Sanic integration with Webargs

Last update: Aug 31, 2022

Overview

webargs-sanic

Sanic integration with Webargs.

Parsing and validating request arguments: headers, arguments, cookies, files, json, etc.

IMPORTANT: From version 2.0.0 webargs-sanic requires you to have webargs >=7.0.1. Please be aware of changes happened in version of webargs > 6.0.0. If you need support of webargs 5.x with no location definition, please use previous version(1.5.0) of this module from pypi.

webargs is a Python library for parsing and validating HTTP request arguments, with built-in support for popular web frameworks. webargs-sanic allows you to use it for Sanic apps. To read more about webargs usage, please check Quickstart

Example Code

Simple Application

from sanic import Sanic
from sanic.response import text

from webargs import fields
from webargs_sanic.sanicparser import use_args


app = Sanic(__name__)

hello_args = {
    'name': fields.Str(required=True)
}

@app.route('/')
@use_args(hello_args, location="query")
async def index(request, args):
    return text('Hello ' + args['name'])

Class-based Sanic app and args/kwargs

from sanic import Sanic
from sanic.views import HTTPMethodView
from sanic.response import json

from webargs import fields
from webargs_sanic.sanicparser import use_args, use_kwargs


app = Sanic(__name__)

class EchoMethodViewUseArgs(HTTPMethodView):
    @use_args({"val": fields.Int()}, location="form")
    async def post(self, request, args):
        return json(args)


app.add_route(EchoMethodViewUseArgs.as_view(), "/echo_method_view_use_args")


class EchoMethodViewUseKwargs(HTTPMethodView):
    @use_kwargs({"val": fields.Int()}, location="query")
    async def post(self, request, val):
        return json({"val": val})


app.add_route(EchoMethodViewUseKwargs.as_view(), "/echo_method_view_use_kwargs")

Parser without decorator with returning errors as JSON

from sanic import Sanic
from sanic.response import json

from webargs import fields
from webargs_sanic.sanicparser import parser, HandleValidationError

app = Sanic(__name__)

@app.route("/echo_view_args_validated/<value>", methods=["GET"])
async def echo_use_args_validated(request, args):
    parsed = await parser.parse(
        {"value": fields.Int(required=True, validate=lambda args: args["value"] > 42)}, request, location="view_args"
    )
    return json(parsed)


# Return validation errors as JSON
@app.exception(HandleValidationError)
async def handle_validation_error(request, err):
    return json({"errors": err.exc.messages}, status=422)

More complicated custom example

from sanic import Sanic
from sanic import response
from sanic import Blueprint

from webargs_sanic.sanicparser import use_kwargs

from some_CUSTOM_storage import InMemory

from webargs import fields
from webargs import validate

import marshmallow.fields
from validate_email import validate_email

#usually this should not be here, better to import ;)
#please check examples for more info
class Email(marshmallow.fields.Field):

    def __init__(self, *args, **kwargs):
        super(Email, self).__init__(*args, **kwargs)

    def _deserialize(self, value, attr, obj):
        value = value.strip().lower()
        if not validate_email(value):
            self.fail('validator_failed')
        return value

user_update = {
    'user_data': fields.Nested({
        'email': Email(),
        'password': fields.Str(validate=lambda value: len(value)>=8),
        'first_name': fields.Str(validate=lambda value: len(value)>=1),
        'last_name': fields.Str(validate=lambda value: len(value)>=1),
        'middle_name': fields.Str(),
        'gender': fields.Str(validate=validate.OneOf(["M", "F"])),
        'birth_date': fields.Date(),
    }),
    'user_id': fields.Str(required=True, validate=lambda x:len(x)==32),
}


blueprint = Blueprint('app')
storage = InMemory()


@blueprint.put('/user/')
@use_kwargs(user_update, location="json_or_form")
async def update_user(request, user_id, user_data):
    storage.update_or_404(user_id, user_data)
    return response.text('', status=204)

app = Sanic(__name__)
app.blueprint(blueprint, url_prefix='/')

For more examples and checking how to use custom validations (phones, emails, etc.) please check apps in Examples

Installing

It is easy to do from pip

pip install webargs-sanic

or from sources

git clone [email protected]:EndurantDevs/webtest-sanic.git
cd webtest-sanic
python setup.py install

Running the tests

Project uses common tests from webargs package. Thanks to Steven Loria for sharing tests in webargs v4.1.0. Most of tests are run by webtest via webtest-sanic. Some own tests get run via Sanic's TestClient.

To be sure everything is fine before installation from sources, just run:

pip -r requirements.txt

and then

python setup.py test

pytest tests/

Authors

License

This project is licensed under the MIT License - see the LICENSE file for details

Comments

Update to work with sanic 21.6.2
Updating it to work with 21.6.2.

Had to replace webtest-sanic with the official sanic_testing since the former didn't work with recent versions of sanic.

This fixes:

DeprecationWarning: Sanic instance named 'tests.apps.sanic_app' uses a format that is deprecated.

Deprecation of sanic.exceptions.abort https://github.com/sanic-org/sanic/pull/2077

Removal of sanic.exceptions.add_status_code https://github.com/sanic-org/sanic/pull/2077
opened by aericson 14
Removing unused version imports.

Fixes an issue with the package not working if packaging is not installed. It's not currently installed since it's not on the setup.py.

I've decided to remove it since it's not being used instead of adding it to setup.py. Also, removed from sanic import __version__ as sanic_version just for clean up since it's not used.

opened by aericson 3
Invalid number of params in call to default error handler.

Default handler from webargs-sanic accepts less number of args than webargs pass to it, which leads to the following error: TypeError: handle_error() takes 4 positional arguments but 6 were given

Packages versions: sanic 19.6.2
webargs 5.3.2
webargs-sanic 1.0.3

Handler definition in sanicparser: https://github.com/EndurantDevs/webargs-sanic/blob/master/webargs_sanic/sanicparser.py#L107

Webargs call in webargs sources: https://github.com/marshmallow-code/webargs/blob/dev/src/webargs/asyncparser.py#L108

opened by DMantis 3
Bump ujson from 1.35 to 5.2.0 in /examples/user_simple_storage
Bumps ujson from 1.35 to 5.2.0.

Release notes

Sourced from ujson's releases.

5.2.0

Added

Support parsing NaN, Infinity and -Infinity (#514) @Erotemic

Support dynamically linking against system double-conversion library (#508) @musicinmybrain

Add env var to control stripping debug info (#507) @musicinmybrain

Add JSONDecodeError (#498) @JustAnotherArchivist

Fixed

Fix buffer overflows (CVE-2021-45958) (#519) @JustAnotherArchivist

Upgrade Black to fix Click (#515) @hugovk

simplify exception handling on integer overflow (#510) @RouquinBlanc

Remove dead code that used to handle the separate int type in Python 2 (#509) @JustAnotherArchivist

Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @JustAnotherArchivist

5.1.0

Changed

Strip debugging symbols from Linux binaries (#493) @bwoodsend

5.0.0

Added

Use cibuildwheel to build wheels (#491) @bwoodsend

Removed

Drop support for soon-EOL Python 3.6 (#490) @hugovk

Fixed

Install Twine to upload to PyPI (#492) @hugovk

4.3.0

Added

Enable Windows on ARM64 target (#488) @nsait-linaro

4.2.0

Added

Add a default keyword argument to dumps (#470) @garenchan

Add support for Python 3.10 (#472) @hugovk

Build 32-bit wheels for Windows (#481) @hugovk

Build PyPy3 wheels for manylinux (#475) @hugovk

Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64) (#478) @bwoodsend

Build wheels for musl Linux (musllinux_1_1_x86_64) (#476) @bwoodsend

Changed

... (truncated)

Commits

f6860f1 Remove shebang

c0ff7b1 python -m pytest

362fed3 Clearer pytest command

82917c0 actions/checkout@v3

3c095f1 Widen tests to cover more possible buffer overflows

f4d2c87 Refactor buffer reservations to ensure sufficient space on all additions

1846e08 Add fuzz test to CI/CD.

5875168 Fix some more seg-faults on encoding.

1a39406 Remove the hidden JSON_NO_EXTRA_WHITESPACE compile knob.

20aa1a6 Add a fuzzing test to search for segfaults in encoding.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump ujson from 4.0.2 to 5.2.0
Bumps ujson from 4.0.2 to 5.2.0.

Release notes

Sourced from ujson's releases.

5.2.0

Added

Support parsing NaN, Infinity and -Infinity (#514) @Erotemic

Support dynamically linking against system double-conversion library (#508) @musicinmybrain

Add env var to control stripping debug info (#507) @musicinmybrain

Add JSONDecodeError (#498) @JustAnotherArchivist

Fixed

Fix buffer overflows (CVE-2021-45958) (#519) @JustAnotherArchivist

Upgrade Black to fix Click (#515) @hugovk

simplify exception handling on integer overflow (#510) @RouquinBlanc

Remove dead code that used to handle the separate int type in Python 2 (#509) @JustAnotherArchivist

Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @JustAnotherArchivist

5.1.0

Changed

Strip debugging symbols from Linux binaries (#493) @bwoodsend

5.0.0

Added

Use cibuildwheel to build wheels (#491) @bwoodsend

Removed

Drop support for soon-EOL Python 3.6 (#490) @hugovk

Fixed

Install Twine to upload to PyPI (#492) @hugovk

4.3.0

Added

Enable Windows on ARM64 target (#488) @nsait-linaro

4.2.0

Added

Add a default keyword argument to dumps (#470) @garenchan

Add support for Python 3.10 (#472) @hugovk

Build 32-bit wheels for Windows (#481) @hugovk

Build PyPy3 wheels for manylinux (#475) @hugovk

Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64) (#478) @bwoodsend

Build wheels for musl Linux (musllinux_1_1_x86_64) (#476) @bwoodsend

Changed

... (truncated)

Commits

f6860f1 Remove shebang

c0ff7b1 python -m pytest

362fed3 Clearer pytest command

82917c0 actions/checkout@v3

3c095f1 Widen tests to cover more possible buffer overflows

f4d2c87 Refactor buffer reservations to ensure sufficient space on all additions

1846e08 Add fuzz test to CI/CD.

5875168 Fix some more seg-faults on encoding.

1a39406 Remove the hidden JSON_NO_EXTRA_WHITESPACE compile knob.

20aa1a6 Add a fuzzing test to search for segfaults in encoding.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump sanic from 18.12.0 to 20.12.6 in /examples/user_simple_storage
Bumps sanic from 18.12.0 to 20.12.6.

Release notes

Sourced from sanic's releases.

Version 20.12.6

What's Changed

Potential server crash if running Python 3.10 w/ Sanic 20.12 by @ahopkins in sanic-org/sanic#2400

Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.5...v20.12.6

Version 20.12.5

#2366 Upgrade websockets version - SECURITY UPDATE

Version 20.12.4

#2129 Unpin uvloop

Version 20.12.3

Bugfixes

#2021 Remove prefix from websocket handler name

Version 20.12.2

Dependencies

#2026 Fix uvloop to 0.14 because 0.15 drops Python 3.6 support

#2029 Remove old chardet requirement, add in hard multidict requirement

Version 20.12.1

Features

#1993 Add disable app registry

Version 20.12.0

Features

[#1945][] Static route more verbose if file not found

[#1954][] Fix static routes registration on a blueprint

[#1961][] Add Python 3.9 support

[#1962][] Sanic CLI upgrade

[#1967][] Update aiofile version requirements

[#1969][] Update multidict version requirements

[#1970][] Add py.typed file

[#1972][] Speed optimization in request handler

[#1979][] Add app registry and Sanic class level app retrieval

Bugfixes

[#1965][] Fix Chunked Transport-Encoding in ASGI streaming response

Deprecations and Removals

... (truncated)

Changelog

Sourced from sanic's changelog.

