Bump mitmproxy from 0.11.1 to 8.0.0 in /mitmproxy-extension

[dependabot[bot]]

Bumps mitmproxy from 0.11.1 to 8.0.0.

Release notes

Sourced from mitmproxy's releases.

v8.0.0

Check out our release announcement blog post! 🎉

You can find the latest release packages at https://mitmproxy.org/downloads/.

v7.0.4

• Do not add a Content-Length header for chunked HTTP/1 messages (@​matthewhughes934)

You can find the latest release packages at https://mitmproxy.org/downloads/.

v7.0.3

• CVE-2021-39214: Fix request smuggling vulnerabilities reported by @​chinchila
• Expose TLS 1.0 as possible minimum version on older pyOpenSSL releases
• Fix compatibility with Python 3.10

You can find the latest release packages at https://mitmproxy.org/downloads/.

v7.0.2

• Fix a WebSocket crash introduced in 7.0.1 (@​mhils)

You can find the latest release packages at https://mitmproxy.org/downloads/.

v7.0.1

• Performance: Re-use OpenSSL contexts to enable TLS session resumption (@​mhils)
• Disable HTTP/2 CONNECT for Secure Web Proxies to fix compatibility with Firefox (@​mhils)
• Use local IP address as certificate subject if no other info is available (@​mhils)
• Make it possible to return multiple chunks for HTTP stream modification (@​mhils)
• Don't send WebSocket CONTINUATION frames when the peer does not send any (@​Pilphe)
• Fix HTTP stream modify example. (@​mhils)
• Fix a crash caused by no-op assignments to Server.address (@​SaladDais)
• Fix a crash when encountering invalid certificates (@​mhils)
• Fix a crash when pressing the Home/End keys in some screens (@​rbdixon)
• Fix a crash when reading corrupted flow dumps (@​mhils)
• Fix multiple crashes on flow export (@​mhils)
• Fix a bug where ASGI apps did not see the request body (@​mhils)
• Minor documentation improvements (@​mhils)

You can find the latest release packages at https://mitmproxy.org/downloads/.

v7.0.0

Check out our release announcement blog post! 🎉

You can find the latest release packages at https://mitmproxy.org/downloads/.

v6.0.2

This release fixes another bug in mitmweb's serialization process. All other tools are unaffected.

You can find the latest release packages at https://mitmproxy.org/downloads/.

... (truncated)

Changelog

Sourced from mitmproxy's changelog.

Release History

Unreleased: mitmproxy next

Major Changes

• Major improvements to the web interface (@​gorogoroumaru)
• Event hooks can now be async (@​nneonneo, #5106)
• New tls_{established,failed}_{client,server} event hooks to record negotiation success/failure (@​mhils, #4790)

Security Fixes

• CVE-2022-24766: Fix request smuggling vulnerability reported by @​zeyu2001 (@​mhils)

Full Changelog

• Support proxy authentication for SOCKS v5 mode (@​starplanet)
• Make it possible to ignore connections in the tls_clienthello event hook (@​mhils)
• fix some responses not being decoded properly if the encoding was uppercase (#4735, @​Mattwmaster58)
• Trigger event hooks for flows with semantically invalid requests, for example invalid content-length headers (@​mhils)
• Improve error message on TLS version mismatch (@​mhils)
• Windows: Switch to Python's default asyncio event loop, which increases the number of sockets that can be processed simultaneously (@​mhils)
• Add client_replay_concurrency option, which allows more than one client replay request to be in-flight at a time. (@​rbdixon)
• New content view which handles gRPC/protobuf. Allows to apply custom definitions to visualize different field decodings. Includes example addon which applies custom definitions for selected gRPC traffic (@​mame82)
• Fix a crash caused when editing string option (#4852, @​rbdixon)
• Base container image bumped to Debian 11 Bullseye (@​Kriechi)
• Upstream replays don't do CONNECT on plaintext HTTP requests (#4876, @​HoffmannP)
• Remove workarounds for old pyOpenSSL versions (#4831, @​KarlParkinson)
• Add fonts to asset filter (~a) (#4928, @​elespike)
• Fix bug that crashed when using view.flows.resolve (#4916, @​rbdixon)
• Fix a bug where running() is invoked twice on startup (#3584, @​mhils)
• Correct documentation example for User-Agent header modification (#4997, @​jamesyale)
• Fix random connection stalls (#5040, @​EndUser509)
• Add n new flow keybind to mitmweb (#5061, @​ianklatzco)
• Fix compatibility with BoringSSL (@​pmoulton)
• Added WebSocketMessage.injected flag (@​Prinzhorn)
• Add example addon for saving streamed data to individual files (@​EndUser509)
• Change connection event hooks to be blocking. Processing will only resume once the event hook has finished. (@​Prinzhorn)
• Reintroduce Flow.live, which signals if a flow belongs to a currently active connection. (#4207, @​mhils)
• Speculative fix for some rare HTTP/2 connection stalls (#5158, @​EndUser509)
• Add ability to specify custom ports with LDAP authentication (#5068, @​demonoidvk)
• Add support for rotating saved streams every hour or day (@​EndUser509)
• Console Improvements on Windows (@​mhils)
• Fix processing of --set options (#5067, @​marwinxxii)
• Lowercase user-added header names and emit a log message to notify the user when using HTTP/2 (#4746, @​mhils)

... (truncated)

Commits

• 7352811 bump to 8.0.0
• 41ebb24 update mitmweb assets
• b06fb6d security: reject whitespace in HTTP/1 header names
• 9243ba4 fix vt code detection on Windows
• 218c942 docker: use Python 3.10
• a95aed4 CI: use python 3.10 (#5195)
• a0e04a7 web: display WS/WSS as method
• 628d620 web: fix ~websocket filter
• e8ae38c Fixed encoding guessing: only search for meta tags in HTML bodies (#4566)
• a9283be improve self-connect error message (#5192)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dutzi/tamper/network/alerts).