Skip to content

fix(deps): update dependency caldav to v2 #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(deps): update dependency caldav to v2 #363

wants to merge 2 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 23, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
caldav (changelog) ==1.3.6 -> ==2.0.0 age adoption passing confidence

Release Notes

python-caldav/caldav (caldav)

v2.0.0

Compare Source

Here are the most important changes in 2.0:

  • Version 2.0 drops support for old python versions and replaces requests 2.x with niquests 3.x, a fork of requests.
  • Major overhaul of the documentation
  • Support for reading configuration from a config file or environmental variables - I didn't consider that to be within the scope of the caldav library, but why not - why should every application reinvent some configuration file format, and if an end-user have several applications based on python-caldav, why should he need to configure the caldav credentials explicitly for each of them?
  • New method davclient.principals() to search for other principals on the server - and from there it's possible to do calendar searches and probe what calendars one have access to. If the server will allow it.
Deprecated
  • calendar.date_search - use calendar.search instead. (this one has been deprecated for a while, but only with info-logging). This is almost a drop-in replacement, except for two caveats:
    • date_search does by default to recurrence-expansion when doing searches on closed time ranges. The default value is False in search (this gives better consistency - no surprise differences when changing between open-ended and closed-ended searches, but it's recommended to use expand=True when possible).
    • In calendar.search, split_expanded is set to True. This may matter if you have any special code for handling recurrences in your code. If not, probably the recurrences that used to be hidden will now be visible in your search results.
  • I introduced the possibility to set expand='server' and expand='client' in 1.x to force through expansion either at the server side or client side (and the default was to try server side with fallback to client side). The four possible values "True/False/client/server" does not look that good in my opinion so the two latter is now deprecated, a new parameter server_expand=True will force server-side expansion now (see also the Changes section)
  • The event.instance property currently yields a vobject. For quite many years people have asked for the python vobject library to be replaced with the python icalendar objects, but I haven't been able to do that due to backward compatibility. In version 2.0 deprecation warnings will be given whenever someone uses the event.instance property. In 3.0, perhaps event.instance will yield a icalendar instance. Old test code has been updated to use .vobject_instance instead of .instance.
  • davclient.auto_conn that was introduced just some days ago has already been renamed to davclient.get_davclient.
Added
Documentation and examples
Fixed
Changed
  • https://github.com/python-caldav/caldav/issues/477 / https://github.com/python-caldav/caldav/pull/527 - vobject has been removed from the dependency list. If you are using event.vobject_instance then you need to include the vobject dependency explicitly in your project.
  • The request library has been in a feature freeze for ages and may seem like a dead end. There exists a fork of the project niquests, we're migrating to that one. This means nothing except for one additional dependency. (httpx was also considered, but it's not a drop-in replacement for the requests library, and it's a risk that such a change will break compatibility with various other servers - see https://github.com/python-caldav/caldav/issues/457 for details). Work by @​ArtemIsmagilov, https://github.com/python-caldav/caldav/pull/455.
  • Expanded date searches (using either event.search(..., expand=True) or the deprecated event.date_search) will now by default do a client-side expand. This gives better consistency and probably improved performance, but makes 2.0 bug-incompatible with 1.x.
  • To force server-side expansion, a new parameter server_expand can be used
Removed

If you disagree with any of this, please raise an issue and I'll consider if it's possible to revert the change.

  • Support for python 3.7 and 3.8
  • Dependency on the requests library.
  • The calendar.build_date_search_query was ripped out. (it was deprecated for a while, but only with info-logging - however, this was an obscure internal method, probably not used by anyone?)
Changes in test framework

v1.6.0

Compare Source

This will be the last minor release before 2.0. The scheduling support has been fixed up a bit, and saving a single recurrence does what it should do, rather than messing up the whole series.

Fixed
  • Save single recurrence. I can't find any information in the RFCs on this, but all servers I've tested does the wrong thing - when saving a single recurrence (with RECURRENCE-ID set but without RRULE), then the original event (or task) will be overwritten (and the RRULE disappear), which is most likely not what one wants. New logic in place (with good test coverage) to ensure only the single instance is saved. Issue https://github.com/python-caldav/caldav/issues/379, pull request https://github.com/python-caldav/caldav/pull/500
  • Scheduling support. It was work in progress many years ago, but uncompleted work was eventually committed to the project. I managed to get a DAViCal test server up and running with three test accounts, ran through the tests, found quite some breakages, but managed to fix up. https://github.com/python-caldav/caldav/pull/497
Added
Refactoring and tests
Time spent and roadmap

Maintainer put down ten hours of effort for the 1.6-release. The estimate was 12 hours.

v1.5.0

Compare Source

Version 1.5 comes with support for alarms (searching for alarms if the server permits and easy interface for adding alamrs when creating events), lots of workarounds and fixes ensuring compatibility with various servers, refactored some code, and done some preparations for the upcoming server compatibility hints project.

