From 58107e82e9c6cb824053e7c91456cc429d4c458e Mon Sep 17 00:00:00 2001 From: Marcel Bochtler Date: Wed, 18 Jun 2025 10:46:19 +0200 Subject: [PATCH 1/6] Fix incorrect netrc format assumption According to the netrc specification (see [1] and [2]), the `machine` part should not be a full URL, but only a host name. Before, using the correct netrc format with only a host name did not work for authentication purposes in Python Inspector. Fix this by using urllib.parse to find the matching host name. [1]: https://www.ibm.com/docs/en/aix/7.2.0?topic=formats-netrc-file-format-tcpip [2]: https://docs.python.org/3/library/netrc.html#netrc.netrc.hosts Resolves: #176. Signed-off-by: Marcel Bochtler --- src/python_inspector/utils.py | 9 ++++++--- tests/data/test-commented.netrc | 4 ++-- tests/data/test.netrc | 3 ++- tests/test_utils.py | 33 +++++++++++++++++++++++++++++++++ 4 files changed, 43 insertions(+), 6 deletions(-) diff --git a/src/python_inspector/utils.py b/src/python_inspector/utils.py index 1548ac0b..67dccdc0 100644 --- a/src/python_inspector/utils.py +++ b/src/python_inspector/utils.py @@ -16,18 +16,21 @@ from typing import NamedTuple from typing import Optional +from urllib.parse import urlparse + import aiohttp import requests def get_netrc_auth(url, netrc): """ - Return login and password if url is in netrc + Return login and password if the hostname is in netrc else return login and password as None """ + hostname = urlparse(url).hostname hosts = netrc.hosts - if url in hosts: - url_auth = hosts.get(url) + if hostname in hosts: + url_auth = hosts.get(hostname) # netrc returns a tuple of (login, account, password) return (url_auth[0], url_auth[2]) return (None, None) diff --git a/tests/data/test-commented.netrc b/tests/data/test-commented.netrc index 858b48fb..2f482bb1 100644 --- a/tests/data/test-commented.netrc +++ b/tests/data/test-commented.netrc @@ -1,2 +1,2 @@ -machine https://pyp2.org/simple login test password test123 -# machine https://pyp1.org/simple login test password test123 \ No newline at end of file +machine pyp2.org login test password test123 +# machine pyp1.org login test password test123 \ No newline at end of file diff --git a/tests/data/test.netrc b/tests/data/test.netrc index d886b2dc..9b1b45cd 100644 --- a/tests/data/test.netrc +++ b/tests/data/test.netrc @@ -1 +1,2 @@ -machine https://pyp1.org/simple login test password test123 \ No newline at end of file +machine pyp1.org login test password test123 +machine subdomain.example.com login subdomain-user password subdomain-secret \ No newline at end of file diff --git a/tests/test_utils.py b/tests/test_utils.py index 17e7e897..250ecea7 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -35,6 +35,25 @@ def test_get_netrc_auth(): netrc_file = test_env.get_test_loc("test.netrc") parsed_netrc = netrc(netrc_file) assert get_netrc_auth(url="https://pyp1.org/simple", netrc=parsed_netrc) == ("test", "test123") + assert get_netrc_auth(url="https://pyp1.org/different/path", netrc=parsed_netrc) == ( + "test", + "test123", + ) + assert get_netrc_auth(url="https://pyp1.org", netrc=parsed_netrc) == ("test", "test123") + + +def test_get_netrc_auth_with_ports_and_schemes(): + netrc_file = test_env.get_test_loc("test.netrc") + parsed_netrc = netrc(netrc_file) + + assert get_netrc_auth(url="https://pyp1.org:443/path", netrc=parsed_netrc) == ( + "test", + "test123", + ) + assert get_netrc_auth(url="http://pyp1.org:80/simple", netrc=parsed_netrc) == ( + "test", + "test123", + ) def test_get_commented_netrc_auth(): @@ -49,6 +68,20 @@ def test_get_netrc_auth_with_no_matching_url(): assert get_netrc_auth(url="https://pypi2.org/simple", netrc=parsed_netrc) == (None, None) +def test_get_netrc_auth_with_with_subdomains(): + netrc_file = test_env.get_test_loc("test.netrc") + parsed_netrc = netrc(netrc_file) + + assert get_netrc_auth(url="https://subdomain.example.com/simple", netrc=parsed_netrc) == ( + "subdomain-user", + "subdomain-secret", + ) + assert get_netrc_auth(url="https://another.example.com/simple", netrc=parsed_netrc) == ( + None, + None, + ) + + @pytest.mark.asyncio @pytest.mark.skipif(sys.version_info < (3, 8), reason="requires python3.8 or higher") @mock.patch("python_inspector.utils_pypi.CACHE.get") From a2808036065dea0ecdde8d7b8b1d731783c6b670 Mon Sep 17 00:00:00 2001 From: Marcel Bochtler Date: Wed, 18 Jun 2025 11:16:50 +0200 Subject: [PATCH 2/6] Support `default` host in netrc Support the fallback to `default` if the user did not set a specific host name in their netrc file. Signed-off-by: Marcel Bochtler --- src/python_inspector/utils.py | 7 ++++++- tests/data/test-default.netrc | 2 ++ tests/test_utils.py | 14 ++++++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 tests/data/test-default.netrc diff --git a/src/python_inspector/utils.py b/src/python_inspector/utils.py index 67dccdc0..14d2a98b 100644 --- a/src/python_inspector/utils.py +++ b/src/python_inspector/utils.py @@ -24,7 +24,7 @@ def get_netrc_auth(url, netrc): """ - Return login and password if the hostname is in netrc + Return login and password if either the hostname is in netrc or a default is set in netrc else return login and password as None """ hostname = urlparse(url).hostname @@ -33,6 +33,11 @@ def get_netrc_auth(url, netrc): url_auth = hosts.get(hostname) # netrc returns a tuple of (login, account, password) return (url_auth[0], url_auth[2]) + + if "default" in hosts: + default_auth = hosts.get("default") + return (default_auth[0], default_auth[2]) + return (None, None) diff --git a/tests/data/test-default.netrc b/tests/data/test-default.netrc new file mode 100644 index 00000000..c68aa0f0 --- /dev/null +++ b/tests/data/test-default.netrc @@ -0,0 +1,2 @@ +machine example.com login test password test123 +default login defaultuser password defaultpass diff --git a/tests/test_utils.py b/tests/test_utils.py index 250ecea7..d9c0fe5c 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -82,6 +82,20 @@ def test_get_netrc_auth_with_with_subdomains(): ) +def test_get_netrc_auth_with_default(): + netrc_file = test_env.get_test_loc("test-default.netrc") + parsed_netrc = netrc(netrc_file) + + assert get_netrc_auth(url="https://example.com/simple", netrc=parsed_netrc) == ( + "test", + "test123", + ) + assert get_netrc_auth(url="https://non-existing.org/simple", netrc=parsed_netrc) == ( + "defaultuser", + "defaultpass", + ) + + @pytest.mark.asyncio @pytest.mark.skipif(sys.version_info < (3, 8), reason="requires python3.8 or higher") @mock.patch("python_inspector.utils_pypi.CACHE.get") From f634e2dfa99e6a4f00725cb4a383d6d64dc65117 Mon Sep 17 00:00:00 2001 From: Marcel Bochtler Date: Wed, 18 Jun 2025 13:34:58 +0200 Subject: [PATCH 3/6] Fix incorrect credentials type for aiohttp Signed-off-by: Marcel Bochtler --- src/python_inspector/utils_pypi.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/python_inspector/utils_pypi.py b/src/python_inspector/utils_pypi.py index f2757cd6..1cbbece9 100644 --- a/src/python_inspector/utils_pypi.py +++ b/src/python_inspector/utils_pypi.py @@ -1797,7 +1797,10 @@ async def get_remote_file_content( auth = None if credentials: - auth = (credentials.get("login"), credentials.get("password")) + login = credentials.get("login") + password = credentials.get("password") + if login and password: + auth = aiohttp.BasicAuth(login, password) async with aiohttp.ClientSession() as session: async with session.get(url, allow_redirects=True, headers=headers, auth=auth) as response: From e1b179e905dbea21f261d54bfc60baf1bf77ea45 Mon Sep 17 00:00:00 2001 From: Marcel Bochtler Date: Wed, 18 Jun 2025 14:38:28 +0200 Subject: [PATCH 4/6] Ensure `package_url`s end with a slash In PyPI simple repository format, package URLs typically end with the package name and should have a trailing slash [1]. To ensure this trailing slash, the some web servers might redirect to the URL with the trailing slash. This causes the issue that the BasicAuth credentials are removed from the request for security reasons. This was observed with an internal Artifactory repository and adding a trailing slash to the package_url fixes the issue. [1]: https://peps.python.org/pep-0503/#specification Resolves: #127. Signed-off-by: Marcel Bochtler --- src/python_inspector/utils_pypi.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/python_inspector/utils_pypi.py b/src/python_inspector/utils_pypi.py index 1cbbece9..0da998cc 100644 --- a/src/python_inspector/utils_pypi.py +++ b/src/python_inspector/utils_pypi.py @@ -1598,6 +1598,10 @@ async def fetch_links( name using the `index_url` of this repository. """ package_url = f"{self.index_url}/{normalized_name}" + + if not package_url.endswith("/"): + package_url += "/" + text, _ = await CACHE.get( path_or_url=package_url, credentials=self.credentials, From 60fb8b6493681b52710534f0f8e5a192db5acd89 Mon Sep 17 00:00:00 2001 From: Philippe Ombredanne Date: Fri, 27 Jun 2025 15:58:37 +0200 Subject: [PATCH 5/6] Regenerate test fixtures These tests use live data from Pypi.org and the package versions have changed in the resolution. I used these commands: 1. to run all the tests pytest -vvs 2. to regenerate the expected JSON result files for the failed tests PYINSP_REGEN_TEST_FIXTURES=yes pytest -vvs --lf Then I carefully reviewed the diff before committing. Signed-off-by: Philippe Ombredanne --- tests/data/azure-devops.req-310-expected.json | 128 +++++++++--------- tests/data/azure-devops.req-312-expected.json | 128 +++++++++--------- tests/data/azure-devops.req-313-expected.json | 128 +++++++++--------- tests/data/azure-devops.req-38-expected.json | 108 +++++++-------- ...e-requirements-ignore-errors-expected.json | 39 +++--- .../resolved_deps/autobahn-310-expected.json | 6 +- .../data/resolved_deps/flask-39-expected.json | 6 +- 7 files changed, 263 insertions(+), 280 deletions(-) diff --git a/tests/data/azure-devops.req-310-expected.json b/tests/data/azure-devops.req-310-expected.json index 472c2370..18513480 100644 --- a/tests/data/azure-devops.req-310-expected.json +++ b/tests/data/azure-devops.req-310-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--json ", @@ -317,12 +316,12 @@ "type": "pypi", "namespace": null, "name": "certifi", - "version": "2025.4.26", + "version": "2025.6.15", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python package for providing Mozilla's CA Bundle.\nCertifi: Python SSL Certificates\n================================\n\nCertifi provides Mozilla's carefully curated collection of Root Certificates for\nvalidating the trustworthiness of SSL certificates while verifying the identity\nof TLS hosts. It has been extracted from the `Requests`_ project.\n\nInstallation\n------------\n\n``certifi`` is available on PyPI. Simply install it with ``pip``::\n\n $ pip install certifi\n\nUsage\n-----\n\nTo reference the installed certificate authority (CA) bundle, you can use the\nbuilt-in function::\n\n >>> import certifi\n\n >>> certifi.where()\n '/usr/local/lib/python3.7/site-packages/certifi/cacert.pem'\n\nOr from the command line::\n\n $ python -m certifi\n /usr/local/lib/python3.7/site-packages/certifi/cacert.pem\n\nEnjoy!\n\n.. _`Requests`: https://requests.readthedocs.io/en/master/\n\nAddition/Removal of Certificates\n--------------------------------\n\nCertifi does not support any addition/removal or other modification of the\nCA trust store content. This project is intended to provide a reliable and\nhighly portable root of trust to python deployments. Look to upstream projects\nfor methods to use alternate trust.", - "release_date": "2025-04-26T02:12:27", + "release_date": "2025-06-15T02:45:49", "parties": [ { "type": "person", @@ -343,17 +342,16 @@ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9" ], "homepage_url": "https://github.com/certifi/python-certifi", - "download_url": "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", - "size": 159618, + "download_url": "https://files.pythonhosted.org/packages/84/ae/320161bd181fc06471eed047ecce67b693fd7515b16d495d8932db763426/certifi-2025.6.15-py3-none-any.whl", + "size": 157650, "sha1": null, - "md5": "2e5db33ebc696e3759337175b57f661b", - "sha256": "30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", + "md5": "8845c8810c449703d1988932c38d3bea", + "sha256": "2e0c7ce7cb5d8f8634ca55d2ba7e6ec2689a2fd6537d8dec1296a477a4910057", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/certifi/python-certifi", @@ -373,9 +371,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/certifi/2025.4.26/json", + "api_data_url": "https://pypi.org/pypi/certifi/2025.6.15/json", "datasource_id": null, - "purl": "pkg:pypi/certifi@2025.4.26" + "purl": "pkg:pypi/certifi@2025.6.15" }, { "type": "pypi", @@ -574,12 +572,12 @@ "type": "pypi", "namespace": null, "name": "cryptography", - "version": "45.0.3", + "version": "45.0.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.7+ and PyPy3 7.3.11+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2025-05-25T14:16:51", + "release_date": "2025-06-10T00:03:12", "parties": [ { "type": "person", @@ -613,11 +611,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/f5/b4/51417d0cc01802304c1984d76e9592f15e4801abd44ef7ba657060520bf0/cryptography-45.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", - "size": 4560038, + "download_url": "https://files.pythonhosted.org/packages/7f/e3/57b010282346980475e77d414080acdcb3dab9a0be63071efc2041a2c6bd/cryptography-45.0.4-cp37-abi3-manylinux_2_28_x86_64.whl", + "size": 4452052, "sha1": null, - "md5": "895f405f8548c6d156a23c615cb8e20f", - "sha256": "232954730c362638544758a8160c4ee1b832dc011d2c41a306ad8f7cccc5bb0b", + "md5": "c7d3c78af9c284771888bc4fdf63b00e", + "sha256": "7ef2dde4fa9408475038fc9aadfc1fb2676b174e68356359632e980c661ec8f6", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -634,9 +632,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/45.0.3/json", + "api_data_url": "https://pypi.org/pypi/cryptography/45.0.4/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@45.0.3" + "purl": "pkg:pypi/cryptography@45.0.4" }, { "type": "pypi", @@ -837,25 +835,25 @@ "type": "pypi", "namespace": null, "name": "oauthlib", - "version": "3.2.2", + "version": "3.3.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.6+.*\n\n.. image:: https://app.travis-ci.com/oauthlib/oauthlib.svg?branch=master\n :target: https://app.travis-ci.com/oauthlib/oauthlib\n :alt: Travis\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", - "release_date": "2022-10-17T20:04:24", + "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.8+*\n\n.. image:: https://github.com/oauthlib/oauthlib/actions/workflows/python-build.yml/badge.svg\n :target: https://github.com/oauthlib/oauthlib/actions\n :alt: GitHub Actions\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is:\n - `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n - `django-allauth`_, which includes `Django REST framework`_ as well as `Django Ninja`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n.. _`django-allauth`: https://allauth.org/\n.. _`Django Ninja`: https://django-ninja.dev/\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD-3-Clause license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", + "release_date": "2025-06-19T22:48:06", "parties": [ { "type": "person", "role": "author", "name": "The OAuthlib Community", - "email": "idan@gazit.me", + "email": null, "url": null }, { "type": "person", "role": "maintainer", - "name": "Ib Lundgren", - "email": "ib.lundgren@gmail.com", + "name": "Jonathan Huot", + "email": "jonathan.huot@gmail.com", "url": null } ], @@ -870,8 +868,9 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation", @@ -880,11 +879,11 @@ "Topic :: Software Development :: Libraries :: Python Modules" ], "homepage_url": "https://github.com/oauthlib/oauthlib", - "download_url": "https://files.pythonhosted.org/packages/7e/80/cab10959dc1faead58dc8384a781dfbf93cb4d33d50988f7a69f1b7c9bbe/oauthlib-3.2.2-py3-none-any.whl", - "size": 151688, + "download_url": "https://files.pythonhosted.org/packages/be/9c/92789c596b8df838baa98fa71844d84283302f7604ed565dafe5a6b5041a/oauthlib-3.3.1-py3-none-any.whl", + "size": 160065, "sha1": null, - "md5": "a9126e7541baee7da8bf1ad3f216c3cd", - "sha256": "8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca", + "md5": "400a8defd59fe85effc0b94faeedacc7", + "sha256": "88119c938d2b8fb88561af5f6ee0eec8cc8d552b7bb1f712743136eb7523b7a1", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -892,11 +891,7 @@ "copyright": null, "license_expression": null, "declared_license": { - "license": "BSD", - "classifiers": [ - "License :: OSI Approved", - "License :: OSI Approved :: BSD License" - ] + "license": "BSD-3-Clause" }, "notice_text": null, "source_packages": [], @@ -905,9 +900,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/oauthlib/3.2.2/json", + "api_data_url": "https://pypi.org/pypi/oauthlib/3.3.1/json", "datasource_id": null, - "purl": "pkg:pypi/oauthlib@3.2.2" + "purl": "pkg:pypi/oauthlib@3.3.1" }, { "type": "pypi", @@ -1043,12 +1038,12 @@ "type": "pypi", "namespace": null, "name": "requests", - "version": "2.32.3", + "version": "2.32.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python HTTP for Humans.\n# Requests\n\n**Requests** is a simple, yet elegant, HTTP library.\n\n```python\n>>> import requests\n>>> r = requests.get('https://httpbin.org/basic-auth/user/pass', auth=('user', 'pass'))\n>>> r.status_code\n200\n>>> r.headers['content-type']\n'application/json; charset=utf8'\n>>> r.encoding\n'utf-8'\n>>> r.text\n'{\"authenticated\": true, ...'\n>>> r.json()\n{'authenticated': True, ...}\n```\n\nRequests allows you to send HTTP/1.1 requests extremely easily. There\u2019s no need to manually add query strings to your URLs, or to form-encode your `PUT` & `POST` data \u2014 but nowadays, just use the `json` method!\n\nRequests is one of the most downloaded Python packages today, pulling in around `30M downloads / week`\u2014 according to GitHub, Requests is currently [depended upon](https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D) by `1,000,000+` repositories. You may certainly put your trust in this code.\n\n[![Downloads](https://static.pepy.tech/badge/requests/month)](https://pepy.tech/project/requests)\n[![Supported Versions](https://img.shields.io/pypi/pyversions/requests.svg)](https://pypi.org/project/requests)\n[![Contributors](https://img.shields.io/github/contributors/psf/requests.svg)](https://github.com/psf/requests/graphs/contributors)\n\n## Installing Requests and Supported Versions\n\nRequests is available on PyPI:\n\n```console\n$ python -m pip install requests\n```\n\nRequests officially supports Python 3.8+.\n\n## Supported Features & Best\u2013Practices\n\nRequests is ready for the demands of building robust and reliable HTTP\u2013speaking applications, for the needs of today.\n\n- Keep-Alive & Connection Pooling\n- International Domains and URLs\n- Sessions with Cookie Persistence\n- Browser-style TLS/SSL Verification\n- Basic & Digest Authentication\n- Familiar `dict`\u2013like Cookies\n- Automatic Content Decompression and Decoding\n- Multi-part File Uploads\n- SOCKS Proxy Support\n- Connection Timeouts\n- Streaming Downloads\n- Automatic honoring of `.netrc`\n- Chunked HTTP Requests\n\n## API Reference and User Guide available on [Read the Docs](https://requests.readthedocs.io)\n\n[![Read the Docs](https://raw.githubusercontent.com/psf/requests/main/ext/ss.png)](https://requests.readthedocs.io)\n\n## Cloning the repository\n\nWhen cloning the Requests repository, you may need to add the `-c\nfetch.fsck.badTimezone=ignore` flag to avoid an error about a bad commit (see\n[this issue](https://github.com/psf/requests/issues/2690) for more background):\n\n```shell\ngit clone -c fetch.fsck.badTimezone=ignore https://github.com/psf/requests.git\n```\n\nYou can also apply this setting to your global Git config:\n\n```shell\ngit config --global fetch.fsck.badTimezone ignore\n```\n\n---\n\n[![Kenneth Reitz](https://raw.githubusercontent.com/psf/requests/main/ext/kr.png)](https://kennethreitz.org) [![Python Software Foundation](https://raw.githubusercontent.com/psf/requests/main/ext/psf.png)](https://www.python.org/psf)", - "release_date": "2024-05-29T15:37:47", + "release_date": "2025-06-09T16:43:05", "parties": [ { "type": "person", @@ -1070,6 +1065,7 @@ "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", @@ -1078,11 +1074,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": "https://requests.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", - "size": 64928, + "download_url": "https://files.pythonhosted.org/packages/7c/e4/56027c4a6b4ae70ca9de302488c5ca95ad4a39e190093d6c1a8ace08341b/requests-2.32.4-py3-none-any.whl", + "size": 64847, "sha1": null, - "md5": "83d50f7980b330c48f3bfe86372adcca", - "sha256": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", + "md5": "fa8fa331f951fbc5e62f3d3e683a77a4", + "sha256": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/psf/requests", @@ -1102,9 +1098,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/requests/2.32.3/json", + "api_data_url": "https://pypi.org/pypi/requests/2.32.4/json", "datasource_id": null, - "purl": "pkg:pypi/requests@2.32.3" + "purl": "pkg:pypi/requests@2.32.4" }, { "type": "pypi", @@ -1236,12 +1232,12 @@ "type": "pypi", "namespace": null, "name": "urllib3", - "version": "2.4.0", + "version": "2.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "HTTP library with thread-safe connection pooling, file post, and more.\n

\n\n![urllib3](https://github.com/urllib3/urllib3/raw/main/docs/_static/banner_github.svg)\n\n

\n\n

\n \"PyPI\n \"Python\n \"Join\n \"Coverage\n \"Build\n \"Documentation
\n \"OpenSSF\n \"SLSA\n \"CII\n

\n\nurllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the\nPython ecosystem already uses urllib3 and you should too.\nurllib3 brings many critical features that are missing from the Python\nstandard libraries:\n\n- Thread safety.\n- Connection pooling.\n- Client-side SSL/TLS verification.\n- File uploads with multipart encoding.\n- Helpers for retrying requests and dealing with HTTP redirects.\n- Support for gzip, deflate, brotli, and zstd encoding.\n- Proxy support for HTTP and SOCKS.\n- 100% test coverage.\n\nurllib3 is powerful and easy to use:\n\n```python3\n>>> import urllib3\n>>> resp = urllib3.request(\"GET\", \"http://httpbin.org/robots.txt\")\n>>> resp.status\n200\n>>> resp.data\nb\"User-agent: *\\nDisallow: /deny\\n\"\n```\n\n## Installing\n\nurllib3 can be installed with [pip](https://pip.pypa.io):\n\n```bash\n$ python -m pip install urllib3\n```\n\nAlternatively, you can grab the latest source code from [GitHub](https://github.com/urllib3/urllib3):\n\n```bash\n$ git clone https://github.com/urllib3/urllib3.git\n$ cd urllib3\n$ pip install .\n```\n\n\n## Documentation\n\nurllib3 has usage and reference documentation at [urllib3.readthedocs.io](https://urllib3.readthedocs.io).\n\n\n## Community\n\nurllib3 has a [community Discord channel](https://discord.gg/urllib3) for asking questions and\ncollaborating with other contributors. Drop by and say hello \ud83d\udc4b\n\n\n## Contributing\n\nurllib3 happily accepts contributions. Please see our\n[contributing documentation](https://urllib3.readthedocs.io/en/latest/contributing.html)\nfor some tips on getting started.\n\n\n## Security Disclosures\n\nTo report a security vulnerability, please use the\n[Tidelift security contact](https://tidelift.com/security).\nTidelift will coordinate the fix and disclosure with maintainers.\n\n\n## Maintainers\n\n- [@sethmlarson](https://github.com/sethmlarson) (Seth M. Larson)\n- [@pquentin](https://github.com/pquentin) (Quentin Pradet)\n- [@illia-v](https://github.com/illia-v) (Illia Volochii)\n- [@theacodes](https://github.com/theacodes) (Thea Flowers)\n- [@haikuginger](https://github.com/haikuginger) (Jess Shapiro)\n- [@lukasa](https://github.com/lukasa) (Cory Benfield)\n- [@sigmavirus24](https://github.com/sigmavirus24) (Ian Stapleton Cordasco)\n- [@shazow](https://github.com/shazow) (Andrey Petrov)\n\n\ud83d\udc4b\n\n\n## Sponsorship\n\nIf your company benefits from this library, please consider [sponsoring its\ndevelopment](https://urllib3.readthedocs.io/en/latest/sponsors.html).\n\n\n## For Enterprise\n\nProfessional support for urllib3 is available as part of the [Tidelift\nSubscription][1]. Tidelift gives software development teams a single source for\npurchasing and maintaining their software, with professional grade assurances\nfrom the experts who know it best, while seamlessly integrating with existing\ntools.\n\n[1]: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme", - "release_date": "2025-04-10T15:23:37", + "release_date": "2025-06-18T14:07:40", "parties": [ { "type": "person", @@ -1284,11 +1280,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", - "size": 128680, + "download_url": "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", + "size": 129795, "sha1": null, - "md5": "b38b9d8501f98140c591986989a0985f", - "sha256": "4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", + "md5": "ad350c7f4abae4203b487780de9ad034", + "sha256": "e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/urllib3/urllib3", @@ -1303,16 +1299,16 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/urllib3/2.4.0/json", + "api_data_url": "https://pypi.org/pypi/urllib3/2.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/urllib3@2.4.0" + "purl": "pkg:pypi/urllib3@2.5.0" } ], "resolved_dependencies_graph": [ { "package": "pkg:pypi/azure-core@1.34.0", "dependencies": [ - "pkg:pypi/requests@2.32.3", + "pkg:pypi/requests@2.32.4", "pkg:pypi/six@1.17.0", "pkg:pypi/typing-extensions@4.14.0" ] @@ -1327,13 +1323,13 @@ "package": "pkg:pypi/azure-storage-blob@12.25.1", "dependencies": [ "pkg:pypi/azure-core@1.34.0", - "pkg:pypi/cryptography@45.0.3", + "pkg:pypi/cryptography@45.0.4", "pkg:pypi/isodate@0.7.2", "pkg:pypi/typing-extensions@4.14.0" ] }, { - "package": "pkg:pypi/certifi@2025.4.26", + "package": "pkg:pypi/certifi@2025.6.15", "dependencies": [] }, { @@ -1351,7 +1347,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/cryptography@45.0.3", + "package": "pkg:pypi/cryptography@45.0.4", "dependencies": [ "pkg:pypi/cffi@1.17.1" ] @@ -1368,14 +1364,14 @@ "package": "pkg:pypi/msrest@0.7.1", "dependencies": [ "pkg:pypi/azure-core@1.34.0", - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/isodate@0.7.2", "pkg:pypi/requests-oauthlib@2.0.0", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/oauthlib@3.2.2", + "package": "pkg:pypi/oauthlib@3.3.1", "dependencies": [] }, { @@ -1385,17 +1381,17 @@ { "package": "pkg:pypi/requests-oauthlib@2.0.0", "dependencies": [ - "pkg:pypi/oauthlib@3.2.2", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/oauthlib@3.3.1", + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/requests@2.32.3", + "package": "pkg:pypi/requests@2.32.4", "dependencies": [ - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/charset-normalizer@3.4.2", "pkg:pypi/idna@3.10", - "pkg:pypi/urllib3@2.4.0" + "pkg:pypi/urllib3@2.5.0" ] }, { @@ -1407,7 +1403,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/urllib3@2.4.0", + "package": "pkg:pypi/urllib3@2.5.0", "dependencies": [] } ] diff --git a/tests/data/azure-devops.req-312-expected.json b/tests/data/azure-devops.req-312-expected.json index f9c2dbea..95891c98 100644 --- a/tests/data/azure-devops.req-312-expected.json +++ b/tests/data/azure-devops.req-312-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--json ", @@ -317,12 +316,12 @@ "type": "pypi", "namespace": null, "name": "certifi", - "version": "2025.4.26", + "version": "2025.6.15", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python package for providing Mozilla's CA Bundle.\nCertifi: Python SSL Certificates\n================================\n\nCertifi provides Mozilla's carefully curated collection of Root Certificates for\nvalidating the trustworthiness of SSL certificates while verifying the identity\nof TLS hosts. It has been extracted from the `Requests`_ project.\n\nInstallation\n------------\n\n``certifi`` is available on PyPI. Simply install it with ``pip``::\n\n $ pip install certifi\n\nUsage\n-----\n\nTo reference the installed certificate authority (CA) bundle, you can use the\nbuilt-in function::\n\n >>> import certifi\n\n >>> certifi.where()\n '/usr/local/lib/python3.7/site-packages/certifi/cacert.pem'\n\nOr from the command line::\n\n $ python -m certifi\n /usr/local/lib/python3.7/site-packages/certifi/cacert.pem\n\nEnjoy!\n\n.. _`Requests`: https://requests.readthedocs.io/en/master/\n\nAddition/Removal of Certificates\n--------------------------------\n\nCertifi does not support any addition/removal or other modification of the\nCA trust store content. This project is intended to provide a reliable and\nhighly portable root of trust to python deployments. Look to upstream projects\nfor methods to use alternate trust.", - "release_date": "2025-04-26T02:12:27", + "release_date": "2025-06-15T02:45:49", "parties": [ { "type": "person", @@ -343,17 +342,16 @@ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9" ], "homepage_url": "https://github.com/certifi/python-certifi", - "download_url": "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", - "size": 159618, + "download_url": "https://files.pythonhosted.org/packages/84/ae/320161bd181fc06471eed047ecce67b693fd7515b16d495d8932db763426/certifi-2025.6.15-py3-none-any.whl", + "size": 157650, "sha1": null, - "md5": "2e5db33ebc696e3759337175b57f661b", - "sha256": "30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", + "md5": "8845c8810c449703d1988932c38d3bea", + "sha256": "2e0c7ce7cb5d8f8634ca55d2ba7e6ec2689a2fd6537d8dec1296a477a4910057", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/certifi/python-certifi", @@ -373,9 +371,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/certifi/2025.4.26/json", + "api_data_url": "https://pypi.org/pypi/certifi/2025.6.15/json", "datasource_id": null, - "purl": "pkg:pypi/certifi@2025.4.26" + "purl": "pkg:pypi/certifi@2025.6.15" }, { "type": "pypi", @@ -574,12 +572,12 @@ "type": "pypi", "namespace": null, "name": "cryptography", - "version": "45.0.3", + "version": "45.0.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.7+ and PyPy3 7.3.11+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2025-05-25T14:16:51", + "release_date": "2025-06-10T00:02:56", "parties": [ { "type": "person", @@ -613,11 +611,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/f5/b4/51417d0cc01802304c1984d76e9592f15e4801abd44ef7ba657060520bf0/cryptography-45.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", - "size": 4560038, + "download_url": "https://files.pythonhosted.org/packages/f3/ee/d4f2ab688e057e90ded24384e34838086a9b09963389a5ba6854b5876598/cryptography-45.0.4-cp311-abi3-musllinux_1_2_x86_64.whl", + "size": 4572830, "sha1": null, - "md5": "895f405f8548c6d156a23c615cb8e20f", - "sha256": "232954730c362638544758a8160c4ee1b832dc011d2c41a306ad8f7cccc5bb0b", + "md5": "f8eb90afe798149227db9403010d4130", + "sha256": "b0a97c927497e3bc36b33987abb99bf17a9a175a19af38a892dc4bbb844d7ee2", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -634,9 +632,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/45.0.3/json", + "api_data_url": "https://pypi.org/pypi/cryptography/45.0.4/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@45.0.3" + "purl": "pkg:pypi/cryptography@45.0.4" }, { "type": "pypi", @@ -837,25 +835,25 @@ "type": "pypi", "namespace": null, "name": "oauthlib", - "version": "3.2.2", + "version": "3.3.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.6+.*\n\n.. image:: https://app.travis-ci.com/oauthlib/oauthlib.svg?branch=master\n :target: https://app.travis-ci.com/oauthlib/oauthlib\n :alt: Travis\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", - "release_date": "2022-10-17T20:04:24", + "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.8+*\n\n.. image:: https://github.com/oauthlib/oauthlib/actions/workflows/python-build.yml/badge.svg\n :target: https://github.com/oauthlib/oauthlib/actions\n :alt: GitHub Actions\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is:\n - `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n - `django-allauth`_, which includes `Django REST framework`_ as well as `Django Ninja`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n.. _`django-allauth`: https://allauth.org/\n.. _`Django Ninja`: https://django-ninja.dev/\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD-3-Clause license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", + "release_date": "2025-06-19T22:48:06", "parties": [ { "type": "person", "role": "author", "name": "The OAuthlib Community", - "email": "idan@gazit.me", + "email": null, "url": null }, { "type": "person", "role": "maintainer", - "name": "Ib Lundgren", - "email": "ib.lundgren@gmail.com", + "name": "Jonathan Huot", + "email": "jonathan.huot@gmail.com", "url": null } ], @@ -870,8 +868,9 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation", @@ -880,11 +879,11 @@ "Topic :: Software Development :: Libraries :: Python Modules" ], "homepage_url": "https://github.com/oauthlib/oauthlib", - "download_url": "https://files.pythonhosted.org/packages/7e/80/cab10959dc1faead58dc8384a781dfbf93cb4d33d50988f7a69f1b7c9bbe/oauthlib-3.2.2-py3-none-any.whl", - "size": 151688, + "download_url": "https://files.pythonhosted.org/packages/be/9c/92789c596b8df838baa98fa71844d84283302f7604ed565dafe5a6b5041a/oauthlib-3.3.1-py3-none-any.whl", + "size": 160065, "sha1": null, - "md5": "a9126e7541baee7da8bf1ad3f216c3cd", - "sha256": "8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca", + "md5": "400a8defd59fe85effc0b94faeedacc7", + "sha256": "88119c938d2b8fb88561af5f6ee0eec8cc8d552b7bb1f712743136eb7523b7a1", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -892,11 +891,7 @@ "copyright": null, "license_expression": null, "declared_license": { - "license": "BSD", - "classifiers": [ - "License :: OSI Approved", - "License :: OSI Approved :: BSD License" - ] + "license": "BSD-3-Clause" }, "notice_text": null, "source_packages": [], @@ -905,9 +900,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/oauthlib/3.2.2/json", + "api_data_url": "https://pypi.org/pypi/oauthlib/3.3.1/json", "datasource_id": null, - "purl": "pkg:pypi/oauthlib@3.2.2" + "purl": "pkg:pypi/oauthlib@3.3.1" }, { "type": "pypi", @@ -1043,12 +1038,12 @@ "type": "pypi", "namespace": null, "name": "requests", - "version": "2.32.3", + "version": "2.32.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python HTTP for Humans.\n# Requests\n\n**Requests** is a simple, yet elegant, HTTP library.\n\n```python\n>>> import requests\n>>> r = requests.get('https://httpbin.org/basic-auth/user/pass', auth=('user', 'pass'))\n>>> r.status_code\n200\n>>> r.headers['content-type']\n'application/json; charset=utf8'\n>>> r.encoding\n'utf-8'\n>>> r.text\n'{\"authenticated\": true, ...'\n>>> r.json()\n{'authenticated': True, ...}\n```\n\nRequests allows you to send HTTP/1.1 requests extremely easily. There\u2019s no need to manually add query strings to your URLs, or to form-encode your `PUT` & `POST` data \u2014 but nowadays, just use the `json` method!\n\nRequests is one of the most downloaded Python packages today, pulling in around `30M downloads / week`\u2014 according to GitHub, Requests is currently [depended upon](https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D) by `1,000,000+` repositories. You may certainly put your trust in this code.\n\n[![Downloads](https://static.pepy.tech/badge/requests/month)](https://pepy.tech/project/requests)\n[![Supported Versions](https://img.shields.io/pypi/pyversions/requests.svg)](https://pypi.org/project/requests)\n[![Contributors](https://img.shields.io/github/contributors/psf/requests.svg)](https://github.com/psf/requests/graphs/contributors)\n\n## Installing Requests and Supported Versions\n\nRequests is available on PyPI:\n\n```console\n$ python -m pip install requests\n```\n\nRequests officially supports Python 3.8+.\n\n## Supported Features & Best\u2013Practices\n\nRequests is ready for the demands of building robust and reliable HTTP\u2013speaking applications, for the needs of today.\n\n- Keep-Alive & Connection Pooling\n- International Domains and URLs\n- Sessions with Cookie Persistence\n- Browser-style TLS/SSL Verification\n- Basic & Digest Authentication\n- Familiar `dict`\u2013like Cookies\n- Automatic Content Decompression and Decoding\n- Multi-part File Uploads\n- SOCKS Proxy Support\n- Connection Timeouts\n- Streaming Downloads\n- Automatic honoring of `.netrc`\n- Chunked HTTP Requests\n\n## API Reference and User Guide available on [Read the Docs](https://requests.readthedocs.io)\n\n[![Read the Docs](https://raw.githubusercontent.com/psf/requests/main/ext/ss.png)](https://requests.readthedocs.io)\n\n## Cloning the repository\n\nWhen cloning the Requests repository, you may need to add the `-c\nfetch.fsck.badTimezone=ignore` flag to avoid an error about a bad commit (see\n[this issue](https://github.com/psf/requests/issues/2690) for more background):\n\n```shell\ngit clone -c fetch.fsck.badTimezone=ignore https://github.com/psf/requests.git\n```\n\nYou can also apply this setting to your global Git config:\n\n```shell\ngit config --global fetch.fsck.badTimezone ignore\n```\n\n---\n\n[![Kenneth Reitz](https://raw.githubusercontent.com/psf/requests/main/ext/kr.png)](https://kennethreitz.org) [![Python Software Foundation](https://raw.githubusercontent.com/psf/requests/main/ext/psf.png)](https://www.python.org/psf)", - "release_date": "2024-05-29T15:37:47", + "release_date": "2025-06-09T16:43:05", "parties": [ { "type": "person", @@ -1070,6 +1065,7 @@ "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", @@ -1078,11 +1074,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": "https://requests.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", - "size": 64928, + "download_url": "https://files.pythonhosted.org/packages/7c/e4/56027c4a6b4ae70ca9de302488c5ca95ad4a39e190093d6c1a8ace08341b/requests-2.32.4-py3-none-any.whl", + "size": 64847, "sha1": null, - "md5": "83d50f7980b330c48f3bfe86372adcca", - "sha256": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", + "md5": "fa8fa331f951fbc5e62f3d3e683a77a4", + "sha256": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/psf/requests", @@ -1102,9 +1098,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/requests/2.32.3/json", + "api_data_url": "https://pypi.org/pypi/requests/2.32.4/json", "datasource_id": null, - "purl": "pkg:pypi/requests@2.32.3" + "purl": "pkg:pypi/requests@2.32.4" }, { "type": "pypi", @@ -1236,12 +1232,12 @@ "type": "pypi", "namespace": null, "name": "urllib3", - "version": "2.4.0", + "version": "2.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "HTTP library with thread-safe connection pooling, file post, and more.\n

\n\n![urllib3](https://github.com/urllib3/urllib3/raw/main/docs/_static/banner_github.svg)\n\n

\n\n

\n \"PyPI\n \"Python\n \"Join\n \"Coverage\n \"Build\n \"Documentation
\n \"OpenSSF\n \"SLSA\n \"CII\n

\n\nurllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the\nPython ecosystem already uses urllib3 and you should too.\nurllib3 brings many critical features that are missing from the Python\nstandard libraries:\n\n- Thread safety.\n- Connection pooling.\n- Client-side SSL/TLS verification.\n- File uploads with multipart encoding.\n- Helpers for retrying requests and dealing with HTTP redirects.\n- Support for gzip, deflate, brotli, and zstd encoding.\n- Proxy support for HTTP and SOCKS.\n- 100% test coverage.\n\nurllib3 is powerful and easy to use:\n\n```python3\n>>> import urllib3\n>>> resp = urllib3.request(\"GET\", \"http://httpbin.org/robots.txt\")\n>>> resp.status\n200\n>>> resp.data\nb\"User-agent: *\\nDisallow: /deny\\n\"\n```\n\n## Installing\n\nurllib3 can be installed with [pip](https://pip.pypa.io):\n\n```bash\n$ python -m pip install urllib3\n```\n\nAlternatively, you can grab the latest source code from [GitHub](https://github.com/urllib3/urllib3):\n\n```bash\n$ git clone https://github.com/urllib3/urllib3.git\n$ cd urllib3\n$ pip install .\n```\n\n\n## Documentation\n\nurllib3 has usage and reference documentation at [urllib3.readthedocs.io](https://urllib3.readthedocs.io).\n\n\n## Community\n\nurllib3 has a [community Discord channel](https://discord.gg/urllib3) for asking questions and\ncollaborating with other contributors. Drop by and say hello \ud83d\udc4b\n\n\n## Contributing\n\nurllib3 happily accepts contributions. Please see our\n[contributing documentation](https://urllib3.readthedocs.io/en/latest/contributing.html)\nfor some tips on getting started.\n\n\n## Security Disclosures\n\nTo report a security vulnerability, please use the\n[Tidelift security contact](https://tidelift.com/security).\nTidelift will coordinate the fix and disclosure with maintainers.\n\n\n## Maintainers\n\n- [@sethmlarson](https://github.com/sethmlarson) (Seth M. Larson)\n- [@pquentin](https://github.com/pquentin) (Quentin Pradet)\n- [@illia-v](https://github.com/illia-v) (Illia Volochii)\n- [@theacodes](https://github.com/theacodes) (Thea Flowers)\n- [@haikuginger](https://github.com/haikuginger) (Jess Shapiro)\n- [@lukasa](https://github.com/lukasa) (Cory Benfield)\n- [@sigmavirus24](https://github.com/sigmavirus24) (Ian Stapleton Cordasco)\n- [@shazow](https://github.com/shazow) (Andrey Petrov)\n\n\ud83d\udc4b\n\n\n## Sponsorship\n\nIf your company benefits from this library, please consider [sponsoring its\ndevelopment](https://urllib3.readthedocs.io/en/latest/sponsors.html).\n\n\n## For Enterprise\n\nProfessional support for urllib3 is available as part of the [Tidelift\nSubscription][1]. Tidelift gives software development teams a single source for\npurchasing and maintaining their software, with professional grade assurances\nfrom the experts who know it best, while seamlessly integrating with existing\ntools.\n\n[1]: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme", - "release_date": "2025-04-10T15:23:37", + "release_date": "2025-06-18T14:07:40", "parties": [ { "type": "person", @@ -1284,11 +1280,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", - "size": 128680, + "download_url": "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", + "size": 129795, "sha1": null, - "md5": "b38b9d8501f98140c591986989a0985f", - "sha256": "4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", + "md5": "ad350c7f4abae4203b487780de9ad034", + "sha256": "e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/urllib3/urllib3", @@ -1303,16 +1299,16 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/urllib3/2.4.0/json", + "api_data_url": "https://pypi.org/pypi/urllib3/2.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/urllib3@2.4.0" + "purl": "pkg:pypi/urllib3@2.5.0" } ], "resolved_dependencies_graph": [ { "package": "pkg:pypi/azure-core@1.34.0", "dependencies": [ - "pkg:pypi/requests@2.32.3", + "pkg:pypi/requests@2.32.4", "pkg:pypi/six@1.17.0", "pkg:pypi/typing-extensions@4.14.0" ] @@ -1327,13 +1323,13 @@ "package": "pkg:pypi/azure-storage-blob@12.25.1", "dependencies": [ "pkg:pypi/azure-core@1.34.0", - "pkg:pypi/cryptography@45.0.3", + "pkg:pypi/cryptography@45.0.4", "pkg:pypi/isodate@0.7.2", "pkg:pypi/typing-extensions@4.14.0" ] }, { - "package": "pkg:pypi/certifi@2025.4.26", + "package": "pkg:pypi/certifi@2025.6.15", "dependencies": [] }, { @@ -1351,7 +1347,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/cryptography@45.0.3", + "package": "pkg:pypi/cryptography@45.0.4", "dependencies": [ "pkg:pypi/cffi@1.17.1" ] @@ -1368,14 +1364,14 @@ "package": "pkg:pypi/msrest@0.7.1", "dependencies": [ "pkg:pypi/azure-core@1.34.0", - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/isodate@0.7.2", "pkg:pypi/requests-oauthlib@2.0.0", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/oauthlib@3.2.2", + "package": "pkg:pypi/oauthlib@3.3.1", "dependencies": [] }, { @@ -1385,17 +1381,17 @@ { "package": "pkg:pypi/requests-oauthlib@2.0.0", "dependencies": [ - "pkg:pypi/oauthlib@3.2.2", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/oauthlib@3.3.1", + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/requests@2.32.3", + "package": "pkg:pypi/requests@2.32.4", "dependencies": [ - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/charset-normalizer@3.4.2", "pkg:pypi/idna@3.10", - "pkg:pypi/urllib3@2.4.0" + "pkg:pypi/urllib3@2.5.0" ] }, { @@ -1407,7 +1403,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/urllib3@2.4.0", + "package": "pkg:pypi/urllib3@2.5.0", "dependencies": [] } ] diff --git a/tests/data/azure-devops.req-313-expected.json b/tests/data/azure-devops.req-313-expected.json index 65dc9e11..693297f7 100644 --- a/tests/data/azure-devops.req-313-expected.json +++ b/tests/data/azure-devops.req-313-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--json ", @@ -317,12 +316,12 @@ "type": "pypi", "namespace": null, "name": "certifi", - "version": "2025.4.26", + "version": "2025.6.15", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python package for providing Mozilla's CA Bundle.\nCertifi: Python SSL Certificates\n================================\n\nCertifi provides Mozilla's carefully curated collection of Root Certificates for\nvalidating the trustworthiness of SSL certificates while verifying the identity\nof TLS hosts. It has been extracted from the `Requests`_ project.\n\nInstallation\n------------\n\n``certifi`` is available on PyPI. Simply install it with ``pip``::\n\n $ pip install certifi\n\nUsage\n-----\n\nTo reference the installed certificate authority (CA) bundle, you can use the\nbuilt-in function::\n\n >>> import certifi\n\n >>> certifi.where()\n '/usr/local/lib/python3.7/site-packages/certifi/cacert.pem'\n\nOr from the command line::\n\n $ python -m certifi\n /usr/local/lib/python3.7/site-packages/certifi/cacert.pem\n\nEnjoy!\n\n.. _`Requests`: https://requests.readthedocs.io/en/master/\n\nAddition/Removal of Certificates\n--------------------------------\n\nCertifi does not support any addition/removal or other modification of the\nCA trust store content. This project is intended to provide a reliable and\nhighly portable root of trust to python deployments. Look to upstream projects\nfor methods to use alternate trust.", - "release_date": "2025-04-26T02:12:27", + "release_date": "2025-06-15T02:45:49", "parties": [ { "type": "person", @@ -343,17 +342,16 @@ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9" ], "homepage_url": "https://github.com/certifi/python-certifi", - "download_url": "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", - "size": 159618, + "download_url": "https://files.pythonhosted.org/packages/84/ae/320161bd181fc06471eed047ecce67b693fd7515b16d495d8932db763426/certifi-2025.6.15-py3-none-any.whl", + "size": 157650, "sha1": null, - "md5": "2e5db33ebc696e3759337175b57f661b", - "sha256": "30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", + "md5": "8845c8810c449703d1988932c38d3bea", + "sha256": "2e0c7ce7cb5d8f8634ca55d2ba7e6ec2689a2fd6537d8dec1296a477a4910057", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/certifi/python-certifi", @@ -373,9 +371,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/certifi/2025.4.26/json", + "api_data_url": "https://pypi.org/pypi/certifi/2025.6.15/json", "datasource_id": null, - "purl": "pkg:pypi/certifi@2025.4.26" + "purl": "pkg:pypi/certifi@2025.6.15" }, { "type": "pypi", @@ -574,12 +572,12 @@ "type": "pypi", "namespace": null, "name": "cryptography", - "version": "45.0.3", + "version": "45.0.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.7+ and PyPy3 7.3.11+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2025-05-25T14:16:51", + "release_date": "2025-06-10T00:02:56", "parties": [ { "type": "person", @@ -613,11 +611,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/f5/b4/51417d0cc01802304c1984d76e9592f15e4801abd44ef7ba657060520bf0/cryptography-45.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", - "size": 4560038, + "download_url": "https://files.pythonhosted.org/packages/f3/ee/d4f2ab688e057e90ded24384e34838086a9b09963389a5ba6854b5876598/cryptography-45.0.4-cp311-abi3-musllinux_1_2_x86_64.whl", + "size": 4572830, "sha1": null, - "md5": "895f405f8548c6d156a23c615cb8e20f", - "sha256": "232954730c362638544758a8160c4ee1b832dc011d2c41a306ad8f7cccc5bb0b", + "md5": "f8eb90afe798149227db9403010d4130", + "sha256": "b0a97c927497e3bc36b33987abb99bf17a9a175a19af38a892dc4bbb844d7ee2", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -634,9 +632,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/45.0.3/json", + "api_data_url": "https://pypi.org/pypi/cryptography/45.0.4/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@45.0.3" + "purl": "pkg:pypi/cryptography@45.0.4" }, { "type": "pypi", @@ -837,25 +835,25 @@ "type": "pypi", "namespace": null, "name": "oauthlib", - "version": "3.2.2", + "version": "3.3.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.6+.*\n\n.. image:: https://app.travis-ci.com/oauthlib/oauthlib.svg?branch=master\n :target: https://app.travis-ci.com/oauthlib/oauthlib\n :alt: Travis\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", - "release_date": "2022-10-17T20:04:24", + "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.8+*\n\n.. image:: https://github.com/oauthlib/oauthlib/actions/workflows/python-build.yml/badge.svg\n :target: https://github.com/oauthlib/oauthlib/actions\n :alt: GitHub Actions\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is:\n - `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n - `django-allauth`_, which includes `Django REST framework`_ as well as `Django Ninja`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n.. _`django-allauth`: https://allauth.org/\n.. _`Django Ninja`: https://django-ninja.dev/\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD-3-Clause license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", + "release_date": "2025-06-19T22:48:06", "parties": [ { "type": "person", "role": "author", "name": "The OAuthlib Community", - "email": "idan@gazit.me", + "email": null, "url": null }, { "type": "person", "role": "maintainer", - "name": "Ib Lundgren", - "email": "ib.lundgren@gmail.com", + "name": "Jonathan Huot", + "email": "jonathan.huot@gmail.com", "url": null } ], @@ -870,8 +868,9 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation", @@ -880,11 +879,11 @@ "Topic :: Software Development :: Libraries :: Python Modules" ], "homepage_url": "https://github.com/oauthlib/oauthlib", - "download_url": "https://files.pythonhosted.org/packages/7e/80/cab10959dc1faead58dc8384a781dfbf93cb4d33d50988f7a69f1b7c9bbe/oauthlib-3.2.2-py3-none-any.whl", - "size": 151688, + "download_url": "https://files.pythonhosted.org/packages/be/9c/92789c596b8df838baa98fa71844d84283302f7604ed565dafe5a6b5041a/oauthlib-3.3.1-py3-none-any.whl", + "size": 160065, "sha1": null, - "md5": "a9126e7541baee7da8bf1ad3f216c3cd", - "sha256": "8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca", + "md5": "400a8defd59fe85effc0b94faeedacc7", + "sha256": "88119c938d2b8fb88561af5f6ee0eec8cc8d552b7bb1f712743136eb7523b7a1", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -892,11 +891,7 @@ "copyright": null, "license_expression": null, "declared_license": { - "license": "BSD", - "classifiers": [ - "License :: OSI Approved", - "License :: OSI Approved :: BSD License" - ] + "license": "BSD-3-Clause" }, "notice_text": null, "source_packages": [], @@ -905,9 +900,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/oauthlib/3.2.2/json", + "api_data_url": "https://pypi.org/pypi/oauthlib/3.3.1/json", "datasource_id": null, - "purl": "pkg:pypi/oauthlib@3.2.2" + "purl": "pkg:pypi/oauthlib@3.3.1" }, { "type": "pypi", @@ -1043,12 +1038,12 @@ "type": "pypi", "namespace": null, "name": "requests", - "version": "2.32.3", + "version": "2.32.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python HTTP for Humans.\n# Requests\n\n**Requests** is a simple, yet elegant, HTTP library.\n\n```python\n>>> import requests\n>>> r = requests.get('https://httpbin.org/basic-auth/user/pass', auth=('user', 'pass'))\n>>> r.status_code\n200\n>>> r.headers['content-type']\n'application/json; charset=utf8'\n>>> r.encoding\n'utf-8'\n>>> r.text\n'{\"authenticated\": true, ...'\n>>> r.json()\n{'authenticated': True, ...}\n```\n\nRequests allows you to send HTTP/1.1 requests extremely easily. There\u2019s no need to manually add query strings to your URLs, or to form-encode your `PUT` & `POST` data \u2014 but nowadays, just use the `json` method!\n\nRequests is one of the most downloaded Python packages today, pulling in around `30M downloads / week`\u2014 according to GitHub, Requests is currently [depended upon](https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D) by `1,000,000+` repositories. You may certainly put your trust in this code.\n\n[![Downloads](https://static.pepy.tech/badge/requests/month)](https://pepy.tech/project/requests)\n[![Supported Versions](https://img.shields.io/pypi/pyversions/requests.svg)](https://pypi.org/project/requests)\n[![Contributors](https://img.shields.io/github/contributors/psf/requests.svg)](https://github.com/psf/requests/graphs/contributors)\n\n## Installing Requests and Supported Versions\n\nRequests is available on PyPI:\n\n```console\n$ python -m pip install requests\n```\n\nRequests officially supports Python 3.8+.\n\n## Supported Features & Best\u2013Practices\n\nRequests is ready for the demands of building robust and reliable HTTP\u2013speaking applications, for the needs of today.\n\n- Keep-Alive & Connection Pooling\n- International Domains and URLs\n- Sessions with Cookie Persistence\n- Browser-style TLS/SSL Verification\n- Basic & Digest Authentication\n- Familiar `dict`\u2013like Cookies\n- Automatic Content Decompression and Decoding\n- Multi-part File Uploads\n- SOCKS Proxy Support\n- Connection Timeouts\n- Streaming Downloads\n- Automatic honoring of `.netrc`\n- Chunked HTTP Requests\n\n## API Reference and User Guide available on [Read the Docs](https://requests.readthedocs.io)\n\n[![Read the Docs](https://raw.githubusercontent.com/psf/requests/main/ext/ss.png)](https://requests.readthedocs.io)\n\n## Cloning the repository\n\nWhen cloning the Requests repository, you may need to add the `-c\nfetch.fsck.badTimezone=ignore` flag to avoid an error about a bad commit (see\n[this issue](https://github.com/psf/requests/issues/2690) for more background):\n\n```shell\ngit clone -c fetch.fsck.badTimezone=ignore https://github.com/psf/requests.git\n```\n\nYou can also apply this setting to your global Git config:\n\n```shell\ngit config --global fetch.fsck.badTimezone ignore\n```\n\n---\n\n[![Kenneth Reitz](https://raw.githubusercontent.com/psf/requests/main/ext/kr.png)](https://kennethreitz.org) [![Python Software Foundation](https://raw.githubusercontent.com/psf/requests/main/ext/psf.png)](https://www.python.org/psf)", - "release_date": "2024-05-29T15:37:47", + "release_date": "2025-06-09T16:43:05", "parties": [ { "type": "person", @@ -1070,6 +1065,7 @@ "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", @@ -1078,11 +1074,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": "https://requests.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", - "size": 64928, + "download_url": "https://files.pythonhosted.org/packages/7c/e4/56027c4a6b4ae70ca9de302488c5ca95ad4a39e190093d6c1a8ace08341b/requests-2.32.4-py3-none-any.whl", + "size": 64847, "sha1": null, - "md5": "83d50f7980b330c48f3bfe86372adcca", - "sha256": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", + "md5": "fa8fa331f951fbc5e62f3d3e683a77a4", + "sha256": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/psf/requests", @@ -1102,9 +1098,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/requests/2.32.3/json", + "api_data_url": "https://pypi.org/pypi/requests/2.32.4/json", "datasource_id": null, - "purl": "pkg:pypi/requests@2.32.3" + "purl": "pkg:pypi/requests@2.32.4" }, { "type": "pypi", @@ -1236,12 +1232,12 @@ "type": "pypi", "namespace": null, "name": "urllib3", - "version": "2.4.0", + "version": "2.5.0", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "HTTP library with thread-safe connection pooling, file post, and more.\n

\n\n![urllib3](https://github.com/urllib3/urllib3/raw/main/docs/_static/banner_github.svg)\n\n

\n\n

\n \"PyPI\n \"Python\n \"Join\n \"Coverage\n \"Build\n \"Documentation
\n \"OpenSSF\n \"SLSA\n \"CII\n

\n\nurllib3 is a powerful, *user-friendly* HTTP client for Python. Much of the\nPython ecosystem already uses urllib3 and you should too.\nurllib3 brings many critical features that are missing from the Python\nstandard libraries:\n\n- Thread safety.\n- Connection pooling.\n- Client-side SSL/TLS verification.\n- File uploads with multipart encoding.\n- Helpers for retrying requests and dealing with HTTP redirects.\n- Support for gzip, deflate, brotli, and zstd encoding.\n- Proxy support for HTTP and SOCKS.\n- 100% test coverage.\n\nurllib3 is powerful and easy to use:\n\n```python3\n>>> import urllib3\n>>> resp = urllib3.request(\"GET\", \"http://httpbin.org/robots.txt\")\n>>> resp.status\n200\n>>> resp.data\nb\"User-agent: *\\nDisallow: /deny\\n\"\n```\n\n## Installing\n\nurllib3 can be installed with [pip](https://pip.pypa.io):\n\n```bash\n$ python -m pip install urllib3\n```\n\nAlternatively, you can grab the latest source code from [GitHub](https://github.com/urllib3/urllib3):\n\n```bash\n$ git clone https://github.com/urllib3/urllib3.git\n$ cd urllib3\n$ pip install .\n```\n\n\n## Documentation\n\nurllib3 has usage and reference documentation at [urllib3.readthedocs.io](https://urllib3.readthedocs.io).\n\n\n## Community\n\nurllib3 has a [community Discord channel](https://discord.gg/urllib3) for asking questions and\ncollaborating with other contributors. Drop by and say hello \ud83d\udc4b\n\n\n## Contributing\n\nurllib3 happily accepts contributions. Please see our\n[contributing documentation](https://urllib3.readthedocs.io/en/latest/contributing.html)\nfor some tips on getting started.\n\n\n## Security Disclosures\n\nTo report a security vulnerability, please use the\n[Tidelift security contact](https://tidelift.com/security).\nTidelift will coordinate the fix and disclosure with maintainers.\n\n\n## Maintainers\n\n- [@sethmlarson](https://github.com/sethmlarson) (Seth M. Larson)\n- [@pquentin](https://github.com/pquentin) (Quentin Pradet)\n- [@illia-v](https://github.com/illia-v) (Illia Volochii)\n- [@theacodes](https://github.com/theacodes) (Thea Flowers)\n- [@haikuginger](https://github.com/haikuginger) (Jess Shapiro)\n- [@lukasa](https://github.com/lukasa) (Cory Benfield)\n- [@sigmavirus24](https://github.com/sigmavirus24) (Ian Stapleton Cordasco)\n- [@shazow](https://github.com/shazow) (Andrey Petrov)\n\n\ud83d\udc4b\n\n\n## Sponsorship\n\nIf your company benefits from this library, please consider [sponsoring its\ndevelopment](https://urllib3.readthedocs.io/en/latest/sponsors.html).\n\n\n## For Enterprise\n\nProfessional support for urllib3 is available as part of the [Tidelift\nSubscription][1]. Tidelift gives software development teams a single source for\npurchasing and maintaining their software, with professional grade assurances\nfrom the experts who know it best, while seamlessly integrating with existing\ntools.