Sanic integration with Webargs

Overview

webargs-sanic

Sanic integration with Webargs.

Parsing and validating request arguments: headers, arguments, cookies, files, json, etc.

IMPORTANT: From version 2.0.0 webargs-sanic requires you to have webargs >=7.0.1. Please be aware of changes happened in version of webargs > 6.0.0. If you need support of webargs 5.x with no location definition, please use previous version(1.5.0) of this module from pypi.

Build Status Latest Version Python Versions Tests Coverage

webargs is a Python library for parsing and validating HTTP request arguments, with built-in support for popular web frameworks. webargs-sanic allows you to use it for Sanic apps. To read more about webargs usage, please check Quickstart

Example Code

Simple Application

from sanic import Sanic
from sanic.response import text

from webargs import fields
from webargs_sanic.sanicparser import use_args


app = Sanic(__name__)

hello_args = {
    'name': fields.Str(required=True)
}

@app.route('/')
@use_args(hello_args, location="query")
async def index(request, args):
    return text('Hello ' + args['name'])

Class-based Sanic app and args/kwargs

from sanic import Sanic
from sanic.views import HTTPMethodView
from sanic.response import json

from webargs import fields
from webargs_sanic.sanicparser import use_args, use_kwargs


app = Sanic(__name__)

class EchoMethodViewUseArgs(HTTPMethodView):
    @use_args({"val": fields.Int()}, location="form")
    async def post(self, request, args):
        return json(args)


app.add_route(EchoMethodViewUseArgs.as_view(), "/echo_method_view_use_args")


class EchoMethodViewUseKwargs(HTTPMethodView):
    @use_kwargs({"val": fields.Int()}, location="query")
    async def post(self, request, val):
        return json({"val": val})


app.add_route(EchoMethodViewUseKwargs.as_view(), "/echo_method_view_use_kwargs")

Parser without decorator with returning errors as JSON

from sanic import Sanic
from sanic.response import json

from webargs import fields
from webargs_sanic.sanicparser import parser, HandleValidationError

app = Sanic(__name__)

@app.route("/echo_view_args_validated/<value>", methods=["GET"])
async def echo_use_args_validated(request, args):
    parsed = await parser.parse(
        {"value": fields.Int(required=True, validate=lambda args: args["value"] > 42)}, request, location="view_args"
    )
    return json(parsed)


# Return validation errors as JSON
@app.exception(HandleValidationError)
async def handle_validation_error(request, err):
    return json({"errors": err.exc.messages}, status=422)

More complicated custom example

from sanic import Sanic
from sanic import response
from sanic import Blueprint

from webargs_sanic.sanicparser import use_kwargs

from some_CUSTOM_storage import InMemory

from webargs import fields
from webargs import validate

import marshmallow.fields
from validate_email import validate_email

#usually this should not be here, better to import ;)
#please check examples for more info
class Email(marshmallow.fields.Field):

    def __init__(self, *args, **kwargs):
        super(Email, self).__init__(*args, **kwargs)

    def _deserialize(self, value, attr, obj):
        value = value.strip().lower()
        if not validate_email(value):
            self.fail('validator_failed')
        return value

user_update = {
    'user_data': fields.Nested({
        'email': Email(),
        'password': fields.Str(validate=lambda value: len(value)>=8),
        'first_name': fields.Str(validate=lambda value: len(value)>=1),
        'last_name': fields.Str(validate=lambda value: len(value)>=1),
        'middle_name': fields.Str(),
        'gender': fields.Str(validate=validate.OneOf(["M", "F"])),
        'birth_date': fields.Date(),
    }),
    'user_id': fields.Str(required=True, validate=lambda x:len(x)==32),
}


blueprint = Blueprint('app')
storage = InMemory()


@blueprint.put('/user/')
@use_kwargs(user_update, location="json_or_form")
async def update_user(request, user_id, user_data):
    storage.update_or_404(user_id, user_data)
    return response.text('', status=204)

app = Sanic(__name__)
app.blueprint(blueprint, url_prefix='/')

For more examples and checking how to use custom validations (phones, emails, etc.) please check apps in Examples

Installing

It is easy to do from pip

pip install webargs-sanic

or from sources

git clone [email protected]:EndurantDevs/webtest-sanic.git
cd webtest-sanic
python setup.py install

Running the tests

Project uses common tests from webargs package. Thanks to Steven Loria for sharing tests in webargs v4.1.0. Most of tests are run by webtest via webtest-sanic. Some own tests get run via Sanic's TestClient.