Deprecated

Python 3.7 is no longer tested (dependency problems) - but it should work. Please file a bug report if it doesn't work. (Note that the caldav library pulls in many dependencies, and not all of them supports dead snakes).

Fixed
Changed
  • The tests/compatibility_issues.py has been moved to caldav/compatibility_hints.py, this to make it available for a caldav-server-tester-tool that I'm splitting off to a separate project/repository, and also to make https://github.com/python-caldav/caldav/issues/402 possible.
Refactoring
Documentation
Test framework
  • Radicale tests have been broken for a while, but now it's fixed ... and github will be running those tests as well. https://github.com/python-caldav/caldav/pull/480 plus commits directly to the main branch.
  • Python 3.13 is officially supported by github user @​ArtemIsmagilov in https://github.com/python-caldav/caldav/pull/454
  • Functional test framework has been refactored in https://github.com/python-caldav/caldav/pull/450
    • code for setting up and rigging down xandikos/radicale servers have been moved from tests/test_caldav.py to tests/conf.py. This allows for:
      • Adding code (including system calls or remote API calls) for Setting up and tearing down calendar servers in conf_private.py
      • Creating a local xandikos or radicale server in the tests.client-method, which is also used in the examples-section.
      • Allows offline testing of my upcoming check_server_compatibility-script
    • Also added the possibility to tag test servers with a name
  • Many changes done to the compatibility flag list (due to work on the server-checker project)
  • Functional tests for multiget in https://github.com/python-caldav/caldav/pull/489
Added
Time spent and roadmap

A roadmap was made in May 2025: https://github.com/python-caldav/caldav/issues/474 - the roadmap includes time estimates.

Since the roadmap was made, the maintainer has spent 39 hours working on the CalDAV project - this includes a bit of documentation, quite some communication, reading on the RFCs, code reviewing, but mostly just coding. This is above estimate due to new issues coming in.

v1.4.0

Compare Source

  • Lots of work lifting the project up to more modern standards and improving code, thanks to Georges Toth (github @​sim0nx), Matthias Urlichs (github @​smurfix) and @​ArtemIsmagilov. While this shouldn't matter for existing users, it will make the library more future-proof.
  • Quite long lists of fixes, improvements and some few changes, nothing big, main focus is on ensuring compatibility with as many server implementations as possible. See below.
Fixed
Changed
Added
Security

The debug information gathering hook has been in the limbo for a long time, due to security concerns:

  • An attacker that has access to alter the environment the application is running under may cause a DoS-attack, filling up available disk space with debug logging.
  • An attacker that has access to alter the environment the application is running under, and access to read files under /tmp (files being 0600 and owned by the uid the application is running under), will be able to read the communication between the server and the client, communication that may be private and confidential.

Thinking it through three times, I'm not too concerned - if someone has access to alter the environment the process is running under and access to read files run by the uid of the application, then this someone should already be trusted and will probably have the possibility to DoS the system or gather this communication through other means.

Credits

Georges Tooth, Крылов Александр, zhwei, Stefan Ollinger, Matthias Urlichs, ArtemIsmagilov, Tobias Brox has contributed directly with commits and pull requests included in this release. Many more has contributed through reporting issues and code snippets.

Test runs

Prior to release (commit 92de2e2), tests have been run successfully towards:

  • radicale (internal tests)
  • xandikos (internal tests)
  • ecloud.global (NextCloud) - with flags compatibility_issues.nextcloud + ['no_delete_calendar', 'unique_calendar_ids', 'rate_limited', 'broken_expand'] and with frequent manual "empty thrashcan"-operations in webui.
  • Zimbra
  • DAViCal
  • Posteo
  • Purelymail

v1.3.9

Compare Source

Some bugfixes.

Fixed

v1.3.8

Compare Source

Why do I never manage to do releases right ..

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jun 23, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants