Migrate to requests 2.6.0 version

AUTHORS.rst

@@ -157,3 +157,6 @@ Patches and Suggestions
 - Martin Jul (`@mjul <https://github.com/mjul>`_)
 - Joe Alcorn (`@buttscicles <https://github.com/buttscicles>`_)
 - Syed Suhail Ahmed <ssuhail.ahmed93@gmail.com> (`@syedsuhail <https://github.com/syedsuhail>`_)
+- Scott Sadler (`@ssadler <https://github.com/ssadler>`_)
+- Arthur Darcet (`@arthurdarcet <https://github.com/arthurdarcet>`_)
+- Ulrich Petri (`@ulope <https://github.com/ulope>`_)

HISTORY.rst

@@ -3,31 +3,138 @@
 Release History
 ---------------
 
-2.4.3.4 (2014-11-06) Rebelmouse
-+++++++++++++++++++++++++++++++
-- small refactoring SysCallError treatment
+2.6.0 (2015-03-14)
+++++++++++++++++++
+
+**Bugfixes**
+
+- Fix handling of cookies on redirect. Previously a cookie without a host
+  value set would use the hostname for the redirected URL exposing requests
+  users to session fixation attacks and potentially cookie stealing. This was
+  disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
+  An CVE identifier has not yet been assigned for this. This affects all
+  versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
+
+- Fix error when requests is an ``install_requires`` dependency and ``python
+  setup.py test`` is run. (#2462)
+
+- Fix error when urllib3 is unbundled and requests continues to use the
+  vendored import location.
+
+- Include fixes to ``urllib3``'s header handling.
+
+- Requests' handling of unvendored dependencies is now more restrictive.
+
+**Features and Improvements**
+
+- Support bytearrays when passed as parameters in the ``files`` argument.
+  (#2468)
+
+- Avoid data duplication when creating a request with ``str``, ``bytes``, or
+  ``bytearray`` input to the ``files`` argument.
+
+2.5.3 (2015-02-24)
+++++++++++++++++++
+
+**Bugfixes**
+
+- Revert changes to our vendored certificate bundle. For more context see
+  (#2455, #2456, and http://bugs.python.org/issue23476)
+
+2.5.2 (2015-02-23)
+++++++++++++++++++
+
+**Features and Improvements**
+
+- Add sha256 fingerprint support. (`shazow/urllib3#540`_)
+
+- Improve the performance of headers. (`shazow/urllib3#544`_)
+
+**Bugfixes**
+
+- Copy pip's import machinery. When downstream redistributors remove
+  requests.packages.urllib3 the import machinery will continue to let those
+  same symbols work. Example usage in requests' documentation and 3rd-party
+  libraries relying on the vendored copies of urllib3 will work without having
+  to fallback to the system urllib3.
+
+- Attempt to quote parts of the URL on redirect if unquoting and then quoting
+  fails. (#2356)
+
+- Fix filename type check for multipart form-data uploads. (#2411)
+
+- Properly handle the case where a server issuing digest authentication
+  challenges provides both auth and auth-int qop-values. (#2408)
+
+- Fix a socket leak. (`shazow/urllib3#549`_)
+
+- Fix multiple ``Set-Cookie`` headers properly. (`shazow/urllib3#534`_)
+
+- Disable the built-in hostname verification. (`shazow/urllib3#526`_)
+
+- Fix the behaviour of decoding an exhausted stream. (`shazow/urllib3#535`_)
+
+**Security**
+
+- Pulled in an updated ``cacert.pem``.
 
+- Drop RC4 from the default cipher list. (`shazow/urllib3#551`_)
 
-2.4.3.3 (2014-11-06) Rebelmouse
-+++++++++++++++++++++++++++++++
-- SysCallError is handled as SSLError exception
+.. _shazow/urllib3#551: https://github.com/shazow/urllib3/pull/551
+.. _shazow/urllib3#549: https://github.com/shazow/urllib3/pull/549
+.. _shazow/urllib3#544: https://github.com/shazow/urllib3/pull/544
+.. _shazow/urllib3#540: https://github.com/shazow/urllib3/pull/540
+.. _shazow/urllib3#535: https://github.com/shazow/urllib3/pull/535
+.. _shazow/urllib3#534: https://github.com/shazow/urllib3/pull/534
+.. _shazow/urllib3#526: https://github.com/shazow/urllib3/pull/526
 
+2.5.1 (2014-12-23)
+++++++++++++++++++
+
+**Behavioural Changes**
+
+- Only catch HTTPErrors in raise_for_status (#2382)
 
-2.4.3.2 (2014-10-4) Rebelmouse
-+++++++++++++++++++++++++++++++
+**Bugfixes**
 
-- Raise a requests' exception when occurs  104 - Connection reset by peer
+- Handle LocationParseError from urllib3 (#2344)
+- Handle file-like object filenames that are not strings (#2379)
+- Unbreak HTTPDigestAuth handler. Allow new nonces to be negotiated (#2389)
 
+2.5.0 (2014-12-01)
+++++++++++++++++++
 
-2.4.3.1 (2014-10-24) Rebelmouse
-+++++++++++++++++++++++++++++++
+**Improvements**
 
-- Added libs to requirements.txt for SSL SNI support
+- Allow usage of urllib3's Retry object with HTTPAdapters (#2216)
+- The ``iter_lines`` method on a response now accepts a delimiter with which
+  to split the content (#2295)
+
+**Behavioural Changes**
+
+- Add deprecation warnings to functions in requests.utils that will be removed
+  in 3.0 (#2309)
+- Sessions used by the functional API are always closed (#2326)
+- Restrict requests to HTTP/1.1 and HTTP/1.0 (stop accepting HTTP/0.9) (#2323)
 
 **Bugfixes**
 
-- Handhshake ssl hangs forever - Gevent/Eventlet enviorments only
-- ZeroReturnerror exception is handled properly.
+- Only parse the URL once (#2353)
+- Allow Content-Length header to always be overriden (#2332)
+- Properly handle files in HTTPDigestAuth (#2333)
+- Cap redirect_cache size to prevent memory abuse (#2299)
+- Fix HTTPDigestAuth handling of redirects after authenticating successfully
+  (#2253)
+- Fix crash with custom method parameter to Session.request (#2317)
+- Fix how Link headers are parsed using the regular expression library (#2271)
+
+**Documentation**
+
+- Add more references for interlinking (#2348)
+- Update CSS for theme (#2290)
+- Update width of buttons and sidebar (#2289)
+- Replace references of Gittip with Gratipay (#2282)
+- Add link to changelog in sidebar (#2273)
 
 2.4.3 (2014-10-06)
 ++++++++++++++++++
@@ -81,7 +188,7 @@ Release History
 - Support for connect timeouts! Timeout now accepts a tuple (connect, read) which is used to set individual connect and read timeouts.
 - Allow copying of PreparedRequests without headers/cookies.
 - Updated bundled urllib3 version.
-- Refactored settings loading from environment — new `Session.merge_environment_settings`.
+- Refactored settings loading from environment -- new `Session.merge_environment_settings`.
 - Handle socket errors in iter_content.
 
 

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2014 Kenneth Reitz
+Copyright 2015 Kenneth Reitz
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.rst

@@ -1,11 +1,11 @@
 Requests: HTTP for Humans
 =========================
 
-.. image:: https://badge.fury.io/py/requests.png
-    :target: http://badge.fury.io/py/requests
+.. image:: https://img.shields.io/pypi/v/requests.svg
+    :target: https://pypi.python.org/pypi/requests
 
-.. image:: https://pypip.in/d/requests/badge.png
-        :target: https://crate.io/packages/requests/
+.. image:: https://img.shields.io/pypi/dm/requests.svg
+        :target: https://pypi.python.org/pypi/requests
 
 
 Requests is an Apache2 Licensed HTTP library, written in Python, for human
@@ -19,7 +19,7 @@ perform the simplest of tasks.
 
 Things shouldn't be this way. Not in Python.
 
-.. code-block:: pycon
+.. code-block:: python
 
     >>> r = requests.get('https://api.github.com', auth=('user', 'pass'))
     >>> r.status_code

docs/_templates/sidebarintro.html

@@ -15,15 +15,9 @@
 </p>
 
 
-<h3>Donate</h3>
- <p>
-     If you love Requests, consider supporting the author <a href="https://gratipay.com/kennethreitz/">on Gratipay</a>:
- </p>
- <p>
-   <iframe style="border: 0; margin: 0; padding: 0;"
-       src="https://www.gratipay.com/kennethreitz/widget.html"
-       width="80pt" height="20pt"></iframe>
- </p>
+<p>
+  <a href="https://gumroad.com/l/RRZc" class="gumroad-button">Buy Requests Pro</a>
+</p>
 
 
 <h3>Get Updates</h3>
@@ -46,6 +40,11 @@ <h3>Translations</h3>
 
 <h3>Useful Links</h3>
 <ul>
+  <li><a href="http://certifi.io/en/latest/">Certifi: Best CA Bundle</a></li>
+  <li><a href="https://github.com/sigmavirus24/requests-toolbelt">Requests-Toolbelt</a></li>
+
+  <p></p>
+
   <li><a href="http://github.com/kennethreitz/requests">Requests @ GitHub</a></li>
   <li><a href="http://pypi.python.org/pypi/requests">Requests @ PyPI</a></li>
   <li><a href="http://github.com/kennethreitz/requests/issues">Issue Tracker</a></li>

docs/_templates/sidebarlogo.html

@@ -14,16 +14,9 @@
   development release.
 </p>
 
-
-<h3>Donate</h3>
- <p>
-     If you love Requests, consider supporting the author <a href="https://www.gratipay.com/kennethreitz/">on Gittip</a>:
- </p>
- <p>
-   <iframe style="border: 0; margin: 0; padding: 0;"
-       src="https://www.gratipay.com/kennethreitz/widget.html"
-       width="80pt" height="20pt"></iframe>
- </p>
+<p>
+  <a href="https://gumroad.com/l/RRZc" class="gumroad-button">Buy Requests Pro</a>
+</p>
 
 <h3>Get Updates</h3>
 <p>Receive updates on new releases and upcoming projects.</p>

docs/_themes/kr/layout.html

@@ -15,6 +15,9 @@
     <a href="https://github.com/kennethreitz/requests" class="github">
         <img style="position: absolute; top: 0; right: 0; border: 0;" src="http://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png" alt="Fork me on GitHub"  class="github"/>
     </a>
+
+    <script type="text/javascript" src="https://gumroad.com/js/gumroad.js"></script>
+
     <script type="text/javascript">
     /* <![CDATA[ */
         (function() {
@@ -68,5 +71,15 @@
       })();
     </script>
 
+    <script type="text/javascript">
+  (function() {
+    window._pa = window._pa || {};
+    _pa.productId = "requests-docs";
+    var pa = document.createElement('script'); pa.type = 'text/javascript'; pa.async = true;
+    pa.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + "//tag.perfectaudience.com/serve/5226171f87bc6890da0000a0.js";
+    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(pa, s);
+  })();
+</script>
+
 
 {%- endblock %}

docs/api.rst

@@ -88,6 +88,12 @@ Cookies
 .. autofunction:: requests.utils.cookiejar_from_dict
 .. autofunction:: requests.utils.add_dict_to_cookiejar
 
+.. autoclass:: requests.cookies.RequestsCookieJar
+   :inherited-members:
+
+.. autoclass:: requests.cookies.CookieConflictError
+   :inherited-members:
+
 
 Encodings
 ~~~~~~~~~

docs/community/support.rst

@@ -5,12 +5,57 @@ Support
 
 If you have questions or issues about Requests, there are several options:
 
+StackOverflow
+-------------
+
+If your question does not contain sensitive (possibly proprietary)
+information or can be properly anonymized, please ask a question on
+`StackOverflow <https://stackoverflow.com/questions/tagged/python-requests>`_
+and use the tag ``python-requests``.
+
 Send a Tweet
 ------------
 
 If your question is less than 140 characters, feel free to send a tweet to
-`@kennethreitz <http://twitter.com/kennethreitz>`_.
+`@kennethreitz <https://twitter.com/kennethreitz>`_,
+`@sigmavirus24 <https://twitter.com/sigmavirus24>`_, or
+`@lukasaoz <https://twitter.com/lukasaoz>`_.
+
+Vulnerability Disclosure
+------------------------
+
+If you think you have found a potential security vulnerability in requests,
+please email `sigmavirus24 <mailto:graffatcolmingov@gmail.com>`_ and
+`Lukasa <mailto:cory@lukasa.co.uk>`_ directly. **Do not file a public issue.**
+
+Our PGP Key fingerprints are:
+
+- 0161 BB7E B208 B5E0 4FDC  9F81 D9DA 0A04 9113 F853 (@sigmavirus24)
+
+- 90DC AE40 FEA7 4B14 9B70  662D F25F 2144 EEC1 373D (@lukasa)
 
+If English is not your first language, please try to describe the problem and
+its impact to the best of your ability. For greater detail, please use your native
+language and we will try our best to translate it using online services.
+
+Please also include the code you used to find the problem and the shortest amount
+of code necessary to reproduce it.
+
+Please do not disclose this to anyone else. We will retrieve a CVE identifier if
+necessary and give you full credit under whatever name or alias you provide.
+We will only request an identifier when we have a fix and can publish it in a release.
+
+We will respect your privacy and will only publicize your involvement if you grant
+us permission.
+
+Previous CVEs
+~~~~~~~~~~~~~
+
+- Fixed in 2.3.0
+
+  - `CVE 2014-1829 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-1829>`_
+
+  - `CVE 2014-1830 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-1830>`_
 
 File an Issue
 -------------
@@ -34,4 +79,9 @@ IRC
 The official Freenode channel for Requests is
 `#python-requests <irc://irc.freenode.net/python-requests>`_
 
-I'm also available as **kennethreitz** on Freenode.
+The core developers of requests are on IRC throughout the day.
+You can find them in ``#python-requests`` as:
+
+- kennethreitz
+- lukasa
+- sigmavirus24

docs/conf.py

@@ -46,7 +46,7 @@
 
 # General information about the project.
 project = u'Requests'
-copyright = u'2014. A <a href="http://kennethreitz.com/pages/open-projects.html">Kenneth Reitz</a> Project'
+copyright = u'2015. A <a href="http://kennethreitz.com/pages/open-projects.html">Kenneth Reitz</a> Project'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the