An advanced facial recognition system designed for real-time identification using deep learning models and optimized vector search. Features include face detection, embedding generation, and scalable deployment options.
Apache License 2.0
12
stars
1
forks
source link
Bump the pip group across 1 directory with 13 updates #48
This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously
suppressed legitimate Truncated exceptions. This caused the stub
resolver to timeout instead of failing over to TCP when a legitimate
truncated response was received over UDP.
This release addresses the potential DoS issue discussed in the
"TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is
vulnerable to a potential DoS if a bad-in-some-way response from the
right address and port forged by an attacker arrives before a
legitimate one on the UDP port dnspython is using for that query. In
this situation, dnspython might switch to querying another resolver or
give up entirely, possibly denying service for that resolution. This
release addresses the issue by adopting the recommended mitigation,
which is ignoring the bad packets and continuing to listen for a
legitimate response until the timeout for the query has expired.
Thank you to all the contributors to this release, and, as usual,
thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian
Wellington.
This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.
Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.
dnspython 2.5.0
See the What's New page for a summary of this release.
Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.
The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from
failing over to TCP and causing the query to timeout #1053.
2.6.0
As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython
stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the
right address and port forged by an attacker arrives before a legitimate one on the
UDP port dnspython is using for that query.
This release addresses the issue by adopting the recommended mitigation, which is
ignoring the bad packets and continuing to listen for a legitimate response until
the timeout for the query has expired.
Added support for the NSID EDNS option.
Dnspython now looks for version metadata for optional packages and will not
use them if they are too old. This prevents possible exceptions when a
feature like DoH is not desired in dnspython, but an old httpx is installed
along with dnspython for some other purpose.
The DoHNameserver class now allows GET to be used instead of the default POST,
and also passes source and source_port correctly to the underlying query
methods.
2.5.0
Dnspython now uses hatchling for builds.
Asynchronous destinationless sockets now work on Windows.
Cython is no longer supported due to various typing issues.
Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.
Previously it was possible for non-canonical IPv6 forms to be stored
in a AAAA address, which would work correctly but possibly cause
problmes if the address were used as a key in a dictionary.
The number of messages in a section can be retrieved with
section_count().
Truncation preferences for messages can be specified.
The length of a message can be automatically prepended when
rendering.
⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.
✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.
📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.
📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.
📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.
📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.
✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.
Translations
🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.
🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.
Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown"
could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.
Issues Resolved
...............
See the PyMongo 4.6.2 release notes in JIRA_ for the list of resolved issues
in this release.
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Bugfixes
Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Bugfixes
Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
Hi there! :wave: Thanks for opening a PR. :tada: To get the most out of Senior Dev, please sign up in our Web App, connect your GitHub account, and add/join your organization Devasy Patel. After that, you will receive code reviews beginning on your next opened PR. :rocket:
Bumps the pip group with 13 updates in the / directory:
2023.11.17
2024.7.4
2.4.2
2.6.1
0.108.0
0.109.1
21.2.0
22.0.0
3.6
3.7
10.2.0
10.3.0
4.6.1
4.6.3
0.0.6
0.0.7
2.31.0
2.32.2
0.32.0.post1
0.36.2
4.66.1
4.66.3
2.1.0
2.2.2
3.17.0
3.19.1
Updates
certifi
from 2023.11.17 to 2024.7.4Commits
bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Updates
dnspython
from 2.4.2 to 2.6.1Release notes
Sourced from dnspython's releases.
Changelog
Sourced from dnspython's changelog.
... (truncated)
Commits
0a742b9
update CI0ea5ad0
The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)f12d398
2.6.1 version prepcecb853
Further improve CVE fix coverage to 100% for sync and async.7952e31
test IgnoreErrorse093299
For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.3af9f78
2.6.0 versioningca63d95
Require cryptography >=41 instead of 42.902cbf3
Create CODE_OF_CONDUCT.mded9795f
github contributing and pull request templateUpdates
fastapi
from 0.108.0 to 0.109.1Release notes
Sourced from fastapi's releases.
... (truncated)
Commits
7633d15
🔖 Release version 0.109.1a4de147
📝 Update release notes9d34ad0
Merge pull request from GHSA-qf9m-vfgh-m389ebf9723
📝 Update release notes8590d0c
👥 Update FastAPI People (#11074)063d7ff
📝 Update release notes3c81e62
🌐 Add Spanish translation fordocs/es/docs/external-links.md
(#10933)6c4a143
📝 Update release notesd254e2f
🌐 Update Korean translation fordocs/ko/docs/tutorial/first-steps.md
, `docs...6f6e786
📝 Update release notesUpdates
gunicorn
from 21.2.0 to 22.0.0Release notes
Sourced from gunicorn's releases.
Commits
f63d59e
bump to 22.04ac81e0
Merge pull request #3175 from e-kwsm/typo401cecf
Merge pull request #3179 from dhdaines/exclude-eventlet-03600243ec3
fix(deps): exclude eventlet 0.36.0628a0bc
chore: fix typos88fc4a4
Merge pull request #3131 from pajod/patch-py12-rebaseddeae2fc
CI: back off the agressive timeoutf470382
docs: promise 3.12 compat5e30bfa
add changelog to project.urls (updated for PEP621)481c3f9
remove setup.cfg - overridden by pyproject.tomlUpdates
idna
from 3.6 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1
Release v3.7c1b3154
Merge pull request #172 from kjd/optimize-contextj0394ec7
Merge branch 'master' into optimize-contextjcd58a23
Merge pull request #152 from elliotwutingfeng/dev5beb28b
More efficient resolution of joiner contexts1b12148
Update ossf/scorecard-action to v2.3.1d516b87
Update Github actions/checkout to v4c095c75
Merge branch 'master' into dev60a0a4c
Fix typo in GitHub Actions workflow key5918a0e
Merge branch 'master' into devUpdates
pillow
from 10.2.0 to 10.3.0Release notes
Sourced from pillow's releases.
... (truncated)
Changelog
Sourced from pillow's changelog.
... (truncated)
Commits
5c89d88
10.3.0 version bump63cbfcf
Update CHANGES.rst [ci skip]2776126
Merge pull request #7928 from python-pillow/lcmsaeb51cb
Merge branch 'main' into lcms5beb0b6
Update CHANGES.rst [ci skip]cac6ffa
Merge pull request #7927 from python-pillow/imagemathf5eeeac
Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated evalfacf3af
Added release notes2a93aba
Use strncpy to avoid buffer overflowa670597
Update CHANGES.rst [ci skip]Updates
pymongo
from 4.6.1 to 4.6.3Release notes
Sourced from pymongo's releases.
Changelog
Sourced from pymongo's changelog.
Commits
8da192f
BUMP 4.6.356b6b6d
PYTHON-4305 Fix bson size check (#1564)449d0f3
BUMP to 4.6.3.dev0e04576d
DEVPROD-3871 Use teardown_task when there is one function/command (#1533)cf1c6a1
PYTHON-4219 Prep for 4.6.2 Release (#1530)d29b2b7
PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (#1...0477b9b
PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (#1527)ecad17d
BUMP 4.6.2.dev0Updates
python-multipart
from 0.0.6 to 0.0.7Changelog
Sourced from python-multipart's changelog.
Commits
c83e6da
Version 0.0.7 (#77)fb7d3c9
Bump pygments from 2.7.4 to 2.15.0 (#66)20f0ef6
♻️ Refactor header option parser to use the standard library instead of a cus...d3d16da
Use latest invoke version (2.2.0) (#73)8e59feb
Use single quotes to avoid special zsh chars '[' and ']' (#71)86d422c
Update changelog URL (#68)3929f8e
Move tests folder to root folder (#61)Updates
requests
from 2.31.0 to 2.32.2Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_context970e8ce
v2.32.1d6ebc4a
v2.32.09a40d12
Avoid reloading root certificates to improve concurrent performance (#6667)0c030f7
Merge pull request #6702 from nateprewitt/no_char_detection555b870
Allow character detection dependencies to be optional in post-packaging stepsd6dded3
Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-testUpdates
starlette
from 0.32.0.post1 to 0.36.2Release notes
Sourced from starlette's releases.
... (truncated)
Changelog
Sourced from starlette's changelog.
... (truncated)
Commits
04a7d9d
Version 0.36.2 (#2456)13e5c26
Merge pull request from GHSA-93gm-qmq6-w238b8eebef
Avoid duplicate charset onContent-Type
(#2443)Hi there! :wave: Thanks for opening a PR. :tada: To get the most out of Senior Dev, please sign up in our Web App, connect your GitHub account, and add/join your organization Devasy Patel. After that, you will receive code reviews beginning on your next opened PR. :rocket: