Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-requests for openSUSE:Factory checked in at 2024-05-24 19:50:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-requests (Old) and /work/SRC/openSUSE:Factory/.python-requests.new.24587 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-requests" Fri May 24 19:50:01 2024 rev:81 rq:1175867 version:2.32.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-requests/python-requests.changes 2023-09-12 21:02:42.267792687 +0200 +++ /work/SRC/openSUSE:Factory/.python-requests.new.24587/python-requests.changes 2024-05-24 19:50:02.115088124 +0200 @@ -1,0 +2,24 @@ +Wed May 22 14:00:50 UTC 2024 - Markéta Machová <mmach...@suse.com> + +- Update to 2.32.2 + * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, + we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing + custom HTTPAdapters will need to migrate their code to use this new API. get_connection is + considered deprecated in all versions of Requests>=2.32.0. + +------------------------------------------------------------------- +Tue May 21 12:33:41 UTC 2024 - Markéta Machová <mmach...@suse.com> + +- Update to 2.32.1 + * Fixed an issue where setting verify=False on the first request from a Session + will cause subsequent requests to the same origin to also ignore cert verification, + regardless of the value of verify. (bsc#1224788, CVE-2024-35195) + * verify=True now reuses a global SSLContext which should improve request time + variance between first and subsequent requests. + * Requests now supports optional use of character detection (chardet or charset_normalizer) + when repackaged or vendored. This enables pip and other projects to minimize their + vendoring surface area. + * Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7. + * Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. + +------------------------------------------------------------------- Old: ---- requests-2.31.0.tar.gz New: ---- requests-2.32.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-requests.spec ++++++ --- /var/tmp/diff_new_pack.3Xsm9a/_old 2024-05-24 19:50:03.155126102 +0200 +++ /var/tmp/diff_new_pack.3Xsm9a/_new 2024-05-24 19:50:03.155126102 +0200 @@ -1,7 +1,7 @@ # -# spec file +# spec file for package python-requests # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif %{?sle15_python_module_pythons} Name: python-requests%{psuffix} -Version: 2.31.0 +Version: 2.32.2 Release: 0 Summary: Python HTTP Library License: Apache-2.0 @@ -89,9 +89,6 @@ %prep %autosetup -p1 -n requests-%{version} -# drop shebang from certs.py -sed -i '1s/^#!.*$//' requests/certs.py - # remove 'never' default parameter from digest-auth check # requires httpbin 0.6.0 sed -i "s#\(httpbin.*\), 'never'#\1#" tests/test_requests.py ++++++ requests-2.31.0.tar.gz -> requests-2.32.2.tar.gz ++++++ ++++ 13294 lines of diff (skipped)