CONTRIBUTING.md → .github/CONTRIBUTING.md

@@ -3,8 +3,8 @@
 Before opening any issues or proposing any pull requests, please do the
 following:
 
-1. Read our [Contributor's Guide](http://docs.python-requests.org/en/latest/dev/contributing/).
-2. Understand our [development philosophy](http://docs.python-requests.org/en/latest/dev/philosophy/).
+1. Read our [Contributor's Guide](https://requests.readthedocs.io/en/latest/dev/contributing/).
+2. Understand our [development philosophy](https://requests.readthedocs.io/en/latest/dev/philosophy/).
 
 To get the greatest chance of helpful responses, please also observe the
 following additional notes.

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://www.python.org/psf/forms/sponsor-application/']

.github/SECURITY.md

@@ -0,0 +1,93 @@
+# Vulnerability Disclosure
+
+![](https://farm5.staticflickr.com/4211/34709353644_b041e9e1c2_k_d.jpg)
+
+If you think you have found a potential security vulnerability in
+requests, please email
+`sigmavirus24 <mailto:graffatcolmingov@gmail.com>`\_ and
+`Nate <mailto:nate.prewitt@gmail.com>`\_ directly. **Do not file a
+public issue.**
+
+Our PGP Key fingerprints are:
+
+-   0161 BB7E B208 B5E0 4FDC 9F81 D9DA 0A04 9113 F853 (@sigmavirus24)
+
+-   8722 7E29 AD9C FF5C FAC3 EA6A 44D3 FF97 B80D C864 (@nateprewitt)
+
+If English is not your first language, please try to describe the
+problem and its impact to the best of your ability. For greater detail,
+please use your native language and we will try our best to translate it
+using online services.
+
+Please also include the code you used to find the problem and the
+shortest amount of code necessary to reproduce it.
+
+Please do not disclose this to anyone else. We will retrieve a CVE
+identifier if necessary and give you full credit under whatever name or
+alias you provide. We will only request an identifier when we have a fix
+and can publish it in a release.
+
+We will respect your privacy and will only publicize your involvement if
+you grant us permission.
+
+## Process
+
+This following information discusses the process the requests project
+follows in response to vulnerability disclosures. If you are disclosing
+a vulnerability, this section of the documentation lets you know how we
+will respond to your disclosure.
+
+### Timeline
+
+When you report an issue, one of the project members will respond to you
+within two days *at the outside*. In most cases responses will be
+faster, usually within 12 hours. This initial response will at the very
+least confirm receipt of the report.
+
+If we were able to rapidly reproduce the issue, the initial response
+will also contain confirmation of the issue. If we are not, we will
+often ask for more information about the reproduction scenario.
+
+Our goal is to have a fix for any vulnerability released within two
+weeks of the initial disclosure. This may potentially involve shipping
+an interim release that simply disables function while a more mature fix
+can be prepared, but will in the vast majority of cases mean shipping a
+complete release as soon as possible.
+
+Throughout the fix process we will keep you up to speed with how the fix
+is progressing. Once the fix is prepared, we will notify you that we
+believe we have a fix. Often we will ask you to confirm the fix resolves
+the problem in your environment, especially if we are not confident of
+our reproduction scenario.
+
+At this point, we will prepare for the release. We will obtain a CVE
+number if one is required, providing you with full credit for the
+discovery. We will also decide on a planned release date, and let you
+know when it is. This release date will *always* be on a weekday.
+
+At this point we will reach out to our major downstream packagers to
+notify them of an impending security-related patch so they can make
+arrangements. In addition, these packagers will be provided with the
+intended patch ahead of time, to ensure that they are able to promptly
+release their downstream packages. Currently the list of people we
+actively contact *ahead of a public release* is:
+
+-   Jeremy Cline, Red Hat (@jeremycline)
+-   Daniele Tricoli, Debian (@eriol)
+
+We will notify these individuals at least a week ahead of our planned
+release date to ensure that they have sufficient time to prepare. If you
+believe you should be on this list, please let one of the maintainers
+know at one of the email addresses at the top of this article.
+
+On release day, we will push the patch to our public repository, along
+with an updated changelog that describes the issue and credits you. We
+will then issue a PyPI release containing the patch.
+
+At this point, we will publicise the release. This will involve mails to
+mailing lists, Tweets, and all other communication mechanisms available
+to the core team.
+
+We will also explicitly mention which commits contain the fix to make it
+easier for other distributors and users to easily patch their own
+versions of requests if upgrading is not an option.

.gitignore

@@ -14,6 +14,12 @@ requests.egg-info/
 *.swp
 *.egg
 env/
+.venv/
+.eggs/
+.tox/
+.pytest_cache/
+.vscode/
+.eggs/
 
 .workon
 

.travis.yml

@@ -3,33 +3,24 @@ language: python
 install: "make"
 # command to run tests
 script:
-  - |
-    make test-readme
+  - make test-readme
   - make ci
 cache: pip
 jobs:
   include:
     - stage: test
-      script:
-        - make test-readme
-        - make ci
       python: '2.7'
     - stage: test
-      script:
-        - make test-readme
-        - make ci
       python: '3.5'
     - stage: test
-      script:
-        - make test-readme
-        - make ci
       python: '3.6'
     - stage: test
-      script:
-        - make test-readme
-        - make ci
-      python: '3.7'
-      dist: xenial   
+      python: '3.7' 
+    - stage: test
+      python: 'pypy3'
+      dist: xenial
+    - stage: test
+      python: '3.8'
     - stage: coverage
       python: '3.6'
       script: codecov

AUTHORS.rst

@@ -1,16 +1,14 @@
-Requests is written and maintained by Kenneth Reitz and
-various contributors:
+Requests was lovingly created by Kenneth Reitz.
 
 Keepers of the Crystals
 ```````````````````````
 
-- Kenneth Reitz <me@kennethreitz.org> `@kennethreitz <https://github.com/kennethreitz>`_, Keeper of the Master Crystal.
 - Ian Cordasco <graffatcolmingov@gmail.com> `@sigmavirus24 <https://github.com/sigmavirus24>`_.
 - Nate Prewitt <nate.prewitt@gmail.com> `@nateprewitt <https://github.com/nateprewitt>`_.
 
 Previous Keepers of Crystals
 ````````````````````````````
-
+- Kenneth Reitz <me@kennethreitz.org> `@kennethreitz <https://github.com/kennethreitz>`_, reluctant Keeper of the Master Crystal.
 - Cory Benfield <cory@lukasa.co.uk> `@lukasa <https://github.com/lukasa>`_
 
 
@@ -189,3 +187,5 @@ Patches and Suggestions
 - Darren Dormer (`@ddormer <https://github.com/ddormer>`_)
 - Rajiv Mayani (`@mayani <https://github.com/mayani>`_)
 - Antti Kaihola (`@akaihola <https://github.com/akaihola>`_)
+- "Dull Bananas" <dull.bananas0@gmail.com> (`@dullbananas <https://github.com/dullbananas>`_)
+- Alessio Izzo (`@aless10 <https://github.com/aless10>`_)

HISTORY.md

@@ -8,6 +8,22 @@ dev
 
 -   \[Short description of non-trivial change.\]
 
+2.23.0 (2020-02-19)
+-------------------
+
+**Improvements**
+
+- Remove defunct reference to `prefetch` in Session `__attrs__` (#5110)
+
+**Bugfixes**
+
+- Requests no longer outputs password in basic auth usage warning. (#5099)
+
+**Dependencies**
+
+- Pinning for `chardet` and `idna` now uses major version instead of minor.
+  This hopefully reduces the need for releases everytime a dependency is updated.
+
 2.22.0 (2019-05-15)
 -------------------
 
@@ -549,7 +565,7 @@ Or, even better:
 
 **Bugfixes**
 
--   For file-like objects that are not seeked to the very beginning, we
+-   For file-like objects that are not sought to the very beginning, we
     now send the content length for the number of bytes we will actually
     read, rather than the total size of the file, allowing partial file
     uploads.
@@ -629,7 +645,7 @@ Or, even better:
 
 This is the first release that follows our new release process. For
 more, see [our
-documentation](http://docs.python-requests.org/en/latest/community/release-process/).
+documentation](https://requests.readthedocs.io/en/latest/community/release-process/).
 
 **Bugfixes**
 
@@ -793,34 +809,34 @@ documentation](http://docs.python-requests.org/en/latest/community/release-proce
 -   Unicode URL improvements for Python 2.
 -   Re-order JSON param for backwards compat.
 -   Automatically defrag authentication schemes from host/pass URIs.
-    ([\#2249](https://github.com/requests/requests/issues/2249))
+    ([\#2249](https://github.com/psf/requests/issues/2249))
 
 2.4.2 (2014-10-05)
 ------------------
 
 **Improvements**
 
 -   FINALLY! Add json parameter for uploads!
-    ([\#2258](https://github.com/requests/requests/pull/2258))
+    ([\#2258](https://github.com/psf/requests/pull/2258))
 -   Support for bytestring URLs on Python 3.x
-    ([\#2238](https://github.com/requests/requests/pull/2238))
+    ([\#2238](https://github.com/psf/requests/pull/2238))
 
 **Bugfixes**
 
 -   Avoid getting stuck in a loop
-    ([\#2244](https://github.com/requests/requests/pull/2244))
+    ([\#2244](https://github.com/psf/requests/pull/2244))
 -   Multiple calls to iter\* fail with unhelpful error.
-    ([\#2240](https://github.com/requests/requests/issues/2240),
-    [\#2241](https://github.com/requests/requests/issues/2241))
+    ([\#2240](https://github.com/psf/requests/issues/2240),
+    [\#2241](https://github.com/psf/requests/issues/2241))
 
 **Documentation**
 
 -   Correct redirection introduction
-    ([\#2245](https://github.com/requests/requests/pull/2245/))
+    ([\#2245](https://github.com/psf/requests/pull/2245/))
 -   Added example of how to send multiple files in one request.
-    ([\#2227](https://github.com/requests/requests/pull/2227/))
+    ([\#2227](https://github.com/psf/requests/pull/2227/))
 -   Clarify how to pass a custom set of CAs
-    ([\#2248](https://github.com/requests/requests/pull/2248/))
+    ([\#2248](https://github.com/psf/requests/pull/2248/))
 
 2.4.1 (2014-09-09)
 ------------------

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2018 Kenneth Reitz
+Copyright 2019 Kenneth Reitz
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Pipfile

@@ -4,21 +4,22 @@ verify_ssl = true
 name = "pypi"
 
 [dev-packages]
-pytest = ">=2.8.0,<=3.10.1"
+alabaster = "*"
 codecov = "*"
+docutils = "*"
+detox = "*"
+"flake8" = "*"
+httpbin = ">=0.7.0"
+more-itertools = "<6.0"
+pysocks = "*"
+pytest = ">=2.8.0,<=3.10.1"
 pytest-httpbin = ">=0.0.7,<1.0"
 pytest-mock = "*"
 pytest-cov = "*"
 pytest-xdist = "<=1.25"
-alabaster = "*"
 readme-renderer = "*"
 sphinx = "<=1.5.5"
-pysocks = "*"
-docutils = "*"
-"flake8" = "*"
 tox = "*"
-detox = "*"
-httpbin = ">=0.7.0"
 
 [packages]
-"e1839a8" = {path = ".", editable = true, extras = ["socks"]}
+"requests" = {path = ".", editable = true, extras = ["socks"]}