To be sure everything is fine before installation from sources, just run:

pip -r requirements.txt

and then

python setup.py test

Or

pytest tests/

Authors

Endurant Developers Python Team

License

This project is licensed under the MIT License - see the LICENSE file for details

Comments
  • Update to work with sanic 21.6.2

    Update to work with sanic 21.6.2

    Updating it to work with 21.6.2.

    Had to replace webtest-sanic with the official sanic_testing since the former didn't work with recent versions of sanic.

    This fixes:

    • DeprecationWarning: Sanic instance named 'tests.apps.sanic_app' uses a format that is deprecated.
    • Deprecation of sanic.exceptions.abort https://github.com/sanic-org/sanic/pull/2077
    • Removal of sanic.exceptions.add_status_code https://github.com/sanic-org/sanic/pull/2077
    opened by aericson 14
  • Removing unused version imports.

    Removing unused version imports.

    Fixes an issue with the package not working if packaging is not installed. It's not currently installed since it's not on the setup.py.

    I've decided to remove it since it's not being used instead of adding it to setup.py. Also, removed from sanic import __version__ as sanic_version just for clean up since it's not used.

    opened by aericson 3
  • Invalid number of params in call to default error handler.

    Invalid number of params in call to default error handler.

    Default handler from webargs-sanic accepts less number of args than webargs pass to it, which leads to the following error: TypeError: handle_error() takes 4 positional arguments but 6 were given

    Packages versions: sanic 19.6.2
    webargs 5.3.2
    webargs-sanic 1.0.3

    Handler definition in sanicparser: https://github.com/EndurantDevs/webargs-sanic/blob/master/webargs_sanic/sanicparser.py#L107

    Webargs call in webargs sources: https://github.com/marshmallow-code/webargs/blob/dev/src/webargs/asyncparser.py#L108

    opened by DMantis 3
  • Bump ujson from 1.35 to 5.2.0 in /examples/user_simple_storage

    Bump ujson from 1.35 to 5.2.0 in /examples/user_simple_storage

    Bumps ujson from 1.35 to 5.2.0.

    Release notes

    Sourced from ujson's releases.

    5.2.0

    Added

    Fixed

    5.1.0

    Changed

    5.0.0

    Added

    Removed

    Fixed

    4.3.0

    Added

    4.2.0

    Added

    Changed

    ... (truncated)

    Commits
    • f6860f1 Remove shebang
    • c0ff7b1 python -m pytest
    • 362fed3 Clearer pytest command
    • 82917c0 actions/checkout@v3
    • 3c095f1 Widen tests to cover more possible buffer overflows
    • f4d2c87 Refactor buffer reservations to ensure sufficient space on all additions
    • 1846e08 Add fuzz test to CI/CD.
    • 5875168 Fix some more seg-faults on encoding.
    • 1a39406 Remove the hidden JSON_NO_EXTRA_WHITESPACE compile knob.
    • 20aa1a6 Add a fuzzing test to search for segfaults in encoding.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump ujson from 4.0.2 to 5.2.0

    Bump ujson from 4.0.2 to 5.2.0

    Bumps ujson from 4.0.2 to 5.2.0.

    Release notes

    Sourced from ujson's releases.

    5.2.0

    Added

    Fixed

    5.1.0

    Changed

    5.0.0

    Added

    Removed

    Fixed

    4.3.0

    Added

    4.2.0

    Added

    Changed

    ... (truncated)

    Commits
    • f6860f1 Remove shebang
    • c0ff7b1 python -m pytest
    • 362fed3 Clearer pytest command
    • 82917c0 actions/checkout@v3
    • 3c095f1 Widen tests to cover more possible buffer overflows
    • f4d2c87 Refactor buffer reservations to ensure sufficient space on all additions
    • 1846e08 Add fuzz test to CI/CD.
    • 5875168 Fix some more seg-faults on encoding.
    • 1a39406 Remove the hidden JSON_NO_EXTRA_WHITESPACE compile knob.
    • 20aa1a6 Add a fuzzing test to search for segfaults in encoding.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump sanic from 18.12.0 to 20.12.6 in /examples/user_simple_storage

    Bump sanic from 18.12.0 to 20.12.6 in /examples/user_simple_storage

    Bumps sanic from 18.12.0 to 20.12.6.

    Release notes

    Sourced from sanic's releases.

    Version 20.12.6

    What's Changed

    Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.5...v20.12.6

    Version 20.12.5

    #2366 Upgrade websockets version - SECURITY UPDATE

    Version 20.12.4

    Version 20.12.3

    Bugfixes

    • #2021 Remove prefix from websocket handler name

    Version 20.12.2

    Dependencies

    • #2026 Fix uvloop to 0.14 because 0.15 drops Python 3.6 support
    • #2029 Remove old chardet requirement, add in hard multidict requirement

    Version 20.12.1

    Features

    • #1993 Add disable app registry

    Version 20.12.0

    Features

    • [#1945][] Static route more verbose if file not found
    • [#1954][] Fix static routes registration on a blueprint
    • [#1961][] Add Python 3.9 support
    • [#1962][] Sanic CLI upgrade
    • [#1967][] Update aiofile version requirements
    • [#1969][] Update multidict version requirements
    • [#1970][] Add py.typed file
    • [#1972][] Speed optimization in request handler
    • [#1979][] Add app registry and Sanic class level app retrieval

    Bugfixes

    • [#1965][] Fix Chunked Transport-Encoding in ASGI streaming response

    Deprecations and Removals

    ... (truncated)

    Changelog

    Sourced from sanic's changelog.

    .. note::

    CHANGELOG files are maintained in ./docs/sanic/releases. To view the full CHANGELOG, please visit https://sanic.readthedocs.io/en/stable/sanic/changelog.html.

    Version 21.6.1

    Bugfixes

    • [#2178](https://github.com/sanic-org/sanic/issues/2178) <https://github.com/sanic-org/sanic/pull/2178>_ Update sanic-routing to allow for better splitting of complex URI templates
    • [#2183](https://github.com/sanic-org/sanic/issues/2183) <https://github.com/sanic-org/sanic/pull/2183>_ Proper handling of chunked request bodies to resolve phantom 503 in logs
    • [#2181](https://github.com/sanic-org/sanic/issues/2181) <https://github.com/sanic-org/sanic/pull/2181>_ Resolve regression in exception logging
    • [#2201](https://github.com/sanic-org/sanic/issues/2201) <https://github.com/sanic-org/sanic/pull/2201>_ Cleanup request info in pipelined requests

    Version 21.6.0

    Features

    • [#2094](https://github.com/sanic-org/sanic/issues/2094) <https://github.com/sanic-org/sanic/pull/2094>_ Add response.eof() method for closing a stream in a handler

    • [#2097](https://github.com/sanic-org/sanic/issues/2097) <https://github.com/sanic-org/sanic/pull/2097>_ Allow case-insensitive HTTP Upgrade header

    • [#2104](https://github.com/sanic-org/sanic/issues/2104) <https://github.com/sanic-org/sanic/pull/2104>_ Explicit usage of CIMultiDict getters

    • [#2109](https://github.com/sanic-org/sanic/issues/2109) <https://github.com/sanic-org/sanic/pull/2109>_ Consistent use of error loggers

    • [#2114](https://github.com/sanic-org/sanic/issues/2114) <https://github.com/sanic-org/sanic/pull/2114>_ New client_ip access of connection info instance

    • [#2119](https://github.com/sanic-org/sanic/issues/2119) <https://github.com/sanic-org/sanic/pull/2119>_ Alternatate classes on instantiation for Config and Sanic.ctx

    • [#2133](https://github.com/sanic-org/sanic/issues/2133) <https://github.com/sanic-org/sanic/pull/2133>_ Implement new version of AST router

      • Proper differentiation between alpha and string param types
      • Adds a slug param type, example: <foo:slug>
      • Deprecates <foo:string> in favor of <foo:str>
      • Deprecates <foo:number> in favor of <foo:float>
      • Adds a route.uri accessor
    • [#2136](https://github.com/sanic-org/sanic/issues/2136) <https://github.com/sanic-org/sanic/pull/2136>_ CLI improvements with new optional params

    • [#2137](https://github.com/sanic-org/sanic/issues/2137) <https://github.com/sanic-org/sanic/pull/2137>_ Add version_prefix to URL builders

    • [#2140](https://github.com/sanic-org/sanic/issues/2140) <https://github.com/sanic-org/sanic/pull/2140>_ Event autoregistration with EVENT_AUTOREGISTER

    ... (truncated)

    Commits
    • 3b85b3b Potential server crash if running Python 3.10 w/ Sanic 20.12 (#2400)
    • 6e55e73 fix: websocket dependency for websockets 9.1 security fix (#2366)
    • 89d9424 Merge branch 'pr2129' into 20.12LTS
    • 4d6205e Bump version
    • 1684b0b remove reference to yanked packages
    • 4f5faa4 unpin uvloop
    • cbb77b5 fix issue where request.args.pop removed parameters inconsistently (#2112)
    • 35c7625 Bump version 20.12.3 (#2062)
    • 8d86c3c Remove unnecessary prefix from websocket handler name (#2021)
    • 9763511 Align setup.py
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump ujson from 4.0.2 to 5.1.0

    Bump ujson from 4.0.2 to 5.1.0

    Bumps ujson from 4.0.2 to 5.1.0.

    Release notes

    Sourced from ujson's releases.

    5.1.0

    Changed

    5.0.0

    Added

    Removed

    Fixed

    4.3.0

    Added

    4.2.0

    Added

    Changed

    4.1.0

    Added

    Changed

    ... (truncated)

    Commits
    • 682c660 Merge pull request #493 from bwoodsend/strip-binaries
    • c1d5b6d [pre-commit.ci] auto fixes from pre-commit.com hooks
    • b9275f7 Strip debugging symbols from Linux binaries.
    • e3ccc5a Merge pull request #492 from hugovk/deploy-twine
    • 243d49b Install Twine to upload to PyPI
    • 269621b Merge pull request #490 from hugovk/rm-3.6
    • cccde3f Drop support for EOL Python 3.6
    • b55049f Merge pull request #491 from bwoodsend/switch-to-ci-build-wheels
    • 04286a6 Drop wheels for Python 3.6. (#490)
    • ab32d48 CI/CD: Ensure that sdists are uploaded last.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  •  ModuleNotFoundError: No module named 'packaging'

    ModuleNotFoundError: No module named 'packaging'

    │     from webargs_sanic.sanicparser import HandleValidationError                                                                                                                                                                                                                           │
    │   File "/usr/local/lib/python3.8/site-packages/webargs_sanic/sanicparser.py", line 34, in <module>                                                                                                                                                                                        │
    │     from packaging import version                                                                                                                                                                                                                                                         │
    │ ModuleNotFoundError: No module named 'packaging'
    
    opened by nf1s 2
  • Bump websockets from 8.1 to 9.1

    Bump websockets from 8.1 to 9.1

    Bumps websockets from 8.1 to 9.1.

    Changelog

    Sourced from websockets's changelog.

    9.1 ...

    May 27, 2021

    .. note::

    **Version 9.1 fixes a security issue introduced in version 8.0.**
    

    Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.

    9.0.2 .....

    May 15, 2021

    • Restored compatibility of python -m websockets with Python < 3.9.

    • Restored compatibility with mypy.

    9.0.1 .....

    May 2, 2021

    • Fixed issues with the packaging of the 9.0 release.

    9.0 ...

    May 1, 2021

    .. note::

    **Version 9.0 moves or deprecates several APIs.**
    

    Aliases provide backwards compatibility for all previously public APIs.

    • :class:~datastructures.Headers and :exc:~datastructures.MultipleValuesError were moved from websockets.http to :mod:websockets.datastructures. If you're using them, you should adjust the import path.

    • The client, server, protocol, and auth modules were moved from the websockets package to websockets.legacy sub-package, as part of an upcoming refactoring. Despite the name, they're still fully supported. The refactoring should be a transparent upgrade for most uses when it's available. The legacy implementation will be preserved according to the backwards-compatibility policy_.

... (truncated)

Commits
  • d0f3288 Bump version number.
  • 547a26b Use constant-time comparison for passwords.
  • a14226a Bump version number.
  • 8900c13 Add mypy to dictionary.
  • 0713dbf Add test coverage.
  • b99c4fe Restore real imports for compatibility with mypy.
  • e44e085 Use relative imports everywhere, for consistency.
  • 70fadbf Restore compatibility with Python < 3.9.
  • 217ac2d Fix broken link.
  • fc176f4 Bump version number.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies 
opened by dependabot[bot] 1
  • Bump aiohttp from 3.7.3 to 3.7.4

    Bump aiohttp from 3.7.3 to 3.7.4

    Bumps aiohttp from 3.7.3 to 3.7.4.

    Changelog

    Sourced from aiohttp's changelog.

    3.7.4 (2021-02-25)

    Bugfixes

    • (SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

      Thanks to Beast Glatisant <https://github.com/g147>__ for finding the first instance of this issue and Jelmer Vernooij <https://jelmer.uk/>__ for reporting and tracking it down in aiohttp. [#5497](https://github.com/aio-libs/aiohttp/issues/5497) <https://github.com/aio-libs/aiohttp/issues/5497>_

    • Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.

      Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter. [#5498](https://github.com/aio-libs/aiohttp/issues/5498) <https://github.com/aio-libs/aiohttp/issues/5498>_


    Commits
    • 0a26acc Bump aiohttp to v3.7.4 for a security release
    • 021c416 Merge branch 'ghsa-v6wp-4m6f-gcjg' into master
    • 4ed7c25 Bump chardet from 3.0.4 to 4.0.0 (#5333)
    • b61f0fd Fix how pure-Python HTTP parser interprets //
    • 5c1efbc Bump pre-commit from 2.9.2 to 2.9.3 (#5322)
    • 0075075 Bump pygments from 2.7.2 to 2.7.3 (#5318)
    • 5085173 Bump multidict from 5.0.2 to 5.1.0 (#5308)
    • 5d1a75e Bump pre-commit from 2.9.0 to 2.9.2 (#5290)
    • 6724d0e Bump pre-commit from 2.8.2 to 2.9.0 (#5273)
    • c688451 Removed duplicate timeout parameter in ClientSession reference docs. (#5262) ...
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump urllib3 from 1.26.2 to 1.26.5

    Bump urllib3 from 1.26.2 to 1.26.5

    Bumps urllib3 from 1.26.2 to 1.26.5.

    Release notes

    Sourced from urllib3's releases.

    1.26.5

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed deprecation warnings emitted in Python 3.10.
    • Updated vendored six library to 1.16.0.
    • Improved performance of URL parser when splitting the authority component.

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.4

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.3

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed bytes and string comparison issue with headers (Pull #2141)

    • Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    Changelog

    Sourced from urllib3's changelog.

    1.26.5 (2021-05-26)

    • Fixed deprecation warnings emitted in Python 3.10.
    • Updated vendored six library to 1.16.0.
    • Improved performance of URL parser when splitting the authority component.

    1.26.4 (2021-03-15)

    • Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

    1.26.3 (2021-01-26)

    • Fixed bytes and string comparison issue with headers (Pull #2141)

    • Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

    Commits
    • d161647 Release 1.26.5
    • 2d4a3fe Improve performance of sub-authority splitting in URL
    • 2698537 Update vendored six to 1.16.0
    • 07bed79 Fix deprecation warnings for Python 3.10 ssl module
    • d725a9b Add Python 3.10 to GitHub Actions
    • 339ad34 Use pytest==6.2.4 on Python 3.10+
    • f271c9c Apply latest Black formatting
    • 1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
    • a891304 Release 1.26.4
    • 8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump certifi from 2020.12.5 to 2022.12.7

    Bump certifi from 2020.12.5 to 2022.12.7

    Bumps certifi from 2020.12.5 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump sanic from 18.12.0 to 20.12.7 in /examples/user_simple_storage

    Bump sanic from 18.12.0 to 20.12.7 in /examples/user_simple_storage

    Bumps sanic from 18.12.0 to 20.12.7.

    Release notes

    Sourced from sanic's releases.

    Version 20.12.7

    Resolves #2477 and #2478 See also #2495 and https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6

    Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.6...v20.12.7

    Version 20.12.6

    What's Changed

    Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.5...v20.12.6

    Version 20.12.5

    #2366 Upgrade websockets version - SECURITY UPDATE

    Version 20.12.4

    Version 20.12.3

    Bugfixes

    • #2021 Remove prefix from websocket handler name

    Version 20.12.2

    Dependencies

    • #2026 Fix uvloop to 0.14 because 0.15 drops Python 3.6 support
    • #2029 Remove old chardet requirement, add in hard multidict requirement

    Version 20.12.1

    Features

    • #1993 Add disable app registry

    Version 20.12.0

    Features

    • [#1945][] Static route more verbose if file not found
    • [#1954][] Fix static routes registration on a blueprint
    • [#1961][] Add Python 3.9 support
    • [#1962][] Sanic CLI upgrade
    • [#1967][] Update aiofile version requirements
    • [#1969][] Update multidict version requirements
    • [#1970][] Add py.typed file
    • [#1972][] Speed optimization in request handler
    • [#1979][] Add app registry and Sanic class level app retrieval

    Bugfixes

    ... (truncated)

    Changelog

    Sourced from sanic's changelog.

    .. note::

    CHANGELOG files are maintained in ./docs/sanic/releases. To view the full CHANGELOG, please visit https://sanic.readthedocs.io/en/stable/sanic/changelog.html.

    Version 21.6.1

    Bugfixes

    • [#2178](https://github.com/sanic-org/sanic/issues/2178) <https://github.com/sanic-org/sanic/pull/2178>_ Update sanic-routing to allow for better splitting of complex URI templates
    • [#2183](https://github.com/sanic-org/sanic/issues/2183) <https://github.com/sanic-org/sanic/pull/2183>_ Proper handling of chunked request bodies to resolve phantom 503 in logs
    • [#2181](https://github.com/sanic-org/sanic/issues/2181) <https://github.com/sanic-org/sanic/pull/2181>_ Resolve regression in exception logging
    • [#2201](https://github.com/sanic-org/sanic/issues/2201) <https://github.com/sanic-org/sanic/pull/2201>_ Cleanup request info in pipelined requests

    Version 21.6.0

    Features

    • [#2094](https://github.com/sanic-org/sanic/issues/2094) <https://github.com/sanic-org/sanic/pull/2094>_ Add response.eof() method for closing a stream in a handler

    • [#2097](https://github.com/sanic-org/sanic/issues/2097) <https://github.com/sanic-org/sanic/pull/2097>_ Allow case-insensitive HTTP Upgrade header

    • [#2104](https://github.com/sanic-org/sanic/issues/2104) <https://github.com/sanic-org/sanic/pull/2104>_ Explicit usage of CIMultiDict getters

    • [#2109](https://github.com/sanic-org/sanic/issues/2109) <https://github.com/sanic-org/sanic/pull/2109>_ Consistent use of error loggers

    • [#2114](https://github.com/sanic-org/sanic/issues/2114) <https://github.com/sanic-org/sanic/pull/2114>_ New client_ip access of connection info instance

    • [#2119](https://github.com/sanic-org/sanic/issues/2119) <https://github.com/sanic-org/sanic/pull/2119>_ Alternatate classes on instantiation for Config and Sanic.ctx

    • [#2133](https://github.com/sanic-org/sanic/issues/2133) <https://github.com/sanic-org/sanic/pull/2133>_ Implement new version of AST router

      • Proper differentiation between alpha and string param types
      • Adds a slug param type, example: <foo:slug>
      • Deprecates <foo:string> in favor of <foo:str>
      • Deprecates <foo:number> in favor of <foo:float>
      • Adds a route.uri accessor
    • [#2136](https://github.com/sanic-org/sanic/issues/2136) <https://github.com/sanic-org/sanic/pull/2136>_ CLI improvements with new optional params

    • [#2137](https://github.com/sanic-org/sanic/issues/2137) <https://github.com/sanic-org/sanic/pull/2137>_ Add version_prefix to URL builders

    • [#2140](https://github.com/sanic-org/sanic/issues/2140) <https://github.com/sanic-org/sanic/pull/2140>_ Event autoregistration with EVENT_AUTOREGISTER

    ... (truncated)

    Commits
    • 05002d7 Path protection with pathlib
    • b4360d4 Path protection with pathlib
    • 3b85b3b Potential server crash if running Python 3.10 w/ Sanic 20.12 (#2400)
    • 6e55e73 fix: websocket dependency for websockets 9.1 security fix (#2366)
    • 89d9424 Merge branch 'pr2129' into 20.12LTS
    • 4d6205e Bump version
    • 1684b0b remove reference to yanked packages
    • 4f5faa4 unpin uvloop
    • cbb77b5 fix issue where request.args.pop removed parameters inconsistently (#2112)
    • 35c7625 Bump version 20.12.3 (#2062)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump ujson from 4.0.2 to 5.4.0

    Bump ujson from 4.0.2 to 5.4.0

    Bumps ujson from 4.0.2 to 5.4.0.

    Release notes

    Sourced from ujson's releases.

    5.4.0

    Added

    Fixed

    5.3.0

    Added

    Changed

    Fixed

    5.2.0

    Added

    Fixed

    5.1.0

    Changed

    ... (truncated)

    Commits
    • 9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
    • b21da40 Fix double free on string decoding if realloc fails
    • 67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
    • bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
    • cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
    • 4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
    • abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
    • 3efb5cc Delete old TravisCI workflow and references.
    • 404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
    • f7e66dc Switch to musl docker base images.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump ujson from 1.35 to 5.4.0 in /examples/user_simple_storage

    Bump ujson from 1.35 to 5.4.0 in /examples/user_simple_storage

    Bumps ujson from 1.35 to 5.4.0.

    Release notes

    Sourced from ujson's releases.

    5.4.0

    Added

    Fixed

    5.3.0

    Added

    Changed

    Fixed

    5.2.0

    Added

    Fixed

    5.1.0

    Changed

    ... (truncated)

    Commits
    • 9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
    • b21da40 Fix double free on string decoding if realloc fails
    • 67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
    • bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
    • cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
    • 4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
    • abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
    • 3efb5cc Delete old TravisCI workflow and references.
    • 404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
    • f7e66dc Switch to musl docker base images.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump waitress from 2.1.1 to 2.1.2

    Bump waitress from 2.1.1 to 2.1.2

    Bumps waitress from 2.1.1 to 2.1.2.

    Changelog

    Sourced from waitress's changelog.

