Improvements
- Added support for the ALL_PROXY environment variable.
- Reject header values that contain leading whitespace or newline characters to
reduce risk of header smuggling.
Bugfixes
- Fixed occasional TypeError when attempting to decode a JSON response that
occurred in an error case. Now correctly returns a ValueError.
- Requests would incorrectly ignore a non-CIDR IP address in the NO_PROXY
environment variables: Requests now treats it as a specific IP.
- Fixed a bug when sending JSON data that could cause us to encounter obscure
OpenSSL errors in certain network conditions (yes, really).
- Added type checks to ensure that iter_content only accepts integers and None
for chunk sizes.
- Fixed issue where responses whose body had not been fully consumed would have
the underlying connection closed but not returned to the connection pool,
which could cause Requests to hang in situations where the HTTPAdapter had
been configured to use a blocking connection pool.
Miscellaneous
- Updated bundled urllib3 to 1.16.
- Some previous releases accidentally accepted integers as acceptable header
values. This release does not.
While this makes things a little more complicated and means we'll need to use
`-r` to recreate tox environments, it has several advantages:
- Full support from requires.io (including PRs)
- Workaround for https://bitbucket.org/hpk42/tox/issues/332/ so we can update
virtualenv/pip
