Fix a bug that would appear on macOS whereby if we accept() a socket that is
already gone, setting socket options would fail and take down the server. See
Pylons/waitress#399
Fixed testing of vendored asyncore code to not rely on particular naming for
errno's. See Pylons/waitress#397
HTTP Request methods and versions are now validated to meet the HTTP
standards thereby dropping invalid requests on the floor. See
Pylons/waitress#423
No longer close the connection when sending a HEAD request response. See
Pylons/waitress#428
Always attempt to send the Connection: close response header when we are
going to close the connection to let the remote know in more instances.
Pylons/waitress#429
Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and
PyPy 3.9, 3.10. See Pylons/waitress#412
Document that trusted_proxy may be set to a wildcard value to trust all
proxies. See Pylons/waitress#431
Updated Defaults
clear_untrusted_proxy_headers is set to True by default. See
Pylons/waitress#370
- Fix a bug that would lead to Waitress busy looping on select() on a half-open
socket due to a race condition that existed when creating a new HTTPChannel.
See https://github.com/Pylons/waitress/pull/435,
https://github.com/Pylons/waitress/issues/418 and
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and
helping track this down.
Fix a bug that would appear on macOS whereby if we accept() a socket that is
already gone, setting socket options would fail and take down the server. See Pylons/waitress#399
Fixed testing of vendored asyncore code to not rely on particular naming for
errno's. See Pylons/waitress#397
HTTP Request methods and versions are now validated to meet the HTTP
standards thereby dropping invalid requests on the floor. See Pylons/waitress#423
No longer close the connection when sending a HEAD request response. See Pylons/waitress#428
Always attempt to send the Connection: close response header when we are
going to close the connection to let the remote know in more instances. Pylons/waitress#429
Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and
PyPy 3.9, 3.10. See Pylons/waitress#412
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hypothesis/h/network/alerts).
Bumps waitress from 2.1.2 to 3.0.1.
Release notes
Sourced from waitress's releases.
Changelog
Sourced from waitress's changelog.
... (truncated)
Commits
ae949bb
Ready for 3.0.1e435901
Merge commit from fork810a435
Add documentation for channel_request_lookaheadf4ba1c2
Fix a race condition on recv_bytes boundary when request is invalid7e7f11e
Add a new test to validate the lookahead race condition6943dcf
Make DummySock() look more like an actual socketfdd2ecf
Merge pull request #445 from Pylons/feature/support-py-3-13dcd18e7
Update exclude matrix4633ea6
Drop Python 3.8 and add Python 3.134584936
Merge pull request #440 from Pylons/fix/ciDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show