.. note::

CHANGELOG files are maintained in ./docs/sanic/releases. To view the full CHANGELOG, please visit https://sanic.readthedocs.io/en/stable/sanic/changelog.html.

Version 21.6.1

Bugfixes

[#2178](https://github.com/sanic-org/sanic/issues/2178) <https://github.com/sanic-org/sanic/pull/2178>_ Update sanic-routing to allow for better splitting of complex URI templates

[#2183](https://github.com/sanic-org/sanic/issues/2183) <https://github.com/sanic-org/sanic/pull/2183>_ Proper handling of chunked request bodies to resolve phantom 503 in logs

[#2181](https://github.com/sanic-org/sanic/issues/2181) <https://github.com/sanic-org/sanic/pull/2181>_ Resolve regression in exception logging

[#2201](https://github.com/sanic-org/sanic/issues/2201) <https://github.com/sanic-org/sanic/pull/2201>_ Cleanup request info in pipelined requests

Version 21.6.0

Features

[#2094](https://github.com/sanic-org/sanic/issues/2094) <https://github.com/sanic-org/sanic/pull/2094>_ Add response.eof() method for closing a stream in a handler

[#2097](https://github.com/sanic-org/sanic/issues/2097) <https://github.com/sanic-org/sanic/pull/2097>_ Allow case-insensitive HTTP Upgrade header

[#2104](https://github.com/sanic-org/sanic/issues/2104) <https://github.com/sanic-org/sanic/pull/2104>_ Explicit usage of CIMultiDict getters

[#2109](https://github.com/sanic-org/sanic/issues/2109) <https://github.com/sanic-org/sanic/pull/2109>_ Consistent use of error loggers

[#2114](https://github.com/sanic-org/sanic/issues/2114) <https://github.com/sanic-org/sanic/pull/2114>_ New client_ip access of connection info instance

[#2119](https://github.com/sanic-org/sanic/issues/2119) <https://github.com/sanic-org/sanic/pull/2119>_ Alternatate classes on instantiation for Config and Sanic.ctx

[#2133](https://github.com/sanic-org/sanic/issues/2133) <https://github.com/sanic-org/sanic/pull/2133>_ Implement new version of AST router

Proper differentiation between alpha and string param types

Adds a slug param type, example: <foo:slug>

Deprecates <foo:string> in favor of <foo:str>

Deprecates <foo:number> in favor of <foo:float>

Adds a route.uri accessor

[#2136](https://github.com/sanic-org/sanic/issues/2136) <https://github.com/sanic-org/sanic/pull/2136>_ CLI improvements with new optional params

[#2137](https://github.com/sanic-org/sanic/issues/2137) <https://github.com/sanic-org/sanic/pull/2137>_ Add version_prefix to URL builders

[#2140](https://github.com/sanic-org/sanic/issues/2140) <https://github.com/sanic-org/sanic/pull/2140>_ Event autoregistration with EVENT_AUTOREGISTER

... (truncated)

Commits

3b85b3b Potential server crash if running Python 3.10 w/ Sanic 20.12 (#2400)

6e55e73 fix: websocket dependency for websockets 9.1 security fix (#2366)

89d9424 Merge branch 'pr2129' into 20.12LTS

4d6205e Bump version

1684b0b remove reference to yanked packages

4f5faa4 unpin uvloop

cbb77b5 fix issue where request.args.pop removed parameters inconsistently (#2112)

35c7625 Bump version 20.12.3 (#2062)

8d86c3c Remove unnecessary prefix from websocket handler name (#2021)

9763511 Align setup.py

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump ujson from 4.0.2 to 5.1.0
Bumps ujson from 4.0.2 to 5.1.0.

Release notes

Sourced from ujson's releases.

5.1.0

Changed

Strip debugging symbols from Linux binaries (#493) @bwoodsend

5.0.0

Added

Use cibuildwheel to build wheels (#491) @bwoodsend

Removed

Drop support for soon-EOL Python 3.6 (#490) @hugovk

Fixed

Install Twine to upload to PyPI (#492) @hugovk

4.3.0

Added

Enable Windows on ARM64 target (#488) @nsait-linaro

4.2.0

Added

Add a default keyword argument to dumps (#470) @garenchan

Add support for Python 3.10 (#472) @hugovk

Build 32-bit wheels for Windows (#481) @hugovk

Build PyPy3 wheels for manylinux (#475) @hugovk

Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64) (#478) @bwoodsend

Build wheels for musl Linux (musllinux_1_1_x86_64) (#476) @bwoodsend

Changed

Use declarative setup metadata (#477) @hugovk

Wheel building updates (#473) @hugovk

Rename master to main (#471) @hugovk

Replace README.rst with Markdown (#479) @hugovk

4.1.0

Added

Add gcov coverage testing for C code (#457) @bwoodsend

Test Python 3.10-dev (#454) @hugovk

Changed

Remove unused variable (#459) @hugovk

Remove explicit handling of manylinux platform tag (#452) @bwoodsend

... (truncated)

Commits

682c660 Merge pull request #493 from bwoodsend/strip-binaries

c1d5b6d [pre-commit.ci] auto fixes from pre-commit.com hooks

b9275f7 Strip debugging symbols from Linux binaries.

e3ccc5a Merge pull request #492 from hugovk/deploy-twine

243d49b Install Twine to upload to PyPI

269621b Merge pull request #490 from hugovk/rm-3.6

cccde3f Drop support for EOL Python 3.6

b55049f Merge pull request #491 from bwoodsend/switch-to-ci-build-wheels

04286a6 Drop wheels for Python 3.6. (#490)

ab32d48 CI/CD: Ensure that sdists are uploaded last.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2

ModuleNotFoundError: No module named 'packaging'

│     from webargs_sanic.sanicparser import HandleValidationError                                                                                                                                                                                                                           │
│   File "/usr/local/lib/python3.8/site-packages/webargs_sanic/sanicparser.py", line 34, in <module>                                                                                                                                                                                        │
│     from packaging import version                                                                                                                                                                                                                                                         │
│ ModuleNotFoundError: No module named 'packaging'

opened by nf1s 2

Bump websockets from 8.1 to 9.1

Bumps websockets from 8.1 to 9.1.

Changelog

Sourced from websockets's changelog.

9.1 ...

May 27, 2021

.. note::
**Version 9.1 fixes a security issue introduced in version 8.0.**
Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.
9.0.2 .....

May 15, 2021

Restored compatibility of python -m websockets with Python < 3.9.

Restored compatibility with mypy.

9.0.1 .....

May 2, 2021

Fixed issues with the packaging of the 9.0 release.

9.0 ...

May 1, 2021

.. note::
**Version 9.0 moves or deprecates several APIs.**
Aliases provide backwards compatibility for all previously public APIs.


:class:~datastructures.Headers and
:exc:~datastructures.MultipleValuesError were moved from
websockets.http to :mod:websockets.datastructures. If you're using
them, you should adjust the import path.


The client, server, protocol, and auth modules were
moved from the websockets package to websockets.legacy
sub-package, as part of an upcoming refactoring. Despite the name,
they're still fully supported. The refactoring should be a transparent
upgrade for most uses when it's available. The legacy implementation
will be preserved according to the backwards-compatibility policy_.

... (truncated)

Commits

d0f3288 Bump version number.
547a26b Use constant-time comparison for passwords.
a14226a Bump version number.
8900c13 Add mypy to dictionary.
0713dbf Add test coverage.
b99c4fe Restore real imports for compatibility with mypy.
e44e085 Use relative imports everywhere, for consistency.
70fadbf Restore compatibility with Python < 3.9.
217ac2d Fix broken link.
fc176f4 Bump version number.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 1

Bump aiohttp from 3.7.3 to 3.7.4

Bumps aiohttp from 3.7.3 to 3.7.4.

Changelog

Sourced from aiohttp's changelog.

3.7.4 (2021-02-25)

Bugfixes

(SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

Thanks to Beast Glatisant <https://github.com/g147>__ for finding the first instance of this issue and Jelmer Vernooĳ <https://jelmer.uk/>__ for reporting and tracking it down in aiohttp. [#5497](https://github.com/aio-libs/aiohttp/issues/5497) <https://github.com/aio-libs/aiohttp/issues/5497>_

Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.

Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter. [#5498](https://github.com/aio-libs/aiohttp/issues/5498) <https://github.com/aio-libs/aiohttp/issues/5498>_

Commits

0a26acc Bump aiohttp to v3.7.4 for a security release
021c416 Merge branch 'ghsa-v6wp-4m6f-gcjg' into master
4ed7c25 Bump chardet from 3.0.4 to 4.0.0 (#5333)
b61f0fd Fix how pure-Python HTTP parser interprets //
5c1efbc Bump pre-commit from 2.9.2 to 2.9.3 (#5322)
0075075 Bump pygments from 2.7.2 to 2.7.3 (#5318)
5085173 Bump multidict from 5.0.2 to 5.1.0 (#5308)
5d1a75e Bump pre-commit from 2.9.0 to 2.9.2 (#5290)
6724d0e Bump pre-commit from 2.8.2 to 2.9.0 (#5273)
c688451 Removed duplicate timeout parameter in ClientSession reference docs. (#5262) ...
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 1

Bump urllib3 from 1.26.2 to 1.26.5

Bumps urllib3 from 1.26.2 to 1.26.5.

Release notes

Sourced from urllib3's releases.

1.26.5

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed deprecation warnings emitted in Python 3.10.

Updated vendored six library to 1.16.0.

Improved performance of URL parser when splitting the authority component.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.4

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

1.26.3

:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed bytes and string comparison issue with headers (Pull #2141)

Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

Changelog

Sourced from urllib3's changelog.

1.26.5 (2021-05-26)

Fixed deprecation warnings emitted in Python 3.10.

Updated vendored six library to 1.16.0.

Improved performance of URL parser when splitting the authority component.

1.26.4 (2021-03-15)

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

1.26.3 (2021-01-26)

Fixed bytes and string comparison issue with headers (Pull #2141)

Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

Commits

d161647 Release 1.26.5
2d4a3fe Improve performance of sub-authority splitting in URL
2698537 Update vendored six to 1.16.0
07bed79 Fix deprecation warnings for Python 3.10 ssl module
d725a9b Add Python 3.10 to GitHub Actions
339ad34 Use pytest==6.2.4 on Python 3.10+
f271c9c Apply latest Black formatting
1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
a891304 Release 1.26.4
8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 1

Bump certifi from 2020.12.5 to 2022.12.7

Bumps certifi from 2020.12.5 to 2022.12.7.

Commits

9e9e840 2022.12.07
b81bdb2 2022.09.24
939a28f 2022.09.14
aca828a 2022.06.15.2
de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
b8eb5e9 2022.06.15.1
47fb7ab Fix deprecation warning on Python 3.11 (#199)
b0b48e0 fixes #198 -- update link in license
9d514b4 2022.06.15
4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 0

Bump sanic from 18.12.0 to 20.12.7 in /examples/user_simple_storage

Bumps sanic from 18.12.0 to 20.12.7.

Release notes

Sourced from sanic's releases.

Version 20.12.7

Resolves #2477 and #2478 See also #2495 and https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6

Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.6...v20.12.7

Version 20.12.6

What's Changed

Potential server crash if running Python 3.10 w/ Sanic 20.12 by @ahopkins in sanic-org/sanic#2400

Full Changelog: https://github.com/sanic-org/sanic/compare/v20.12.5...v20.12.6

Version 20.12.5

#2366 Upgrade websockets version - SECURITY UPDATE

Version 20.12.4

#2129 Unpin uvloop

Version 20.12.3

Bugfixes

#2021 Remove prefix from websocket handler name

Version 20.12.2

Dependencies

#2026 Fix uvloop to 0.14 because 0.15 drops Python 3.6 support

#2029 Remove old chardet requirement, add in hard multidict requirement

Version 20.12.1

Features

#1993 Add disable app registry

Version 20.12.0

Features

[#1945][] Static route more verbose if file not found

[#1954][] Fix static routes registration on a blueprint

[#1961][] Add Python 3.9 support

[#1962][] Sanic CLI upgrade

[#1967][] Update aiofile version requirements

[#1969][] Update multidict version requirements

[#1970][] Add py.typed file

[#1972][] Speed optimization in request handler

[#1979][] Add app registry and Sanic class level app retrieval

Bugfixes

... (truncated)

Changelog

Sourced from sanic's changelog.

.. note::

CHANGELOG files are maintained in ./docs/sanic/releases. To view the full CHANGELOG, please visit https://sanic.readthedocs.io/en/stable/sanic/changelog.html.

Version 21.6.1

Bugfixes

[#2178](https://github.com/sanic-org/sanic/issues/2178) <https://github.com/sanic-org/sanic/pull/2178>_ Update sanic-routing to allow for better splitting of complex URI templates

[#2183](https://github.com/sanic-org/sanic/issues/2183) <https://github.com/sanic-org/sanic/pull/2183>_ Proper handling of chunked request bodies to resolve phantom 503 in logs

[#2181](https://github.com/sanic-org/sanic/issues/2181) <https://github.com/sanic-org/sanic/pull/2181>_ Resolve regression in exception logging

[#2201](https://github.com/sanic-org/sanic/issues/2201) <https://github.com/sanic-org/sanic/pull/2201>_ Cleanup request info in pipelined requests

Version 21.6.0

Features

[#2094](https://github.com/sanic-org/sanic/issues/2094) <https://github.com/sanic-org/sanic/pull/2094>_ Add response.eof() method for closing a stream in a handler

[#2097](https://github.com/sanic-org/sanic/issues/2097) <https://github.com/sanic-org/sanic/pull/2097>_ Allow case-insensitive HTTP Upgrade header

[#2104](https://github.com/sanic-org/sanic/issues/2104) <https://github.com/sanic-org/sanic/pull/2104>_ Explicit usage of CIMultiDict getters

[#2109](https://github.com/sanic-org/sanic/issues/2109) <https://github.com/sanic-org/sanic/pull/2109>_ Consistent use of error loggers

[#2114](https://github.com/sanic-org/sanic/issues/2114) <https://github.com/sanic-org/sanic/pull/2114>_ New client_ip access of connection info instance

[#2119](https://github.com/sanic-org/sanic/issues/2119) <https://github.com/sanic-org/sanic/pull/2119>_ Alternatate classes on instantiation for Config and Sanic.ctx

[#2133](https://github.com/sanic-org/sanic/issues/2133) <https://github.com/sanic-org/sanic/pull/2133>_ Implement new version of AST router

Proper differentiation between alpha and string param types

Adds a slug param type, example: <foo:slug>

Deprecates <foo:string> in favor of <foo:str>

Deprecates <foo:number> in favor of <foo:float>

Adds a route.uri accessor

[#2136](https://github.com/sanic-org/sanic/issues/2136) <https://github.com/sanic-org/sanic/pull/2136>_ CLI improvements with new optional params

[#2137](https://github.com/sanic-org/sanic/issues/2137) <https://github.com/sanic-org/sanic/pull/2137>_ Add version_prefix to URL builders

[#2140](https://github.com/sanic-org/sanic/issues/2140) <https://github.com/sanic-org/sanic/pull/2140>_ Event autoregistration with EVENT_AUTOREGISTER

... (truncated)

Commits

05002d7 Path protection with pathlib
b4360d4 Path protection with pathlib
3b85b3b Potential server crash if running Python 3.10 w/ Sanic 20.12 (#2400)
6e55e73 fix: websocket dependency for websockets 9.1 security fix (#2366)
89d9424 Merge branch 'pr2129' into 20.12LTS
4d6205e Bump version
1684b0b remove reference to yanked packages
4f5faa4 unpin uvloop
cbb77b5 fix issue where request.args.pop removed parameters inconsistently (#2112)
35c7625 Bump version 20.12.3 (#2062)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 0

Bump ujson from 4.0.2 to 5.4.0

Bumps ujson from 4.0.2 to 5.4.0.

