 Automated Changelog Entry - Remove 1 placeholder entries. (#15668)
• c71ad3c [ci skip] Publish 3.6.7
• See full diff in compare view

Updates aiohttp from 3.9.3 to 3.10.11

Release notes

Sourced from aiohttp's releases.

3.10.11

Bug fixes

• Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

  Related issues and pull requests on GitHub: #9436.

• Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

  Related issues and pull requests on GitHub: #9506.

• Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

  The connector was not cancellation-safe.

  Related issues and pull requests on GitHub: #9670, #9671.

• Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9686.

• Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9851.

• Fixed system routes polluting the middleware cache -- by :user:bdraco.

  Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.11 (2024-11-13)

Bug fixes

• Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

  Related issues and pull requests on GitHub: :issue:9436.

• Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

  Related issues and pull requests on GitHub: :issue:9506.

• Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

  The connector was not cancellation-safe.

  Related issues and pull requests on GitHub: :issue:9670, :issue:9671.

• Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9686.

• Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9851.

• Fixed system routes polluting the middleware cache -- by :user:bdraco.

... (truncated)

Commits

• 3e09325 Remove 3.10.11rc0 from 3.10 changelog (#9858)
• beb7b74 Release 3.10.11 (#9857)
• 259edc3 [PR #9851/541d86d backport][3.10] Fix incorrect parsing of chunk extensions w...
• bc15db6 [PR #9852/249855a backport][3.10] Fix system routes polluting the middleware ...
• 158bf30 Release 3.10.11rc0 (#9848)
• e5917cd [PR #9844/fabf3884 backport][3.10] Fix compressed get request benchmark paylo...
• 68a1f42 [PR #9840/cc5fa316 backport][3.10] Add benchmark for sending compressed paylo...
• 4f4b90f [PR #9835/32ccfc9a backport][3.10] Adjust client payload benchmarks to better...
• f3dd0f9 [PR #9832/006f4070 backport][3.10] Increase allowed import time for Python 3....
• f2aab2e [PR #9827/14fcfd4c backport][3.10] Adjust client GET read benchmarks to inclu...
• Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.5

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870
• Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253

... (truncated)

Commits

• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• eda8fe8 update dev dependencies
• c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
• 66587ce Fix bug where set would sometimes fail within if
• fbc3a69 Add support for namespaces in tuple parsing (#1664)
• b8f4831 more comments about nsref assignment
• ee83219 Add support for namespaces in tuple assignment
• 1d55cdd Triple quotes in docs (#2064)
• 8a8eafc edit block assignment section
• Additional commits viewable in compare view

Updates langchain-core from 0.1.32 to 0.1.35

Commits

• See full diff in compare view

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Deprecations

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [@​hugovk]
• Deprecate ImageCms constants and versions() function #7702 [@​nulano]

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-0...

Description has been truncated