    2.1.2

    Bugfix

    
    - When expose_tracebacks is enabled waitress would fail to properly encode
      unicode thereby causing another error during error handling. See
      https://github.com/Pylons/waitress/pull/378
    
    • Header length checking had a calculation that was done incorrectly when the data was received across multple socket reads. This calculation has been corrected, and no longer will Waitress send back a 413 Request Entity Too Large. See Pylons/waitress#376

    Security Bugfix

    • in 2.1.0 a new feature was introduced that allowed the WSGI thread to start sending data to the socket. However this introduced a race condition whereby a socket may be closed in the sending thread while the main thread is about to call select() therey causing the entire application to be taken down. Waitress will no longer close the socket in the WSGI thread, instead waking up the main thread to cleanup. See Pylons/waitress#377
    Commits
    • 0aa4879 Remove change of default for clear_untrusted_proxy_headers
    • 2784628 Revert "Merge pull request #370 from Yourun-proger/del_warnings"
    • 479df63 Prep 2.1.2
    • 4f6789b Merge pull request #377 from Pylons/bugfix/select-closed-socket-race
    • 1952050 Merge pull request #379 from Pylons/enhancement/pyupgrade-3.7
    • 8f5b473 pyupgrade 3.7
    • c7a3d7e Only close socket in the main thread
    • 7c3739b Merge pull request #376 from Pylons/bugfix/header-calculation
    • 3066fdd Merge pull request #378 from Pylons/bugfix/expose_tracebacks-encode-error
    • 4467d76 Fix tests to assume body is bytes
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump httpx from 0.15.4 to 0.23.0

    Bump httpx from 0.15.4 to 0.23.0

    Bumps httpx from 0.15.4 to 0.23.0.

    Release notes

    Sourced from httpx's releases.

    Version 0.23.0

    0.23.0 (23rd May, 2022)

    Changed

    • Drop support for Python 3.6. (#2097)
    • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

    Fixed

    • Fix URL.copy_with for some oddly formed URL cases. (#2185)
    • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
    • Fix console markup escaping in command line client. (#1866)
    • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
    • Ensure that iter_bytes never yields zero-length chunks. (#2068)
    • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
    • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
    • Fix display of --proxies argument in the command line client help. (#2125)
    • Close responses when task cancellations occur during stream reading. (#2156)
    • Fix type error on accessing .request on HTTPError exceptions. (#2158)

    Version 0.22.0

    0.22.0 (26th January, 2022)

    Added

    Fixed

    • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
    • Fix Headers.update(...) to correctly handle repeated headers (#2038)

    Version 0.21.3

    0.21.3 (6th January, 2022)

    Fixed

    • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

    Version 0.21.2

    0.21.2 (5th January, 2022)

    Fixed

    • HTTP/2 support for tunnelled proxy cases. (#2009)
    • Improved the speed of large file uploads. (#1948)

    Version 0.21.1

    ... (truncated)

    Changelog

    Sourced from httpx's changelog.

    0.23.0 (23rd May, 2022)

    Changed

    • Drop support for Python 3.6. (#2097)
    • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

    Fixed

    • Fix URL.copy_with for some oddly formed URL cases. (#2185)
    • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
    • Fix console markup escaping in command line client. (#1866)
    • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
    • Ensure that iter_bytes never yields zero-length chunks. (#2068)
    • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
    • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
    • Fix display of --proxies argument in the command line client help. (#2125)
    • Close responses when task cancellations occur during stream reading. (#2156)
    • Fix type error on accessing .request on HTTPError exceptions. (#2158)

    0.22.0 (26th January, 2022)

    Added

    Fixed

    • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
    • Fix Headers.update(...) to correctly handle repeated headers (#2038)

    0.21.3 (6th January, 2022)

    Fixed

    • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

    0.21.2 (5th January, 2022)

    Fixed

    • HTTP/2 support for tunnelled proxy cases. (#2009)
    • Improved the speed of large file uploads. (#1948)

    0.21.1 (16th November, 2021)

    Fixed

    • The response.url property is now correctly annotated as URL, instead of Optional[URL]. (#1940)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Owner
    Endurant Devs
    Endurant Devs
    Sanic-RESTPlus is an extension for Sanic that adds support for quickly building REST APIs.

    Sanic RestPlus Sanic-RESTPlus is an extension for Sanic that adds support for quickly building REST APIs. Sanic-RESTPlus encourages best practices wit

    Ashley Sommer 106 Oct 14, 2022
    Fully Automated YouTube Channel ▶️with Added Extra Features.

    Fully Automated Youtube Channel ▒█▀▀█ █▀▀█ ▀▀█▀▀ ▀▀█▀▀ █░░█ █▀▀▄ █▀▀ █▀▀█ ▒█▀▀▄ █░░█ ░░█░░ ░▒█░░ █░░█ █▀▀▄ █▀▀ █▄▄▀ ▒█▄▄█ ▀▀▀▀ ░░▀░░ ░▒█░░ ░▀▀▀ ▀▀▀░

    sam-sepiol 249 Jan 2, 2023
    A template repository implementing HTML5 Boilerplate 8.0 in Sanic using the Domonic framework.

    sanic-domonic-h5bp A template repository implementing HTML5 Boilerplate 8.0 in Sanic using the Domonic framework. If you need frontend interactivity,

    PyXY 3 Dec 12, 2022
    Testing - Instrumenting Sanic framework with Opentelemetry

    sanic-otel-splunk Testing - Instrumenting Sanic framework with Opentelemetry Test with python 3.8.10, sanic 20.12.2 Step to instrument pip install -r

    Donler 1 Nov 26, 2021
    A discord http interactions framework built on top of Sanic

    snowfin An async discord http interactions framework built on top of Sanic Installing for now just install the package through pip via github # Unix b

    kaj 13 Dec 15, 2022
    An effective, simple, and async security library for the Sanic framework.

    Sanic Security An effective, simple, and async security library for the Sanic framework. Table of Contents About the Project Getting Started Prerequis

    Sunset Dev 72 Nov 30, 2022
    Pandas on AWS - Easy integration with Athena, Glue, Redshift, Timestream, QuickSight, Chime, CloudWatchLogs, DynamoDB, EMR, SecretManager, PostgreSQL, MySQL, SQLServer and S3 (Parquet, CSV, JSON and EXCEL).

    AWS Data Wrangler Pandas on AWS Easy integration with Athena, Glue, Redshift, Timestream, QuickSight, Chime, CloudWatchLogs, DynamoDB, EMR, SecretMana

    Amazon Web Services - Labs 3.3k Jan 4, 2023
    Integration of IPython pdb

    IPython pdb Use ipdb exports functions to access the IPython debugger, which features tab completion, syntax highlighting, better tracebacks, better i

    Godefroid Chapelle 1.7k Jan 7, 2023
    Bootstrap 3 integration with Django.

    django-bootstrap3 Bootstrap 3 integration for Django. Goal The goal of this project is to seamlessly blend Django and Bootstrap 3. Want to use Bootstr

    Zostera B.V. 2.3k Dec 24, 2022
    Bootstrap 4 integration with Django.

    django-bootstrap 4 Bootstrap 4 integration for Django. Goal The goal of this project is to seamlessly blend Django and Bootstrap 4. Requirements Pytho

    Zostera B.V. 979 Dec 26, 2022
    Universal Xiaomi MIoT integration for Home Assistant

    Xiaomi MIoT Raw 简体中文 | English MIoT 协议是小米智能家居从 2018 年起推行的智能设备通信协议规范,此后凡是可接入米家的设备均通过此协议进行通信。此插件按照 MIoT 协议规范与设备通信,实现对设备的状态读取及控制。

    null 1.9k Jan 2, 2023
    An early stage integration of Hotwire Turbo with Django

    Note: This is not ready for production. APIs likely to change dramatically. Please drop by our Slack channel to discuss!

    Hotwire for Django 352 Jan 6, 2023
    Socket.IO integration for Flask applications.

    Flask-SocketIO Socket.IO integration for Flask applications. Installation You can install this package as usual with pip: pip install flask-socketio

    Miguel Grinberg 4.9k Jan 3, 2023
    Integration of Hotwire's Turbo library with Flask.

    turbo-flask Integration of Hotwire's Turbo library with Flask, to allow you to create applications that look and feel like single-page apps without us

    Miguel Grinberg 240 Jan 6, 2023
    pytest splinter and selenium integration for anyone interested in browser interaction in tests

    Splinter plugin for the pytest runner Install pytest-splinter pip install pytest-splinter Features The plugin provides a set of fixtures to use splin

    pytest-dev 238 Nov 14, 2022
    Integration layer between Requests and Selenium for automation of web actions.

    Requestium is a Python library that merges the power of Requests, Selenium, and Parsel into a single integrated tool for automatizing web actions. The

    Tryolabs 1.7k Dec 27, 2022
    Prometheus integration for Starlette.

    Starlette Prometheus Introduction Prometheus integration for Starlette. Requirements Python 3.6+ Starlette 0.9+ Installation $ pip install starlette-p

    José Antonio Perdiguero 229 Dec 21, 2022
    flask extension for integration with the awesome pydantic package

    Flask-Pydantic Flask extension for integration of the awesome pydantic package with Flask. Installation python3 -m pip install Flask-Pydantic Basics v

    null 249 Jan 6, 2023
    Django application and library for importing and exporting data with admin integration.

    django-import-export django-import-export is a Django application and library for importing and exporting data with included admin integration. Featur

    null 2.6k Dec 26, 2022