RE: https://hachyderm.io/@github/116088660663888747
@quentinpradet and I can finally share that we participated in Session 3 of the GitHub Secure Open Source Fund. As part of this cohort, we focused on hardening the library's security, setting up a formal Security Policy, and auditing our repository settings.
Open source sustainability isn't just about features; it's about security.
Read more on the blog: https://volochii.dev/blog/github-secure-open-source-session/
I've finally launched my personal blog! 📝
To kick things off, my first post is the urllib3 2025 Annual Report. We discuss entering the "Billion-a-Month" club, our strengthened security posture, and the road to Python 3.14.
Check it out: https://volochii.dev/blog/urllib3-in-2025/
Welcome to the 2025 annual report for urllib3. I’m Illia, and this is my first time writing this update for the second most downloaded Python package. Long-time readers will recognize these reports from Seth Larson or Quentin Pradet, but this year I’m taking the baton to share what we’ve been up to. 2025 was a busy year defined by security hardening and future-proofing. We released 5 versions and merged over 100 pull requests, working to secure the library and prepare it for Python 3.14. For the first time ever, urllib3 was installed over 1 billion times per month consistently throughout the last quarter, signaling new levels of adoption for both the Python language and foundational open source libraries like urllib3.
APScheduler + requests 遇到 OSError: [Errno 24] Too many open files 的問題
#apscheduler #bug #code #collection #flask #gc #gunicorn #pypy #pypy3 #python #requests #source #urllib #urllib3 #workaround
I'm happy to announce that #urllib3 has a new lead maintainer: @illiav 👏 Illia has been contributing to urllib3 for over 3 years now and I'm confident will make a great lead of the project. I'll continue to maintain the project alongside my other co-maintainers @quentinpradet and @shazow
Hello urllib3 contributors and watchers, I've got some great news today! I've been the lead maintainer of urllib3 since July 3rd, 2019. In my opinion, one of the exceptional parts of urllib3 as a p...
I can't count how many times I've put import requests behind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has.
Splunk
Set up Splunk enterprise on local system and installed some attack data from here
But the ./bin/requirements.txt file is wrong .. so replace
#requests==2.25.1
requests==2.28.1
#urllib3==2.3.0
urllib3==1.26.12
Then edit the yaml file and this will import the dataset directly into Splunk..
It's here! The 2024 annual report for #urllib3, a relatively quiet year that included work on HTTP/2 and Web Assembly (WASM). We include our plans for Python 2 deprecation, please take a look. $3,300 worth of bounty issues exist today!
Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
This vulnerability has been assigned CVE-2024-37891.
For those not familiar with urllib3, it describes it's self as
a powerful, user-friendly HTTP client for Python
It is used by many projects and libraries, including the popular requests library.
https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
Illia Volochii
Gea-Suan Lin
Seth Larson
jan Anja();
NixFREAK -
Seth Larson
Begasus
iam-py-test