search

freedomofpress / securedrop-workstation-docs

User documentation for the SecureDrop Workstation
https://workstation.securedrop.org/
GNU Affero General Public License v3.0
5 stars 4 forks source link

Bump the dependencies group across 1 directory with 11 updates #270

Closed dependabot[bot] closed 3 days ago

dependabot[bot] commented 5 days ago

Bumps the dependencies group with 11 updates in the / directory:

Package From To
sphinx-autobuild 2024.4.16 2024.10.3
sphinx-rtd-theme 2.0.0 3.0.1
anyio 4.4.0 4.6.2
charset-normalizer 3.3.2 3.4.0
docutils 0.20.1 0.21.2
idna 3.8 3.10
markupsafe 2.1.5 3.0.1
starlette 0.38.4 0.39.2
urllib3 2.2.2 2.2.3
uvicorn 0.30.6 0.31.1
websockets 13.0.1 13.1

Updates sphinx-autobuild from 2024.4.16 to 2024.10.3

Release notes

Sourced from sphinx-autobuild's releases.

Release 2024.10.03

2024.10.03

Release 2024.10.02

2024.10.02

Release 2024.09.19

2024.09.19

Release 2024.09.18

2024.09.18

Release 2024.09.17

2024.09.17

Release 2024.09.03

2024.09.03

Changelog

Sourced from sphinx-autobuild's changelog.

Changelog

unreleased

2024.10.03 - 2024-10-03

  • Improve error handling for failures in pre-build commands.

2024.10.02 - 2024-10-02

  • Show the changed paths that triggered the rebuild.

2024.09.19 - 2024-09-19

  • Fix path filtering on Windows by normalising path separators.
  • Filter various directories by default (.git, venv, etc).
  • Serve the correct directory when using make mode (-M).

2024.09.18 - 2024-09-18

  • Run Sphinx through the Python entry point rather than the binary on PATH.

2024.09.17 - 2024-09-17

  • Relax checks for paths that aren't required to exist.

2024.09.03 - 2024-09-03

  • Fix support for Python 3.9.
  • Fix running sphinx-autobuild via entry point scripts.
  • Run sphinx-build in a subprocess to mitigate autdoc issues.
  • Support the -M 'make mode' option for sphinx-build.

2024.04.16 - 2024-04-16

  • Add a missing dependency on watchfiles.
  • Adopt Ruff in place of flake8 and black.

2024.04.13 - 2024-04-13

... (truncated)

Commits
  • 86e2f37 Release 2024.10.03
  • 1771311 Improve handling for errors in pre-build commands (#181)
  • 5eedf72 Release 2024.10.02
  • 1743a43 Show which paths changed when rebuilding
  • 028cf60 Add missing from __future__ import annotations imports
  • f3146c1 Use -m sphinx build if supported
  • 49457de fixup! Fix path filtering on Windows
  • 2e4e6f7 Split show() into show_message() and show_command()
  • 829ec71 Restrict the release workflow to the @​sphinx-doc organisation
  • 4552a5f Release 2024.09.19
  • Additional commits viewable in compare view


Updates sphinx-rtd-theme from 2.0.0 to 3.0.1

Changelog

Sourced from sphinx-rtd-theme's changelog.

3.0.1

  • Use black color for text in selectors.

.. _release-3.0.0:

3.0.0

Final version.

.. _release-3.0.0rc4:

3.0.0rc4

Fixes

  • Trigger "Read the Docs Search addon" when focusing the "Search docs" input in the navbar.

.. _release-3.0.0rc3:

3.0.0rc3

Fixes

  • Show hidden version in selector if it's the current active version

.. _release-3.0.0rc2:

3.0.0rc2

Added

  • Render version and language selectors below the documentation's title (top left). This can be controlled via the new theme options version_selector and language_selector.

.. _release-3.0.0rc1:

3.0.0rc1

Added

... (truncated)

Commits


Updates anyio from 4.4.0 to 4.6.2

Release notes

Sourced from anyio's releases.

4.6.2

  • Fixed regression caused by (#807) that prevented the use of parametrized async fixtures

4.6.1

This release contains all the changes from both v4.5.1 and v4.6.0, plus:

  • Fixed TaskGroup and CancelScope producing cyclic references in tracebacks when raising exceptions (#806) (PR by @​graingert)

4.6.0

  • Dropped support for Python 3.8 (as #698 cannot be resolved without cancel message support)
  • Fixed 100% CPU use on asyncio while waiting for an exiting task group to finish while said task group is within a cancelled cancel scope (#695)
  • Fixed cancel scopes on asyncio not propagating CancelledError on exit when the enclosing cancel scope has been effectively cancelled (#698)
  • Fixed asyncio task groups not yielding control to the event loop at exit if there were no child tasks to wait on
  • Fixed inconsistent task uncancellation with asyncio cancel scopes belonging to a task group when said task group has child tasks running

4.5.2

  • Fixed regression caused by (#807) that prevented the use of parametrized async fixtures.

