Skip to content

Bump niquests from 3.18.8 to 3.19.1#109

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/uv/develop/niquests-3.19.1
Closed

Bump niquests from 3.18.8 to 3.19.1#109
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/uv/develop/niquests-3.19.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps niquests from 3.18.8 to 3.19.1.

Release notes

Sourced from niquests's releases.

Version 3.19.1

3.19.1 (2026-06-08)

Fixed

  • Relative Location redirects no longer raise MissingSchema when the request targets a synthetic scheme such as wsgi:// or asgi://. (#406)

Version 3.19.0

3.19.0 (2026-06-01)

Added

  • Session and AsyncSession constructors now accept params, cookies, proxies, verify and cert so that per-request defaults can be configured at initialization, consistently with headers and auth. (#400) Ease forward the migration from httpx for interested users.
  • A plain http.cookiejar.CookieJar (or a mapping) provided as cookies is now coerced into a RequestsCookieJar. The Session/AsyncSession constructor always coerces (so session.cookies.set(...) works), while at the request level an unknown CookieJar subclass (e.g. MozillaCookieJar or any file-backed/custom jar) is left untouched to preserve its behavior. (#401, #404)
  • Support for the alternative TLS backend BoringSSL via the utls extra. Niquests now offer a first-class TLS browser impersonation without ever-changing your http client. It is automatically done (e.g. negotiated) once the extra is installed. You will need to keep it regularly updated so that you have the latest TLS specs of modern browsers.
  • Session and AsyncSession constructors now accept allow_incoming_cookies (defaults to True). Set it to False to ignore every cookie sent by the remote peer (via Set-Cookie) so that nothing is merged into the session jar, including cookies carried across redirect hops. Outgoing cookies you set yourself are still emitted.
  • Session.request/AsyncSession.request (and the verb shortcuts) now accept an override_scheme keyword argument. When a base_url is set on the Session, it override the scheme of the final (merged) URL just before the adapter is picked, so you can target a different scheme (e.g. sse, ws/wss, optionally with an implementation suffix like sse+unix) without retyping the full URL. (#325)

Changed

  • The cookies attribute of Session, AsyncSession and Response is now always typed as RequestsCookieJar instead of RequestsCookieJar | CookieJar. This restores the ergonomic mapping interface (e.g. session.cookies.set(...)) when using static type checkers. (#401, #404)

    This is not a runtime breaking change: reading .cookies is unchanged, and a native CookieJar is still accepted everywhere it is passed as an argument (it is coerced when relevant). We do, however, acknowledge a static-typing trade-off: assigning a custom/non-RequestsCookieJar jar directly to the attribute (e.g. session.cookies = MozillaCookieJar(...)) now makes type checkers such as mypy complain, since the attribute is annotated as RequestsCookieJar. The assignment keeps working at runtime; if you rely on it, add a # type: ignore. We chose narrowing on purpose the predominant path is that RequestsCookieJar is expected while subclasses (custom implementation) are a niche usage.

  • CaseInsensitiveDict is now generic over its key and value types (CaseInsensitiveDict[_KT, _VT], mirroring dict/Mapping), and Response.headers/Response.trailers are typed as CaseInsensitiveDict[str, str]. Reading a response header (e.g. response.headers["Content-Type"]) now yields str instead of str | bytes, removing the need for a cast/assert to use the headers

... (truncated)

Changelog

Sourced from niquests's changelog.

3.19.1 (2026-06-08)

Fixed

  • Relative Location redirects no longer raise MissingSchema when the request targets a synthetic scheme such as wsgi:// or asgi://. (#406)

3.19.0 (2026-06-01)

Added

  • Session and AsyncSession constructors now accept params, cookies, proxies, verify and cert so that per-request defaults can be configured at initialization, consistently with headers and auth. (#400) Ease forward the migration from httpx for interested users.
  • A plain http.cookiejar.CookieJar (or a mapping) provided as cookies is now coerced into a RequestsCookieJar. The Session/AsyncSession constructor always coerces (so session.cookies.set(...) works), while at the request level an unknown CookieJar subclass (e.g. MozillaCookieJar or any file-backed/custom jar) is left untouched to preserve its behavior. (#401, #404)
  • Support for the alternative TLS backend BoringSSL via the utls extra. Niquests now offer a first-class TLS browser impersonation without ever-changing your http client. It is automatically done (e.g. negotiated) once the extra is installed. You will need to keep it regularly updated so that you have the latest TLS specs of modern browsers.
  • Session and AsyncSession constructors now accept allow_incoming_cookies (defaults to True). Set it to False to ignore every cookie sent by the remote peer (via Set-Cookie) so that nothing is merged into the session jar, including cookies carried across redirect hops. Outgoing cookies you set yourself are still emitted.
  • Session.request/AsyncSession.request (and the verb shortcuts) now accept an override_scheme keyword argument. When a base_url is set on the Session, it override the scheme of the final (merged) URL just before the adapter is picked, so you can target a different scheme (e.g. sse, ws/wss, optionally with an implementation suffix like sse+unix) without retyping the full URL. (#325)

Changed

  • The cookies attribute of Session, AsyncSession and Response is now always typed as RequestsCookieJar instead of RequestsCookieJar | CookieJar. This restores the ergonomic mapping interface (e.g. session.cookies.set(...)) when using static type checkers. (#401, #404)

    This is not a runtime breaking change: reading .cookies is unchanged, and a native CookieJar is still accepted everywhere it is passed as an argument (it is coerced when relevant). We do, however, acknowledge a static-typing trade-off: assigning a custom/non-RequestsCookieJar jar directly to the attribute (e.g. session.cookies = MozillaCookieJar(...)) now makes type checkers such as mypy complain, since the attribute is annotated as RequestsCookieJar. The assignment keeps working at runtime; if you rely on it, add a # type: ignore. We chose narrowing on purpose the predominant path is that RequestsCookieJar is expected while subclasses (custom implementation) are a niche usage.

  • CaseInsensitiveDict is now generic over its key and value types (CaseInsensitiveDict[_KT, _VT], mirroring dict/Mapping), and Response.headers/Response.trailers are typed as CaseInsensitiveDict[str, str]. Reading a response header (e.g. response.headers["Content-Type"]) now yields str instead of str | bytes, removing the need for a cast/assert to use the headers as a plain string mapping with static type checkers. (#401)

... (truncated)

Commits
  • 9eb5c37 Release 3.19.1 (#408)
  • eb04341 chore: fix lint errors
  • 4451a08 chore: bump version to 3.19.1
  • ed651d5 fix: redirect with non-standard scheme (asgi/wsgi/...)
  • 5364100 Fix the default in allow_redirects param description of head() (#407)
  • 6dc75e9 Release 3.19 (#405)
  • beece24 Merge branch 'release-3.19' of github.com:jawah/niquests into release-3.19
  • b2b4b16 chore: set announcement banner to gh release page
  • 2243269 fix: avoid tampering with predefined headers with low-level BoringSSL ctx
  • 9907a18 Merge branch 'main' into release-3.19
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [niquests](https://github.com/jawah/niquests) from 3.18.8 to 3.19.1.
- [Release notes](https://github.com/jawah/niquests/releases)
- [Changelog](https://github.com/jawah/niquests/blob/main/HISTORY.md)
- [Commits](jawah/niquests@v3.18.8...v3.19.1)

---
updated-dependencies:
- dependency-name: niquests
  dependency-version: 3.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Updates or related to dependencies label Jun 15, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #111.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot dependabot Bot deleted the dependabot/uv/develop/niquests-3.19.1 branch July 6, 2026 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Updates or related to dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants