Published 2021-06-29 by Seth Michael Larson
Reading time: 3 minutes
Subscribe for more content like this through the mailing list or RSS.
Fifth newsletter, commence! If you'd like to discuss this edition of our newsletter you can join our community Discord.
The urllib3 team is very grateful for all of our sponsors and supporters. If you'd like to support our team we have a GitHub Sponsors, GitCoin Grants, and Open Collective.
Notable updates to our sponsors include:
– GitCoin Grant Round 10 included urllib3 which has raised >$2000 so far! 🎉
– NewRelic started sponsoring our team on GitHub Sponsors 👏
David Lord who is known for his work on Flask, Jinja and other Pallets
projects worked on one of our v2.0 issues related to how we encode fields
into the URL. We wanted to modernize how urllib3 does things, you'd think that wouldn't be too tough... However it took a ton of time to unravel what urllib3 was doing
and why that had deviated from the current standard WHATWG HTML.
You can read all of the discussion and discoveries that went into untangling this pile of standard spaghetti and code archaeology.
The most exciting part of all this is that this is the first time we've paid a contributor who's not a part of our team to work on Open Source, woohoo! 🥳
If you're interested in getting paid to work on urllib3 v2.0 issues you can join our Discord or reach out to the team and we'll walk you through everything. We're also working on making issues which we're willing to pay for work much more visible.
We've released another patch for the urllib3 v1.26.x series.
This release included a few fixes for small bugs but also included a larger change in
deprecated the urllib3.contrib.ntlmpool module, more on that below.
Quentin has been working on migrating the downstream integration tests that are run before every urllib3 release from Travis which have been defunct for some time now to GitHub Actions. This will greatly reduce the amount of manual work required to release urllib3 and drastically reduce maintainer stress, thanks Quentin! 🙇
Quentin and I also did the release together this time around and we've created a complete checklist to make executing releases by other collaborators easier.
The urllib3.contrib.ntlmpool module will now unconditionally raise a DeprecationWarning pointing
users to a specific issue where we justify this change and
we'd like for users to comment
if they're actually relying on the module.
The module itself was contributed a long time ago and hasn't had many issues, pull requests, or maintenance and we actually don't have any test cases so we're not even sure how well it works anymore...
Given that NTLM has been deprecated for 10 years we'd like to remove the module in v2.0 but aren't sure if it should live somewhere else or if it should be deleted completely. Please let us know!
A security vulnerability was reported by Nariyoshi Chida in our URL parser. We coordinated with Nariyoshi and our Tidelift security contact to verify the vulnerability and provide a suitable fix for the issue and released v1.26.5 which included the fix.
Read the full GitHub Security Advisory for more information.
We've invited a few of our contributors to become collaborators on the project after consistent high-quality contributions. Welcome Bastian Venthur and Ran Benita! Thank you for everything you've done so far for urllib3 👏
We also had many first time contributors in the past month after a couple of tweets brought in a bunch of new faces. Thanks to everyone who contributed! If you're interested in getting started contributing to urllib3 we announce all the new "Contributor Friendly" issues in the community Discord.