4.5.1

As Python 3.8 support was dropped in v4.6.0, this interim release was created to bring a regression fix to Python 3.8, and adds a few other fixes also present in v4.6.1.

  • Fixed acquring a lock twice in the same task on asyncio hanging instead of raising a RuntimeError (#798)
  • Fixed an async fixture's self being different than the test's self in class-based tests (#633) (PR by @​agronholm and @​graingert)
  • Fixed TypeError with TLSStream on Windows when a certificate verification error occurs when using a truststore SSL certificate (#795)
  • Corrected documentation on anyio.Path regarding the limitations imposed by the current Python version on several of its methods, and made the is_junction method unavailable on Python versions earlier than 3.12 (#794)

4.5.0

  • Improved the performance of anyio.Lock and anyio.Semaphore on asyncio (even up to 50 %)
  • Added the fast_acquire parameter to anyio.Lock and anyio.Semaphore to further boost performance at the expense of safety (acquire() will not yield control back if there is no contention)
  • Added support for the from_uri(), full_match(), parser methods/properties in anyio.Path, newly added in Python 3.13 (#737)
  • Added support for more keyword arguments for run_process() and open_process(): startupinfo, creationflags, pass_fds, user, group, extra_groups and umask (#742)
  • Improved the type annotations and support for PathLike in run_process() and open_process() to allow for path-like arguments, just like subprocess.Popen
  • Changed the ResourceWarning from an unclosed memory object stream to include its address for easier identification
  • Changed start_blocking_portal() to always use daemonic threads, to accommodate the "loitering event loop" use case
  • Bumped the minimum version of Trio to v0.26.1
  • Fixed __repr__() of MemoryObjectItemReceiver, when item is not defined (#767; PR by @​Danipulok)
  • Fixed to_process.run_sync() failing to initialize if __main__.__file__ pointed to a file in a nonexistent directory (#696)
  • Fixed AssertionError: feed_data after feed_eof on asyncio when a subprocess is closed early, before its output has been read (#490)
  • Fixed TaskInfo.has_pending_cancellation() on asyncio not respecting shielded scopes (#771; PR by @​gschaffner)
  • Fixed SocketStream.receive() returning bytearray instead of bytes when using asyncio with ProactorEventLoop (Windows) (#776)
  • Fixed quitting the debugger in a pytest test session while in an active task group failing the test instead of exiting the test session (because the exit exception arrives in an exception group)
  • Fixed support for Linux abstract namespaces in UNIX sockets that was broken in v4.2 (#781; PR by @​tapetersen)
  • Fixed KeyboardInterrupt (ctrl+c) hanging the asyncio pytest runner
Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.6.2

  • Fixed regression caused by ([#807](https://github.com/agronholm/anyio/issues/807) <https://github.com/agronholm/anyio/pull/807>_) that prevented the use of parametrized async fixtures

4.6.1

This release contains all the changes from both v4.5.1 and v4.6.0, plus:

  • Fixed TaskGroup and CancelScope producing cyclic references in tracebacks when raising exceptions ([#806](https://github.com/agronholm/anyio/issues/806) <https://github.com/agronholm/anyio/pull/806>_) (PR by @​graingert)

4.6.0

This release is the successor to v4.5.0 with Python 3.8 support dropped, and does not contain the changes from v4.5.1.

  • Dropped support for Python 3.8 (as [#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_ cannot be resolved without cancel message support)
  • Fixed 100% CPU use on asyncio while waiting for an exiting task group to finish while said task group is within a cancelled cancel scope ([#695](https://github.com/agronholm/anyio/issues/695) <https://github.com/agronholm/anyio/issues/695>_)
  • Fixed cancel scopes on asyncio not propagating CancelledError on exit when the enclosing cancel scope has been effectively cancelled ([#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_)
  • Fixed asyncio task groups not yielding control to the event loop at exit if there were no child tasks to wait on
  • Fixed inconsistent task uncancellation with asyncio cancel scopes belonging to a task group when said task group has child tasks running

4.5.1

As Python 3.8 support was dropped in v4.6.0, this interim release was created to bring a regression fix to Python 3.8, and adds a few other fixes also present in v4.6.1.

  • Fixed acquring a lock twice in the same task on asyncio hanging instead of raising a RuntimeError ([#798](https://github.com/agronholm/anyio/issues/798) <https://github.com/agronholm/anyio/issues/798>_)
  • Fixed an async fixture's self being different than the test's self in class-based tests ([#633](https://github.com/agronholm/anyio/issues/633) <https://github.com/agronholm/anyio/issues/633>_) (PR by @​agronholm and @​graingert)
  • Fixed TypeError with TLSStream on Windows when a certificate verification error occurs when using a truststore <https://github.com/sethmlarson/truststore>_ SSL certificate ([#795](https://github.com/agronholm/anyio/issues/795) <https://github.com/agronholm/anyio/issues/795>_)

... (truncated)

Commits
  • 5861355 Bumped up the version
  • f6ddfc8 Fixed a regression in the pytest plugin that broke parametrized async fixtures
  • 4ecc963 Bumped up the version
  • 5489fbd Fixed tox configuration
  • 77b94df Updated Path documentation and made is_junction() conditional (#800)
  • bf130dc Fixed TypeError when TLS handshake fails with truststore SSLContext (#801)
  • 4cb89a5 Migrated to native TOML configuration for Tox
  • 6bebf18 Made test_start_task_soon_cancel_immediately() less flaky
  • e8546bd Rebind instance method fixtures to the same instance as the test (#807)
  • 57bcbc9 Updated macOS and Windows to test on Python 3.13 by default
  • Additional commits viewable in compare view


Updates charset-normalizer from 3.3.2 to 3.4.0

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.0

🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] All of this while our community is still struggling to make a firm advancement in HTTP clients. Now, many of you use Requests as the defacto http client, now, and for many years now, Requests has been frozen. Being left in a vegetative state and not evolving, this blocked millions of developers from using more advanced features.

We promptly invite Python developers to look at the drop-in replacement for Requests, namely Niquests. It leverage charset-normalizer in a better way! Check it out, you will be positively surprised! Don't wait another decade.

We are thankful to @​microsoft and involved parties for funding our work through the Microsoft FOSS Fund program.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Changelog

Sourced from charset-normalizer's changelog.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Commits
  • f3118e3 :wrench: change download/upload artifact version to last working version
  • 33e67e8 :wrench: set compile-generator in generator_generic_slsa3 action
  • 73dd24c :wrench: add explicit build deps to setuptools
  • 78f1e9b :wrench: attempt to fix cd.yml *3
  • 56ae702 :wrench: attempt to fix cd.yml *2
  • 9720055 :wrench: attempt to fix cd.yml (macos part)
  • 1e10d06 Update CHANGELOG.md
  • 36c103a :bookmark: Release 3.4.0 (#545)
  • 7658dfc :arrow_up: Bump github/codeql-action from 3.26.11 to 3.26.12 (#544)
  • ca2535d :arrow_up: Bump github/codeql-action from 3.26.9 to 3.26.11 (#542)
  • Additional commits viewable in compare view


Updates docutils from 0.20.1 to 0.21.2

Updates idna from 3.8 to 3.10

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

  • Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

  • Update to Unicode 16.0.0
  • Deprecate setup.cfg in favour of pyproject.toml
  • Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

Commits


Updates markupsafe from 2.1.5 to 3.0.1

Release notes

Sourced from markupsafe's releases.

3.0.1

This is the MarkupSafe 3.0.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.1/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-1 (pending a fix to the docs build) Milestone: https://github.com/pallets/markupsafe/milestone/13?closed=1

  • Address compiler warnings that became errors in GCC 14. #466
  • Fix compatibility with proxy objects. #467

3.0.0

This is the MarkupSafe 3.0.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. The 3.0.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/MarkupSafe/3.0.0/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-0 (pending a fix to the docs build) Milestone: https://github.com/pallets/markupsafe/milestone/10?closed=1

  • Support Python 3.13 and its experimental free-threaded build. #461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348
  • Change distutils imports to setuptools. #399
  • Use deferred evaluation of annotations. #400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402
  • Speed up escaping plain strings by 40%. #434
  • Simplify speedups implementation. #437
Changelog

Sourced from markupsafe's changelog.

Version 3.0.1

Released 2024-10-08

  • Address compiler warnings that became errors in GCC 14. :issue:466
  • Fix compatibility with proxy objects. :issue:467

Version 3.0.0

Released 2024-10-07

  • Support Python 3.13 and its experimental free-threaded build. :pr:461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:348
  • Change distutils imports to setuptools. :pr:399
  • Use deferred evaluation of annotations. :pr:400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. :pr:400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. :issue:401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. :pr:402
  • Speed up escaping plain strings by 40%. :pr:434
  • Simplify speedups implementation. :pr:437
Commits


Updates starlette from 0.38.4 to 0.39.2

Release notes

Sourced from starlette's releases.

Version 0.39.2

Fixed

  • Allow use of request.url_for when only "app" scope is available #2672.
  • Fix internal type hints to support python-multipart==0.0.12 #2708.

Full Changelog: https://github.com/encode/starlette/compare/0.39.1...0.39.2

Version 0.39.1

Fixed

  • Avoid regex re-compilation in responses.py and schemas.py #2700.
  • Improve performance of get_route_path by removing regular expression usage #2701.
  • Consider FileResponse.chunk_size when handling multiple ranges #2703.
  • Use token_hex for generating multipart boundary strings #2702.

Full Changelog: https://github.com/encode/starlette/compare/0.39.0...0.39.1

Version 0.39.0

Added

  • Add support for HTTP Range to FileResponse #2697

Full Changelog: https://github.com/encode/starlette/compare/0.38.6...0.39.0

Version 0.38.6

Fixed

  • Close unclosed MemoryObjectReceiveStream in TestClient #2693.

Full Changelog: https://github.com/encode/starlette/compare/0.38.5...0.38.6

Version 0.38.5

Fixed

  • Schedule BackgroundTasks from within BaseHTTPMiddleware #2688. This behavior was removed in 0.38.3, and is now restored.

Full Changelog: https://github.com/encode/starlette/compare/0.38.4...0.38.5

Changelog

Sourced from starlette's changelog.

0.39.2 (September 29, 2024)

Fixed

  • Allow use of request.url_for when only "app" scope is available #2672.
  • Fix internal type hints to support python-multipart==0.0.12 #2708.

0.39.1 (September 25, 2024)

Fixed

  • Avoid regex re-compilation in responses.py and schemas.py #2700.
  • Improve performance of get_route_path by removing regular expression usage #2701.
  • Consider FileResponse.chunk_size when handling multiple ranges #2703.
  • Use token_hex for generating multipart boundary strings #2702.

0.39.0 (September 23, 2024)

Added

0.38.6 (September 22, 2024)

Fixed

  • Close unclosed MemoryObjectReceiveStream in TestClient #2693.

0.38.5 (September 7, 2024)

Fixed

  • Schedule BackgroundTasks from within BaseHTTPMiddleware #2688. This behavior was removed in 0.38.3, and is now restored.
Commits


Updates urllib3 from 2.2.2 to 2.2.3

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added support for Python 3.13. (#3473)

Bugfixes

  • Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)
  • Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)
  • Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)
  • Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)
  • Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

  • Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)
  • Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)
  • Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)
  • Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

  • Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

  • Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)
  • Fixed ResourceWarning on CONNECT with Python `__)
  • Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)
  • Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)
  • Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

  • Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

  • Added version checking for h2 (https://pypi.org/project/h2/) usage.

    Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

  • Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

  • Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

  • Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)
  • Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)
Commits


Updates uvicorn from 0.30.6 to 0.31.1

Release notes

Sourced from uvicorn's releases.

Version 0.31.1

Fixed

  • Support WebSockets 0.13.1 #2471
  • Restore support for [*] in trusted hosts #2480
  • Add PathLike[str] type hint for ssl_keyfile #2481

Full Changelog: https://github.com/encode/uvicorn/compare/0.31.0...0.31.1

Version 0.31.0

Added

Improve ProxyHeadersMiddleware (#2468) and (#2231):

  • Fix the host for requests from clients running on the proxy server itself.
  • Fallback to host that was already set for empty x-forwarded-for headers.
  • Also allow specifying IP Networks as trusted hosts. This greatly simplifies deployments on docker swarm/Kubernetes, where the reverse proxy might have a dynamic IP.
    • This includes support for IPv6 Address/Networks.

Full Changelog: https://github.com/encode/uvicorn/compare/0.30.6...0.31.0

Changelog

Sourced from uvicorn's changelog.

0.31.1 (2024-10-09)

Fixed

  • Support WebSockets 0.13.1 (#2471)
  • Restore support for [*] in trusted hosts (#2480)
  • Add PathLike[str] type hint for ssl_keyfile (#2481)

0.31.0 (2024-09-27)

Added

Improve ProxyHeadersMiddleware (#2468) and (#2231):

  • Fix the host for requests from clients running on the proxy server itself.
  • Fallback to host that was already set for empty x-forwarded-for headers.
  • Also allow to specify IP Networks as trusted hosts. This greatly simplifies deployments on docker swarm/kubernetes, where the reverse proxy might have a dynamic IP.
    • This includes support for IPv6 Address/Networks.
Commits


Updates websockets from 13.0.1 to 13.1

Release notes

Sourced from websockets's releases.

13.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits
  • 4d229bf Release version 13.1.
  • 0afccc9 Clarify comment.
  • 3640923 Wait until state is CLOSED to acces close_exc.
  • 20739e0 Improve exception handling during handshake.
  • 206624a Standard spelling on "an HTTP".
  • 98f236f Run handler only when opening handshake succeeds.
  • d19ed26 Run spellcheck.
  • 070ff1a Add dedicated ConcurrencyError exception.
  • f9cea9c Improve isolation of tests of sync implementation.
  • 14d9d40 Fix typo in convenience imports.
  • Additional commits viewable in compare view


Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | sphinx-autobuild | [>= 2024.4.13.a, < 2024.4.14] |

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions