Bumps the pip group with 2 updates in the /aws-py-langserve directory: aiohttp and fastapi.
Bumps the pip group with 1 update in the /aws-py-oidc-provider-pulumi-cloud directory: cryptography.
Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.
Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected.
Invalid header field names containing question mark or slash are now rejected.
Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.
Related issues and pull requests on GitHub:
:issue:7978.
Fixed web.FileResponse doing blocking I/O in the event loop.
Related issues and pull requests on GitHub:
:issue:8012.
Fixed double compress when compression enabled and compressed file exists in server file responses.
Related issues and pull requests on GitHub:
:issue:8014.
Added runtime type check for ClientSessiontimeout parameter.
Related issues and pull requests on GitHub:
:issue:8021.
Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.
Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected.
Invalid header field names containing question mark or slash are now rejected.
Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.
Related issues and pull requests on GitHub:
:issue:8074.
⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.
✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.
📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.
📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.
📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.
📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.
✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.
Translations
🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.
🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.
* Fixed a null-pointer-dereference and segfault that could occur when creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15
Fixed an initialization issue that caused key loading failures for some
users.
.. _v42-0-2:
42.0.2 - 2024-01-30
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24
Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey
:meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in
:func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pulumi/examples/network/alerts).
Bumps the pip group with 2 updates in the /aws-py-langserve directory: aiohttp and fastapi. Bumps the pip group with 1 update in the /aws-py-oidc-provider-pulumi-cloud directory: cryptography.
Updates
aiohttp
from 3.9.1 to 3.9.2Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
24a6d64
Release v3.9.2 (#8082)9118a58
[PR #8079/1c335944 backport][3.9] Validate static paths (#8080)435ad46
[PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...d33bc21
Improve validation in HTTP parser (#8074) (#8078)0d945d1
[PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...3ec4fa1
[PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...419d715
[PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...a54dab3
[PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)437ac47
[PR #7995/43a5bc50 backport][3.9] Fix examples offallback_charset_resolver
...034e5e3
[PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...Updates
fastapi
from 0.109.0 to 0.109.1Release notes
Sourced from fastapi's releases.
... (truncated)
Commits
7633d15
🔖 Release version 0.109.1a4de147
📝 Update release notes9d34ad0
Merge pull request from GHSA-qf9m-vfgh-m389ebf9723
📝 Update release notes8590d0c
👥 Update FastAPI People (#11074)063d7ff
📝 Update release notes3c81e62
🌐 Add Spanish translation fordocs/es/docs/external-links.md
(#10933)6c4a143
📝 Update release notesd254e2f
🌐 Update Korean translation fordocs/ko/docs/tutorial/first-steps.md
, `docs...6f6e786
📝 Update release notesUpdates
cryptography
from 41.0.6 to 42.0.4Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
fe18470
Bump for 42.0.4 release (#10445)aaa2dd0
Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)7a4d012
Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...df314bb
backport actions m1 switch to 42.0.x (#10415)c49a7a5
changelog and version bump for 42.0.3 (#10396)396bcf6
fix provider loading take two (#10390) (#10395)0e0e46f
backport: initialize openssl's legacy provider in rust (#10323) (#10333)2202123
changelog and version bump 42.0.2 (#10268)f7032bd
bump openssl in CI (#10298) (#10299)002e886
Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show