\n\n[1]: https://tidelift.com/subscription/pkg/pypi-urllib3?utm_source=pypi-urllib3&utm_medium=referral&utm_campaign=readme", - "release_date": "2025-04-10T15:23:37", + "release_date": "2025-06-18T14:07:40", "parties": [ { "type": "person", @@ -1284,11 +1280,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", - "size": 128680, + "download_url": "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", + "size": 129795, "sha1": null, - "md5": "b38b9d8501f98140c591986989a0985f", - "sha256": "4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", + "md5": "ad350c7f4abae4203b487780de9ad034", + "sha256": "e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/urllib3/urllib3", @@ -1303,16 +1299,16 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/urllib3/2.4.0/json", + "api_data_url": "https://pypi.org/pypi/urllib3/2.5.0/json", "datasource_id": null, - "purl": "pkg:pypi/urllib3@2.4.0" + "purl": "pkg:pypi/urllib3@2.5.0" } ], "resolved_dependencies_graph": [ { "package": "pkg:pypi/azure-core@1.34.0", "dependencies": [ - "pkg:pypi/requests@2.32.3", + "pkg:pypi/requests@2.32.4", "pkg:pypi/six@1.17.0", "pkg:pypi/typing-extensions@4.14.0" ] @@ -1327,13 +1323,13 @@ "package": "pkg:pypi/azure-storage-blob@12.25.1", "dependencies": [ "pkg:pypi/azure-core@1.34.0", - "pkg:pypi/cryptography@45.0.3", + "pkg:pypi/cryptography@45.0.4", "pkg:pypi/isodate@0.7.2", "pkg:pypi/typing-extensions@4.14.0" ] }, { - "package": "pkg:pypi/certifi@2025.4.26", + "package": "pkg:pypi/certifi@2025.6.15", "dependencies": [] }, { @@ -1351,7 +1347,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/cryptography@45.0.3", + "package": "pkg:pypi/cryptography@45.0.4", "dependencies": [ "pkg:pypi/cffi@1.17.1" ] @@ -1368,14 +1364,14 @@ "package": "pkg:pypi/msrest@0.7.1", "dependencies": [ "pkg:pypi/azure-core@1.34.0", - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/isodate@0.7.2", "pkg:pypi/requests-oauthlib@2.0.0", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/oauthlib@3.2.2", + "package": "pkg:pypi/oauthlib@3.3.1", "dependencies": [] }, { @@ -1385,17 +1381,17 @@ { "package": "pkg:pypi/requests-oauthlib@2.0.0", "dependencies": [ - "pkg:pypi/oauthlib@3.2.2", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/oauthlib@3.3.1", + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/requests@2.32.3", + "package": "pkg:pypi/requests@2.32.4", "dependencies": [ - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/charset-normalizer@3.4.2", "pkg:pypi/idna@3.10", - "pkg:pypi/urllib3@2.4.0" + "pkg:pypi/urllib3@2.5.0" ] }, { @@ -1407,7 +1403,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/urllib3@2.4.0", + "package": "pkg:pypi/urllib3@2.5.0", "dependencies": [] } ] diff --git a/tests/data/azure-devops.req-38-expected.json b/tests/data/azure-devops.req-38-expected.json index 5dd355c8..888a21a1 100644 --- a/tests/data/azure-devops.req-38-expected.json +++ b/tests/data/azure-devops.req-38-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--index-url https://pypi.org/simple", "--json ", @@ -318,12 +317,12 @@ "type": "pypi", "namespace": null, "name": "certifi", - "version": "2025.4.26", + "version": "2025.6.15", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python package for providing Mozilla's CA Bundle.\nCertifi: Python SSL Certificates\n================================\n\nCertifi provides Mozilla's carefully curated collection of Root Certificates for\nvalidating the trustworthiness of SSL certificates while verifying the identity\nof TLS hosts. It has been extracted from the `Requests`_ project.\n\nInstallation\n------------\n\n``certifi`` is available on PyPI. Simply install it with ``pip``::\n\n $ pip install certifi\n\nUsage\n-----\n\nTo reference the installed certificate authority (CA) bundle, you can use the\nbuilt-in function::\n\n >>> import certifi\n\n >>> certifi.where()\n '/usr/local/lib/python3.7/site-packages/certifi/cacert.pem'\n\nOr from the command line::\n\n $ python -m certifi\n /usr/local/lib/python3.7/site-packages/certifi/cacert.pem\n\nEnjoy!\n\n.. _`Requests`: https://requests.readthedocs.io/en/master/\n\nAddition/Removal of Certificates\n--------------------------------\n\nCertifi does not support any addition/removal or other modification of the\nCA trust store content. This project is intended to provide a reliable and\nhighly portable root of trust to python deployments. Look to upstream projects\nfor methods to use alternate trust.", - "release_date": "2025-04-26T02:12:27", + "release_date": "2025-06-15T02:45:49", "parties": [ { "type": "person", @@ -344,17 +343,16 @@ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9" ], "homepage_url": "https://github.com/certifi/python-certifi", - "download_url": "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", - "size": 159618, + "download_url": "https://files.pythonhosted.org/packages/84/ae/320161bd181fc06471eed047ecce67b693fd7515b16d495d8932db763426/certifi-2025.6.15-py3-none-any.whl", + "size": 157650, "sha1": null, - "md5": "2e5db33ebc696e3759337175b57f661b", - "sha256": "30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", + "md5": "8845c8810c449703d1988932c38d3bea", + "sha256": "2e0c7ce7cb5d8f8634ca55d2ba7e6ec2689a2fd6537d8dec1296a477a4910057", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/certifi/python-certifi", @@ -374,9 +372,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/certifi/2025.4.26/json", + "api_data_url": "https://pypi.org/pypi/certifi/2025.6.15/json", "datasource_id": null, - "purl": "pkg:pypi/certifi@2025.4.26" + "purl": "pkg:pypi/certifi@2025.6.15" }, { "type": "pypi", @@ -579,12 +577,12 @@ "type": "pypi", "namespace": null, "name": "cryptography", - "version": "45.0.3", + "version": "45.0.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.\npyca/cryptography\n=================\n\n.. image:: https://img.shields.io/pypi/v/cryptography.svg\n :target: https://pypi.org/project/cryptography/\n :alt: Latest Version\n\n.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest\n :target: https://cryptography.io\n :alt: Latest Docs\n\n.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain\n\n\n``cryptography`` is a package which provides cryptographic recipes and\nprimitives to Python developers. Our goal is for it to be your \"cryptographic\nstandard library\". It supports Python 3.7+ and PyPy3 7.3.11+.\n\n``cryptography`` includes both high level recipes and low level interfaces to\ncommon cryptographic algorithms such as symmetric ciphers, message digests, and\nkey derivation functions. For example, to encrypt something with\n``cryptography``'s high level symmetric encryption recipe:\n\n.. code-block:: pycon\n\n >>> from cryptography.fernet import Fernet\n >>> # Put this somewhere safe!\n >>> key = Fernet.generate_key()\n >>> f = Fernet(key)\n >>> token = f.encrypt(b\"A really secret message. Not for prying eyes.\")\n >>> token\n b'...'\n >>> f.decrypt(token)\n b'A really secret message. Not for prying eyes.'\n\nYou can find more information in the `documentation`_.\n\nYou can install ``cryptography`` with:\n\n.. code-block:: console\n\n $ pip install cryptography\n\nFor full details see `the installation documentation`_.\n\nDiscussion\n~~~~~~~~~~\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a `cryptography-dev`_ mailing list for development discussion.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get\ninvolved.\n\nSecurity\n~~~~~~~~\n\nNeed to report a security issue? Please consult our `security reporting`_\ndocumentation.\n\n\n.. _`documentation`: https://cryptography.io/\n.. _`the installation documentation`: https://cryptography.io/en/latest/installation/\n.. _`issue tracker`: https://github.com/pyca/cryptography/issues\n.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _`security reporting`: https://cryptography.io/en/latest/security/", - "release_date": "2025-05-25T14:16:51", + "release_date": "2025-06-10T00:03:12", "parties": [ { "type": "person", @@ -618,11 +616,11 @@ "Topic :: Security :: Cryptography" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/f5/b4/51417d0cc01802304c1984d76e9592f15e4801abd44ef7ba657060520bf0/cryptography-45.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", - "size": 4560038, + "download_url": "https://files.pythonhosted.org/packages/7f/e3/57b010282346980475e77d414080acdcb3dab9a0be63071efc2041a2c6bd/cryptography-45.0.4-cp37-abi3-manylinux_2_28_x86_64.whl", + "size": 4452052, "sha1": null, - "md5": "895f405f8548c6d156a23c615cb8e20f", - "sha256": "232954730c362638544758a8160c4ee1b832dc011d2c41a306ad8f7cccc5bb0b", + "md5": "c7d3c78af9c284771888bc4fdf63b00e", + "sha256": "7ef2dde4fa9408475038fc9aadfc1fb2676b174e68356359632e980c661ec8f6", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -639,9 +637,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/cryptography/45.0.3/json", + "api_data_url": "https://pypi.org/pypi/cryptography/45.0.4/json", "datasource_id": null, - "purl": "pkg:pypi/cryptography@45.0.3" + "purl": "pkg:pypi/cryptography@45.0.4" }, { "type": "pypi", @@ -842,25 +840,25 @@ "type": "pypi", "namespace": null, "name": "oauthlib", - "version": "3.2.2", + "version": "3.3.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", - "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.6+.*\n\n.. image:: https://app.travis-ci.com/oauthlib/oauthlib.svg?branch=master\n :target: https://app.travis-ci.com/oauthlib/oauthlib\n :alt: Travis\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", - "release_date": "2022-10-17T20:04:24", + "description": "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic\nOAuthLib - Python Framework for OAuth1 & OAuth2\n===============================================\n\n*A generic, spec-compliant, thorough implementation of the OAuth request-signing\nlogic for Python 3.8+*\n\n.. image:: https://github.com/oauthlib/oauthlib/actions/workflows/python-build.yml/badge.svg\n :target: https://github.com/oauthlib/oauthlib/actions\n :alt: GitHub Actions\n.. image:: https://coveralls.io/repos/oauthlib/oauthlib/badge.svg?branch=master\n :target: https://coveralls.io/r/oauthlib/oauthlib\n :alt: Coveralls\n.. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: Download from PyPI\n.. image:: https://img.shields.io/pypi/l/oauthlib.svg\n :target: https://pypi.org/project/oauthlib/\n :alt: License\n.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib.svg?type=shield\n :target: https://app.fossa.io/projects/git%2Bgithub.com%2Foauthlib%2Foauthlib?ref=badge_shield\n :alt: FOSSA Status\n.. image:: https://img.shields.io/readthedocs/oauthlib.svg\n :target: https://oauthlib.readthedocs.io/en/latest/index.html\n :alt: Read the Docs\n.. image:: https://badges.gitter.im/oauthlib/oauthlib.svg\n :target: https://gitter.im/oauthlib/Lobby\n :alt: Chat on Gitter\n\n\n.. image:: https://raw.githubusercontent.com/oauthlib/oauthlib/8d71b161fd145d11c40d55c9ab66ac134a303253/docs/logo/oauthlib-banner-700x192.png\n :target: https://github.com/oauthlib/oauthlib/\n :alt: OAuth + Python = OAuthlib Python Framework\n\n\nOAuth often seems complicated and difficult-to-implement. There are several\nprominent libraries for handling OAuth requests, but they all suffer from one or\nboth of the following:\n\n1. They predate the `OAuth 1.0 spec`_, AKA RFC 5849.\n2. They predate the `OAuth 2.0 spec`_, AKA RFC 6749.\n3. They assume the usage of a specific HTTP request library.\n\n.. _`OAuth 1.0 spec`: https://tools.ietf.org/html/rfc5849\n.. _`OAuth 2.0 spec`: https://tools.ietf.org/html/rfc6749\n\nOAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without\nassuming a specific HTTP request object or web framework. Use it to graft OAuth\nclient support onto your favorite HTTP library, or provide support onto your\nfavourite web framework. If you're a maintainer of such a library, write a thin\nveneer on top of OAuthLib and get OAuth support for very little effort.\n\n\nDocumentation\n--------------\n\nFull documentation is available on `Read the Docs`_. All contributions are very\nwelcome! The documentation is still quite sparse, please open an issue for what\nyou'd like to know, or discuss it in our `Gitter community`_, or even better, send a\npull request!\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html\n\nInterested in making OAuth requests?\n------------------------------------\n\nThen you might be more interested in using `requests`_ which has OAuthLib\npowered OAuth support provided by the `requests-oauthlib`_ library.\n\n.. _`requests`: https://github.com/requests/requests\n.. _`requests-oauthlib`: https://github.com/requests/requests-oauthlib\n\nWhich web frameworks are supported?\n-----------------------------------\n\nThe following packages provide OAuth support using OAuthLib.\n\n- For Django there is:\n - `django-oauth-toolkit`_, which includes `Django REST framework`_ support.\n - `django-allauth`_, which includes `Django REST framework`_ as well as `Django Ninja`_ support.\n- For Flask there is `flask-oauthlib`_ and `Flask-Dance`_.\n- For Pyramid there is `pyramid-oauthlib`_.\n- For Bottle there is `bottle-oauthlib`_.\n\nIf you have written an OAuthLib package that supports your favorite framework,\nplease open a Pull Request, updating the documentation.\n\n.. _`django-oauth-toolkit`: https://github.com/evonove/django-oauth-toolkit\n.. _`flask-oauthlib`: https://github.com/lepture/flask-oauthlib\n.. _`Django REST framework`: http://django-rest-framework.org\n.. _`Flask-Dance`: https://github.com/singingwolfboy/flask-dance\n.. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib\n.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib\n.. _`django-allauth`: https://allauth.org/\n.. _`Django Ninja`: https://django-ninja.dev/\n\nUsing OAuthLib? Please get in touch!\n------------------------------------\nPatching OAuth support onto an http request framework? Creating an OAuth\nprovider extension for a web framework? Simply using OAuthLib to Get Things Done\nor to learn?\n\nNo matter which we'd love to hear from you in our `Gitter community`_ or if you have\nanything in particular you would like to have, change or comment on don't\nhesitate for a second to send a pull request or open an issue. We might be quite\nbusy and therefore slow to reply but we love feedback!\n\nChances are you have run into something annoying that you wish there was\ndocumentation for, if you wish to gain eternal fame and glory, and a drink if we\nhave the pleasure to run into each other, please send a docs pull request =)\n\n.. _`Gitter community`: https://gitter.im/oauthlib/Lobby\n\nLicense\n-------\n\nOAuthLib is yours to use and abuse according to the terms of the BSD-3-Clause license.\nCheck the LICENSE file for full details.\n\nCredits\n-------\n\nOAuthLib has been started and maintained several years by Idan Gazit and other\namazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_\ncreation has been possible and the project can stay active and reactive to users\nrequests.\n\n\n.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS\n.. _`community`: https://github.com/oauthlib/\n\nChangelog\n---------\n\n*OAuthLib is in active development, with the core of both OAuth1 and OAuth2\ncompleted, for providers as well as clients.* See `supported features`_ for\ndetails.\n\n.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html\n\nFor a full changelog see ``CHANGELOG.rst``.", + "release_date": "2025-06-19T22:48:06", "parties": [ { "type": "person", "role": "author", "name": "The OAuthlib Community", - "email": "idan@gazit.me", + "email": null, "url": null }, { "type": "person", "role": "maintainer", - "name": "Ib Lundgren", - "email": "ib.lundgren@gmail.com", + "name": "Jonathan Huot", + "email": "jonathan.huot@gmail.com", "url": null } ], @@ -875,8 +873,9 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation", @@ -885,11 +884,11 @@ "Topic :: Software Development :: Libraries :: Python Modules" ], "homepage_url": "https://github.com/oauthlib/oauthlib", - "download_url": "https://files.pythonhosted.org/packages/7e/80/cab10959dc1faead58dc8384a781dfbf93cb4d33d50988f7a69f1b7c9bbe/oauthlib-3.2.2-py3-none-any.whl", - "size": 151688, + "download_url": "https://files.pythonhosted.org/packages/be/9c/92789c596b8df838baa98fa71844d84283302f7604ed565dafe5a6b5041a/oauthlib-3.3.1-py3-none-any.whl", + "size": 160065, "sha1": null, - "md5": "a9126e7541baee7da8bf1ad3f216c3cd", - "sha256": "8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca", + "md5": "400a8defd59fe85effc0b94faeedacc7", + "sha256": "88119c938d2b8fb88561af5f6ee0eec8cc8d552b7bb1f712743136eb7523b7a1", "sha512": null, "bug_tracking_url": null, "code_view_url": null, @@ -897,11 +896,7 @@ "copyright": null, "license_expression": null, "declared_license": { - "license": "BSD", - "classifiers": [ - "License :: OSI Approved", - "License :: OSI Approved :: BSD License" - ] + "license": "BSD-3-Clause" }, "notice_text": null, "source_packages": [], @@ -910,9 +905,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/oauthlib/3.2.2/json", + "api_data_url": "https://pypi.org/pypi/oauthlib/3.3.1/json", "datasource_id": null, - "purl": "pkg:pypi/oauthlib@3.2.2" + "purl": "pkg:pypi/oauthlib@3.3.1" }, { "type": "pypi", @@ -1048,12 +1043,12 @@ "type": "pypi", "namespace": null, "name": "requests", - "version": "2.32.3", + "version": "2.32.4", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Python HTTP for Humans.\n# Requests\n\n**Requests** is a simple, yet elegant, HTTP library.\n\n```python\n>>> import requests\n>>> r = requests.get('https://httpbin.org/basic-auth/user/pass', auth=('user', 'pass'))\n>>> r.status_code\n200\n>>> r.headers['content-type']\n'application/json; charset=utf8'\n>>> r.encoding\n'utf-8'\n>>> r.text\n'{\"authenticated\": true, ...'\n>>> r.json()\n{'authenticated': True, ...}\n```\n\nRequests allows you to send HTTP/1.1 requests extremely easily. There\u2019s no need to manually add query strings to your URLs, or to form-encode your `PUT` & `POST` data \u2014 but nowadays, just use the `json` method!\n\nRequests is one of the most downloaded Python packages today, pulling in around `30M downloads / week`\u2014 according to GitHub, Requests is currently [depended upon](https://github.com/psf/requests/network/dependents?package_id=UGFja2FnZS01NzA4OTExNg%3D%3D) by `1,000,000+` repositories. You may certainly put your trust in this code.\n\n[![Downloads](https://static.pepy.tech/badge/requests/month)](https://pepy.tech/project/requests)\n[![Supported Versions](https://img.shields.io/pypi/pyversions/requests.svg)](https://pypi.org/project/requests)\n[![Contributors](https://img.shields.io/github/contributors/psf/requests.svg)](https://github.com/psf/requests/graphs/contributors)\n\n## Installing Requests and Supported Versions\n\nRequests is available on PyPI:\n\n```console\n$ python -m pip install requests\n```\n\nRequests officially supports Python 3.8+.\n\n## Supported Features & Best\u2013Practices\n\nRequests is ready for the demands of building robust and reliable HTTP\u2013speaking applications, for the needs of today.\n\n- Keep-Alive & Connection Pooling\n- International Domains and URLs\n- Sessions with Cookie Persistence\n- Browser-style TLS/SSL Verification\n- Basic & Digest Authentication\n- Familiar `dict`\u2013like Cookies\n- Automatic Content Decompression and Decoding\n- Multi-part File Uploads\n- SOCKS Proxy Support\n- Connection Timeouts\n- Streaming Downloads\n- Automatic honoring of `.netrc`\n- Chunked HTTP Requests\n\n## API Reference and User Guide available on [Read the Docs](https://requests.readthedocs.io)\n\n[![Read the Docs](https://raw.githubusercontent.com/psf/requests/main/ext/ss.png)](https://requests.readthedocs.io)\n\n## Cloning the repository\n\nWhen cloning the Requests repository, you may need to add the `-c\nfetch.fsck.badTimezone=ignore` flag to avoid an error about a bad commit (see\n[this issue](https://github.com/psf/requests/issues/2690) for more background):\n\n```shell\ngit clone -c fetch.fsck.badTimezone=ignore https://github.com/psf/requests.git\n```\n\nYou can also apply this setting to your global Git config:\n\n```shell\ngit config --global fetch.fsck.badTimezone ignore\n```\n\n---\n\n[![Kenneth Reitz](https://raw.githubusercontent.com/psf/requests/main/ext/kr.png)](https://kennethreitz.org) [![Python Software Foundation](https://raw.githubusercontent.com/psf/requests/main/ext/psf.png)](https://www.python.org/psf)", - "release_date": "2024-05-29T15:37:47", + "release_date": "2025-06-09T16:43:05", "parties": [ { "type": "person", @@ -1075,6 +1070,7 @@ "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", @@ -1083,11 +1079,11 @@ "Topic :: Software Development :: Libraries" ], "homepage_url": "https://requests.readthedocs.io", - "download_url": "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", - "size": 64928, + "download_url": "https://files.pythonhosted.org/packages/7c/e4/56027c4a6b4ae70ca9de302488c5ca95ad4a39e190093d6c1a8ace08341b/requests-2.32.4-py3-none-any.whl", + "size": 64847, "sha1": null, - "md5": "83d50f7980b330c48f3bfe86372adcca", - "sha256": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", + "md5": "fa8fa331f951fbc5e62f3d3e683a77a4", + "sha256": "27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c", "sha512": null, "bug_tracking_url": null, "code_view_url": "https://github.com/psf/requests", @@ -1107,9 +1103,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/requests/2.32.3/json", + "api_data_url": "https://pypi.org/pypi/requests/2.32.4/json", "datasource_id": null, - "purl": "pkg:pypi/requests@2.32.3" + "purl": "pkg:pypi/requests@2.32.4" }, { "type": "pypi", @@ -1322,7 +1318,7 @@ { "package": "pkg:pypi/azure-core@1.33.0", "dependencies": [ - "pkg:pypi/requests@2.32.3", + "pkg:pypi/requests@2.32.4", "pkg:pypi/six@1.17.0", "pkg:pypi/typing-extensions@4.13.2" ] @@ -1337,13 +1333,13 @@ "package": "pkg:pypi/azure-storage-blob@12.25.1", "dependencies": [ "pkg:pypi/azure-core@1.33.0", - "pkg:pypi/cryptography@45.0.3", + "pkg:pypi/cryptography@45.0.4", "pkg:pypi/isodate@0.7.2", "pkg:pypi/typing-extensions@4.13.2" ] }, { - "package": "pkg:pypi/certifi@2025.4.26", + "package": "pkg:pypi/certifi@2025.6.15", "dependencies": [] }, { @@ -1361,7 +1357,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/cryptography@45.0.3", + "package": "pkg:pypi/cryptography@45.0.4", "dependencies": [ "pkg:pypi/cffi@1.17.1" ] @@ -1378,14 +1374,14 @@ "package": "pkg:pypi/msrest@0.7.1", "dependencies": [ "pkg:pypi/azure-core@1.33.0", - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/isodate@0.7.2", "pkg:pypi/requests-oauthlib@2.0.0", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/oauthlib@3.2.2", + "package": "pkg:pypi/oauthlib@3.3.1", "dependencies": [] }, { @@ -1395,14 +1391,14 @@ { "package": "pkg:pypi/requests-oauthlib@2.0.0", "dependencies": [ - "pkg:pypi/oauthlib@3.2.2", - "pkg:pypi/requests@2.32.3" + "pkg:pypi/oauthlib@3.3.1", + "pkg:pypi/requests@2.32.4" ] }, { - "package": "pkg:pypi/requests@2.32.3", + "package": "pkg:pypi/requests@2.32.4", "dependencies": [ - "pkg:pypi/certifi@2025.4.26", + "pkg:pypi/certifi@2025.6.15", "pkg:pypi/charset-normalizer@3.4.2", "pkg:pypi/idna@3.10", "pkg:pypi/urllib3@2.2.3" diff --git a/tests/data/example-requirements-ignore-errors-expected.json b/tests/data/example-requirements-ignore-errors-expected.json index 36f0b426..b46b6e7c 100644 --- a/tests/data/example-requirements-ignore-errors-expected.json +++ b/tests/data/example-requirements-ignore-errors-expected.json @@ -2,7 +2,6 @@ "headers": { "tool_name": "python-inspector", "tool_homepageurl": "https://github.com/aboutcode-org/python-inspector", - "tool_version": "0.13.0", "options": [ "--ignore-errors", "--index-url https://pypi.org/simple", @@ -356,12 +355,12 @@ "type": "pypi", "namespace": null, "name": "pygments", - "version": "2.19.1", + "version": "2.19.2", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "Pygments\n~~~~~~~~\n\nPygments is a syntax highlighting package written in Python.\n\nIt is a generic syntax highlighter suitable for use in code hosting, forums,\nwikis or other applications that need to prettify source code. Highlights\nare:\n\n* a wide range of over 500 languages and other text formats is supported\n* special attention is paid to details, increasing quality by a fair amount\n* support for new languages and formats are added easily\n* a number of output formats, presently HTML, LaTeX, RTF, SVG, all image\n formats that PIL supports and ANSI sequences\n* it is usable as a command-line tool and as a library\n\nCopyright 2006-2025 by the Pygments team, see ``AUTHORS``.