-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36797/#review92996
-----------------------------------------------------------

Ship it!


LGTM once the bot is happy.

- Bill Farner


On July 24, 2015, 9:38 p.m., Kevin Sweeney wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/36797/
> -----------------------------------------------------------
> 
> (Updated July 24, 2015, 9:38 p.m.)
> 
> 
> Review request for Aurora, Bill Farner and Brian Wickman.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Remove twitter.common.rpc dependency and upgrade requests.
> 
> requests changelog, including a CVE:
> 
> ```
> 2.7.0 (2015-05-03)
> This is the first release that follows our new release process. For more, see 
> [our 
> documentation](http://docs.python-requests.org/en/latest/community/release-process/).
> 
> Bugfixes
> 
> Updated urllib3 to 1.10.4, resolving several bugs involving chunked transfer 
> encoding and response framing.
> 2.6.2 (2015-04-23)
> Bugfixes
> 
> Fix regression where compressed data that was sent as chunked data was not 
> properly decompressed. (#2561)
> 2.6.1 (2015-04-22)
> Bugfixes
> 
> Remove VendorAlias import machinery introduced in v2.5.2.
> Simplify the PreparedRequest.prepare API: We no longer require the user to 
> pass an empty list to the hooks keyword argument. (c.f. #2552)
> Resolve redirects now receives and forwards all of the original arguments to 
> the adapter. (#2503)
> Handle UnicodeDecodeErrors when trying to deal with a unicode URL that cannot 
> be encoded in ASCII. (#2540)
> Populate the parsed path of the URI field when performing Digest 
> Authentication. (#2426)
> Copy a PreparedRequest’s CookieJar more reliably when it is not an instance 
> of RequestsCookieJar. (#2527)
> 2.6.0 (2015-03-14)
> Bugfixes
> 
> CVE-2015-2296: Fix handling of cookies on redirect. Previously a cookie 
> without a host value set would use the hostname for the redirected URL 
> exposing requests users to session fixation attacks and potentially cookie 
> stealing. This was disclosed privately by Matthew Daley of BugFuzz. This 
> affects all versions of requests from v2.1.0 to v2.5.3 (inclusive on both 
> ends).
> Fix error when requests is an install_requires dependency and python setup.py 
> test is run. (#2462)
> Fix error when urllib3 is unbundled and requests continues to use the 
> vendored import location.
> Include fixes to urllib3’s header handling.
> Requests’ handling of unvendored dependencies is now more restrictive.
> Features and Improvements
> 
> Support bytearrays when passed as parameters in the files argument. (#2468)
> Avoid data duplication when creating a request with str, bytes, or bytearray 
> input to the files argument.
> 2.5.3 (2015-02-24)
> Bugfixes
> 
> Revert changes to our vendored certificate bundle. For more context see 
> (#2455, #2456, and http://bugs.python.org/issue23476)
> 2.5.2 (2015-02-23)
> Features and Improvements
> 
> Add sha256 fingerprint support. (shazow/urllib3#540)
> Improve the performance of headers. (shazow/urllib3#544)
> Bugfixes
> 
> Copy pip’s import machinery. When downstream redistributors remove 
> requests.packages.urllib3 the import machinery will continue to let those 
> same symbols work. Example usage in requests’ documentation and 3rd-party 
> libraries relying on the vendored copies of urllib3 will work without having 
> to fallback to the system urllib3.
> Attempt to quote parts of the URL on redirect if unquoting and then quoting 
> fails. (#2356)
> Fix filename type check for multipart form-data uploads. (#2411)
> Properly handle the case where a server issuing digest authentication 
> challenges provides both auth and auth-int qop-values. (#2408)
> Fix a socket leak. (shazow/urllib3#549)
> Fix multiple Set-Cookie headers properly. (shazow/urllib3#534)
> Disable the built-in hostname verification. (shazow/urllib3#526)
> Fix the behaviour of decoding an exhausted stream. (shazow/urllib3#535)
> Security
> 
> Pulled in an updated cacert.pem.
> Drop RC4 from the default cipher list. (shazow/urllib3#551)
> 2.5.1 (2014-12-23)
> Behavioural Changes
> 
> Only catch HTTPErrors in raise_for_status (#2382)
> Bugfixes
> 
> Handle LocationParseError from urllib3 (#2344)
> Handle file-like object filenames that are not strings (#2379)
> Unbreak HTTPDigestAuth handler. Allow new nonces to be negotiated (#2389)
> 2.5.0 (2014-12-01)
> Improvements
> 
> Allow usage of urllib3’s Retry object with HTTPAdapters (#2216)
> The iter_lines method on a response now accepts a delimiter with which to 
> split the content (#2295)
> Behavioural Changes
> 
> Add deprecation warnings to functions in requests.utils that will be removed 
> in 3.0 (#2309)
> Sessions used by the functional API are always closed (#2326)
> Restrict requests to HTTP/1.1 and HTTP/1.0 (stop accepting HTTP/0.9) (#2323)
> Bugfixes
> 
> Only parse the URL once (#2353)
> Allow Content-Length header to always be overriden (#2332)
> Properly handle files in HTTPDigestAuth (#2333)
> Cap redirect_cache size to prevent memory abuse (#2299)
> Fix HTTPDigestAuth handling of redirects after authenticating successfully 
> (#2253)
> Fix crash with custom method parameter to Session.request (#2317)
> Fix how Link headers are parsed using the regular expression library (#2271)
> Documentation
> 
> Add more references for interlinking (#2348)
> Update CSS for theme (#2290)
> Update width of buttons and sidebar (#2289)
> Replace references of Gittip with Gratipay (#2282)
> Add link to changelog in sidebar (#2273)
> 2.4.3 (2014-10-06)
> Bugfixes
> 
> Unicode URL improvements for Python 2.
> Re-order JSON param for backwards compat.
> Automatically defrag authentication schemes from host/pass URIs. (#2249)
> 2.4.2 (2014-10-05)
> Improvements
> 
> FINALLY! Add json parameter for uploads! (#2258)
> Support for bytestring URLs on Python 3.x (#2238)
> Bugfixes
> 
> Avoid getting stuck in a loop (#2244)
> Multiple calls to iter* fail with unhelpful error. (#2240, #2241)
> Documentation
> 
> Correct redirection introduction (#2245)
> Added example of how to send multiple files in one request. (#2227)
> Clarify how to pass a custom set of CAs (#2248)
> 2.4.1 (2014-09-09)
> Now has a “security” package extras set, $ pip install requests[security]
> Requests will now use Certifi if it is available.
> Capture and re-raise urllib3 ProtocolError
> Bugfix for responses that attempt to redirect to themselves forever (wtf?).
> 2.4.0 (2014-08-29)
> Behavioral Changes
> 
> Connection: keep-alive header is now sent automatically.
> Improvements
> 
> Support for connect timeouts! Timeout now accepts a tuple (connect, read) 
> which is used to set individual connect and read timeouts.
> Allow copying of PreparedRequests without headers/cookies.
> Updated bundled urllib3 version.
> Refactored settings loading from environment – new 
> Session.merge_environment_settings.
> Handle socket errors in iter_content.
> ```
> 
> 
> Diffs
> -----
> 
>   3rdparty/python/requirements.txt 44217469a9583ec50233f34d54a32c105e6bab2c 
>   src/main/python/apache/aurora/client/api/BUILD 
> d71cc31b2bb86d1a7321e78cd7716a32ff47e47d 
> 
> Diff: https://reviews.apache.org/r/36797/diff/
> 
> 
> Testing
> -------
> 
> ./src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh
> 
> 
> Thanks,
> 
> Kevin Sweeney
> 
>

Reply via email to