Published 2021-12-29 by Seth Larson
Reading time: 3 minutes
Welcome to the 6th urllib3 newsletter, end of 2021 edition! If you'd like to discuss this edition of our newsletter you can join our community Discord.
This year we received so much support from many different places, people, and organizations. We enter the new year with $12,254.95 in OpenCollective available for distribution.
We're so thankful for everyone who contributed. Your support means we can fairly pay for people's time and expertise and ensure that PyPI's most downloaded package continues to be secure, up-to-date, and working towards the future of HTTP in Python.
This large amount of funding means our team is planning on setting up a span of full-time development to focus on closing out v2.0 in addition to continuing to pay contributors both from our team and the community to work on urllib3.
All of these amounts shown below are after fees from payment processing, Coinbase, OpenCollective fiscal hosting, and cryptocurrency gas fees. In short it's the value that’s available for our team to pay out to contributors. We funnel all of our funds to OpenCollective in order to make payment processing easy for as many individuals as possible.
Funds were paid out to the following individuals:
¹ Amount from GitCoin is only ETH, DAI, and USDC that were sold for USD. Other currencies that were donated have not been converted to USD yet to avoid paying fees on small amounts.
² Tidelift is paid directly to Seth Larson and Quentin Pradet and isn't subject to OpenCollective fees.
There were 5 new releases of urllib3 over the past year, two of which contained fixes for security issues CVE-2021-28363 and CVE-2021-33503. Hopefully you’re using the latest 1.26.7 release! We received 197 commits from 17 unique committers across the year. Thanks to everyone who contributed.
The v2.0 milestone on GitHub tracks our progress towards the v2.0 release of urllib3. This year our team closed 25 issues in the v2.0 milestone, leaving only 11 open issues remaining for a v2.0 release. We’re hopeful that the focus on paying for sustained development time in 2022 will mean a v2.0 release next year.
Even after v2.0 is released our team plans on continuing bug fix and security support for the v1.26.x release stream thanks to financial support from Tidelift.
Hasan Ramenzani spent a ton of time working on type hints for the v2.0 branch. This work spanned multiple months and included so many lessons learned and interesting situations that our team wrote a case study on the entire experience.
Quentin Pradet was paid to work 20 hours on urllib3 and once again proved the incredible return on investment that paid open source contributions can be. Over the course of 20 hours Quentin contributed many PRs to urllib3 which resulted in finding a bug in Python’s ssl module. Quentin submitted a bug report to Python which inspired a usability bug fix to OpenSSL. Not bad!
Seth spoke at PyCascades 2021 back in February about how the urllib3 team plans on shipping breaking changes in v2.0. You can watch the recording on Youtube.
Wow, you made it to the end!
If you're like me, you don't believe social media should be the way to get updates on the cool stuff your friends are up to. Instead, you should either follow my blog with the RSS reader of your choice or via my email newsletter for guaranteed article publication notifications.
If you really enjoyed a piece I would be grateful if you shared with a friend. If you have follow-up thoughts you can send them via email.
Thanks for reading!
— Seth