\nLicensed under the BSD, see ``LICENSE`` for details.", - "release_date": "2025-01-06T17:26:25", + "release_date": "2025-06-21T13:39:07", "parties": [ { "type": "person", @@ -399,11 +398,11 @@ "Topic :: Utilities" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/8a/0b/9fcc47d19c48b59121088dd6da2488a49d5f72dacf8262e2790a1d2c7d15/pygments-2.19.1-py3-none-any.whl", - "size": 1225293, + "download_url": "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", + "size": 1225217, "sha1": null, - "md5": "794747e68f6a2c85e86a8a49e4abb285", - "sha256": "9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c", + "md5": "c6f882e4a4ffd8543f245d4f7ce0d7fa", + "sha256": "86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", "sha512": null, "bug_tracking_url": "https://github.com/pygments/pygments/issues", "code_view_url": "https://github.com/pygments/pygments", @@ -423,20 +422,20 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/pygments/2.19.1/json", + "api_data_url": "https://pypi.org/pypi/pygments/2.19.2/json", "datasource_id": null, - "purl": "pkg:pypi/pygments@2.19.1" + "purl": "pkg:pypi/pygments@2.19.2" }, { "type": "pypi", "namespace": null, "name": "pytest", - "version": "8.4.0", + "version": "8.4.1", "qualifiers": {}, "subpath": null, "primary_language": "Python", "description": "pytest: simple powerful testing with Python\n.. image:: https://github.com/pytest-dev/pytest/raw/main/doc/en/img/pytest_logo_curves.svg\n :target: https://docs.pytest.org/en/stable/\n :align: center\n :height: 200\n :alt: pytest\n\n\n------\n\n.. image:: https://img.shields.io/pypi/v/pytest.svg\n :target: https://pypi.org/project/pytest/\n\n.. image:: https://img.shields.io/conda/vn/conda-forge/pytest.svg\n :target: https://anaconda.org/conda-forge/pytest\n\n.. image:: https://img.shields.io/pypi/pyversions/pytest.svg\n :target: https://pypi.org/project/pytest/\n\n.. image:: https://codecov.io/gh/pytest-dev/pytest/branch/main/graph/badge.svg\n :target: https://codecov.io/gh/pytest-dev/pytest\n :alt: Code coverage Status\n\n.. image:: https://github.com/pytest-dev/pytest/actions/workflows/test.yml/badge.svg\n :target: https://github.com/pytest-dev/pytest/actions?query=workflow%3Atest\n\n.. image:: https://results.pre-commit.ci/badge/github/pytest-dev/pytest/main.svg\n :target: https://results.pre-commit.ci/latest/github/pytest-dev/pytest/main\n :alt: pre-commit.ci status\n\n.. image:: https://www.codetriage.com/pytest-dev/pytest/badges/users.svg\n :target: https://www.codetriage.com/pytest-dev/pytest\n\n.. image:: https://readthedocs.org/projects/pytest/badge/?version=latest\n :target: https://pytest.readthedocs.io/en/latest/?badge=latest\n :alt: Documentation Status\n\n.. image:: https://img.shields.io/badge/Discord-pytest--dev-blue\n :target: https://discord.com/invite/pytest-dev\n :alt: Discord\n\n.. image:: https://img.shields.io/badge/Libera%20chat-%23pytest-orange\n :target: https://web.libera.chat/#pytest\n :alt: Libera chat\n\n\nThe ``pytest`` framework makes it easy to write small tests, yet\nscales to support complex functional testing for applications and libraries.\n\nAn example of a simple test:\n\n.. code-block:: python\n\n # content of test_sample.py\n def inc(x):\n return x + 1\n\n\n def test_answer():\n assert inc(3) == 5\n\n\nTo execute it::\n\n $ pytest\n ============================= test session starts =============================\n collected 1 items\n\n test_sample.py F\n\n ================================== FAILURES ===================================\n _________________________________ test_answer _________________________________\n\n def test_answer():\n > assert inc(3) == 5\n E assert 4 == 5\n E + where 4 = inc(3)\n\n test_sample.py:5: AssertionError\n ========================== 1 failed in 0.04 seconds ===========================\n\n\nDue to ``pytest``'s detailed assertion introspection, only plain ``assert`` statements are used. See `getting-started `_ for more examples.\n\n\nFeatures\n--------\n\n- Detailed info on failing `assert statements `_ (no need to remember ``self.assert*`` names)\n\n- `Auto-discovery\n `_\n of test modules and functions\n\n- `Modular fixtures `_ for\n managing small or parametrized long-lived test resources\n\n- Can run `unittest `_ (or trial)\n test suites out of the box\n\n- Python 3.9+ or PyPy3\n\n- Rich plugin architecture, with over 1300+ `external plugins `_ and thriving community\n\n\nDocumentation\n-------------\n\nFor full documentation, including installation, tutorials and PDF documents, please see https://docs.pytest.org/en/stable/.\n\n\nBugs/Requests\n-------------\n\nPlease use the `GitHub issue tracker `_ to submit bugs or request features.\n\n\nChangelog\n---------\n\nConsult the `Changelog `__ page for fixes and enhancements of each version.\n\n\nSupport pytest\n--------------\n\n`Open Collective`_ is an online funding platform for open and transparent communities.\nIt provides tools to raise money and share your finances in full transparency.\n\nIt is the platform of choice for individuals and companies that want to make one-time or\nmonthly donations directly to the project.\n\nSee more details in the `pytest collective`_.\n\n.. _Open Collective: https://opencollective.com\n.. _pytest collective: https://opencollective.com/pytest\n\n\npytest for enterprise\n---------------------\n\nAvailable as part of the Tidelift Subscription.\n\nThe maintainers of pytest and thousands of other packages are working with Tidelift to deliver commercial support and\nmaintenance for the open source dependencies you use to build your applications.\nSave time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use.\n\n`Learn more. `_\n\nSecurity\n^^^^^^^^\n\npytest has never been associated with a security vulnerability, but in any case, to report a\nsecurity vulnerability please use the `Tidelift security contact `_.\nTidelift will coordinate the fix and disclosure.\n\n\nLicense\n-------\n\nCopyright Holger Krekel and others, 2004.\n\nDistributed under the terms of the `MIT`_ license, pytest is free and open source software.\n\n.. _`MIT`: https://github.com/pytest-dev/pytest/blob/main/LICENSE", - "release_date": "2025-06-02T17:36:27", + "release_date": "2025-06-18T05:48:03", "parties": [ { "type": "person", @@ -467,11 +466,11 @@ "Topic :: Utilities" ], "homepage_url": null, - "download_url": "https://files.pythonhosted.org/packages/2f/de/afa024cbe022b1b318a3d224125aa24939e99b4ff6f22e0ba639a2eaee47/pytest-8.4.0-py3-none-any.whl", - "size": 363797, + "download_url": "https://files.pythonhosted.org/packages/29/16/c8a903f4c4dffe7a12843191437d7cd8e32751d5de349d45d3fe69544e87/pytest-8.4.1-py3-none-any.whl", + "size": 365474, "sha1": null, - "md5": "e3ae70dc3edd90a392d9061ba2c8d6e6", - "sha256": "f40f825768ad76c0977cbacdf1fd37c6f7a468e460ea6a0636078f8972d4517e", + "md5": "6ad4ee79caee224776d07f155d91b7e7", + "sha256": "539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7", "sha512": null, "bug_tracking_url": "https://github.com/pytest-dev/pytest/issues", "code_view_url": "https://github.com/pytest-dev/pytest", @@ -491,9 +490,9 @@ "dependencies": [], "repository_homepage_url": null, "repository_download_url": null, - "api_data_url": "https://pypi.org/pypi/pytest/8.4.0/json", + "api_data_url": "https://pypi.org/pypi/pytest/8.4.1/json", "datasource_id": null, - "purl": "pkg:pypi/pytest@8.4.0" + "purl": "pkg:pypi/pytest@8.4.1" }, { "type": "pypi", @@ -649,17 +648,17 @@ "dependencies": [] }, { - "package": "pkg:pypi/pygments@2.19.1", + "package": "pkg:pypi/pygments@2.19.2", "dependencies": [] }, { - "package": "pkg:pypi/pytest@8.4.0", + "package": "pkg:pypi/pytest@8.4.1", "dependencies": [ "pkg:pypi/exceptiongroup@1.3.0", "pkg:pypi/iniconfig@2.1.0", "pkg:pypi/packaging@25.0", "pkg:pypi/pluggy@1.6.0", - "pkg:pypi/pygments@2.19.1", + "pkg:pypi/pygments@2.19.2", "pkg:pypi/tomli@2.2.1" ] }, diff --git a/tests/data/resolved_deps/autobahn-310-expected.json b/tests/data/resolved_deps/autobahn-310-expected.json index 088bac40..b1182fb2 100644 --- a/tests/data/resolved_deps/autobahn-310-expected.json +++ b/tests/data/resolved_deps/autobahn-310-expected.json @@ -6,7 +6,7 @@ "pkg:pypi/cryptography@43.0.3", "pkg:pypi/hyperlink@21.0.0", "pkg:pypi/setuptools@80.9.0", - "pkg:pypi/txaio@23.1.1" + "pkg:pypi/txaio@23.6.1" ] }, { @@ -40,7 +40,7 @@ "dependencies": [] }, { - "package": "pkg:pypi/txaio@23.1.1", + "package": "pkg:pypi/txaio@23.6.1", "dependencies": [] } ], @@ -52,6 +52,6 @@ "pkg:pypi/idna@3.10", "pkg:pypi/pycparser@2.22", "pkg:pypi/setuptools@80.9.0", - "pkg:pypi/txaio@23.1.1" + "pkg:pypi/txaio@23.6.1" ] ] \ No newline at end of file diff --git a/tests/data/resolved_deps/flask-39-expected.json b/tests/data/resolved_deps/flask-39-expected.json index d3345b2d..9be39ab6 100644 --- a/tests/data/resolved_deps/flask-39-expected.json +++ b/tests/data/resolved_deps/flask-39-expected.json @@ -17,7 +17,7 @@ { "package": "pkg:pypi/importlib-metadata@8.7.0", "dependencies": [ - "pkg:pypi/zipp@3.22.0" + "pkg:pypi/zipp@3.23.0" ] }, { @@ -41,7 +41,7 @@ ] }, { - "package": "pkg:pypi/zipp@3.22.0", + "package": "pkg:pypi/zipp@3.23.0", "dependencies": [] } ], @@ -53,6 +53,6 @@ "pkg:pypi/jinja2@3.1.6", "pkg:pypi/markupsafe@3.0.2", "pkg:pypi/werkzeug@3.1.3", - "pkg:pypi/zipp@3.22.0" + "pkg:pypi/zipp@3.23.0" ] ] \ No newline at end of file From fe74b59a0af40bd6a1bb322bb514dd95ea6dcfca Mon Sep 17 00:00:00 2001 From: Philippe Ombredanne Date: Fri, 27 Jun 2025 16:21:42 +0200 Subject: [PATCH 6/6] Clarify getting started and testing The README now has improved documentation to run tests and getting started. Signed-off-by: Philippe Ombredanne --- README.rst | 87 ++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 74 insertions(+), 13 deletions(-) diff --git a/README.rst b/README.rst index 999a7c59..f0efd8eb 100644 --- a/README.rst +++ b/README.rst @@ -2,10 +2,6 @@ python-inspector - inspect Python package dependencies and metadata ===================================================================== -Copyright (c) nexB Inc. and others. -SPDX-License-Identifier: Apache-2.0 -Homepage: https://github.com/aboutcode-org/python-inspector and https://www.aboutcode.org/ - ``python-inspector`` is a collection of utilities to: @@ -28,21 +24,21 @@ The goal of python-inspector is to be a comprehensive library that can handle every style of Python package layouts, manifests and lockfiles. -Testing --------- +SPDX-License-Identifier: Apache-2.0 -- Run the tests with:: +Copyright (c) AboutCode, nexB Inc. and others. - pytest -vvs - -- There are live tests to regenerate the tests with updated data run:: +Homepage: https://github.com/aboutcode-org/python-inspector and https://www.aboutcode.org/ - PYINSP_REGEN_TEST_FIXTURES=yes pytest -vvs Usage -------- -- Install with pip:: +- Install the stable release with pip from PyPI:: + + pip install python-inspector + +- Or install the latest with pip:: pip install git+https://github.com/aboutcode-org/python-inspector @@ -51,8 +47,71 @@ Usage python-inspector --help +Development +-------------- + +Run:: + + git clone https://github.com/aboutcode-org/python-inspector + +Create a virtual environment and install deps locally:: + + make dev + source venv/bin/activate + + +When in the virtual environment, run python-inspector from that clone:: + + python-inspector --help + + +Run tests:: + + make test + +Run code checks:: -Its companion libraries are: + make check + +Run code formatting:: + + make valie + +Check available make targets for further details + + + +More testing +------------------ + +- Run the tests with pytest:: + + pytest -vvs + +- Or run them faster using 12 cores :: + + pytest -vvs --numprocesses=12 + + +Regenerate test files +----------------------------- + +Some tests use live data from Pypi.org to run resolutions. When the package versions have +changed, the resolution can change and some of the tests fail. We have an environment variable +that regenerates the expected JSON result files when set. + +To regenerate expected test result files for the failed tests, use this command:: + + PYINSP_REGEN_TEST_FIXTURES=yes pytest -vvs --lf + +Then, carefully review the diff before committing the expected JSON test result files to validate +that the changes are OK and mostly affect small changes in resolved package versions. + + +Credits and dependencies +--------------------------- + +For info, python-inspector embeds or depends on these libraries: - ``pip-requirements-parser``, a mostly correct pip requirements parsing library extracted from pip. @@ -72,6 +131,8 @@ Its companion libraries are: - ``packageurl-python`` to use Package URL to reference Python packages +- ``scancode-toolkit`` for Python package manifest parsing. + Acknowledgements, Funding, Support and Sponsoring