Release notes

Sourced from ujson's releases.

5.4.0

Added

Add support for arbitrary size integers (#548) @JustAnotherArchivist

Fixed

CVE-2022-31116:

Replace wchar_t string decoding implementation with a uint32_t-based one (#555) @JustAnotherArchivist

Fix handling of surrogates on decoding (#550) @JustAnotherArchivist

CVE-2022-31117: Potential double free of buffer during string decoding @JustAnotherArchivist

Fix memory leak on encoding errors when the buffer was resized (#549) @JustAnotherArchivist

Integer parsing: always detect overflows (#544) @NaN-git

Fix handling of surrogates on encoding (#530) @JustAnotherArchivist

5.3.0

Added

Test Python 3.11 beta (#539) @hugovk

Changed

Benchmark refactor - argparse CLI (#533) @Erotemic

Fixed

Fix segmentation faults when errors occur while handling unserialisable objects (#531) @JustAnotherArchivist

Fix segmentation fault when an exception is raised while converting a dict key to a string (#526) @JustAnotherArchivist

Fix memory leak dumping on non-string dict keys (#521) @JustAnotherArchivist

Fix ref counting on repeated default function calls (#524) @JustAnotherArchivist

Remove redundant wheel dependency from pyproject.toml (#535) @hugovk

5.2.0

Added

Support parsing NaN, Infinity and -Infinity (#514) @Erotemic

Support dynamically linking against system double-conversion library (#508) @musicinmybrain

Add env var to control stripping debug info (#507) @musicinmybrain

Add JSONDecodeError (#498) @JustAnotherArchivist

Fixed

Fix buffer overflows (CVE-2021-45958) (#519) @JustAnotherArchivist

Upgrade Black to fix Click (#515) @hugovk

simplify exception handling on integer overflow (#510) @RouquinBlanc

Remove dead code that used to handle the separate int type in Python 2 (#509) @JustAnotherArchivist

Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @JustAnotherArchivist

5.1.0

Changed

... (truncated)

Commits

9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
b21da40 Fix double free on string decoding if realloc fails
67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
3efb5cc Delete old TravisCI workflow and references.
404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
f7e66dc Switch to musl docker base images.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 0

Bump ujson from 1.35 to 5.4.0 in /examples/user_simple_storage

Bumps ujson from 1.35 to 5.4.0.

Release notes

Sourced from ujson's releases.

5.4.0

Added

Add support for arbitrary size integers (#548) @JustAnotherArchivist

Fixed

CVE-2022-31116:

Replace wchar_t string decoding implementation with a uint32_t-based one (#555) @JustAnotherArchivist

Fix handling of surrogates on decoding (#550) @JustAnotherArchivist

CVE-2022-31117: Potential double free of buffer during string decoding @JustAnotherArchivist

Fix memory leak on encoding errors when the buffer was resized (#549) @JustAnotherArchivist

Integer parsing: always detect overflows (#544) @NaN-git

Fix handling of surrogates on encoding (#530) @JustAnotherArchivist

5.3.0

Added

Test Python 3.11 beta (#539) @hugovk

Changed

Benchmark refactor - argparse CLI (#533) @Erotemic

Fixed

Fix segmentation faults when errors occur while handling unserialisable objects (#531) @JustAnotherArchivist

Fix segmentation fault when an exception is raised while converting a dict key to a string (#526) @JustAnotherArchivist

Fix memory leak dumping on non-string dict keys (#521) @JustAnotherArchivist

Fix ref counting on repeated default function calls (#524) @JustAnotherArchivist

Remove redundant wheel dependency from pyproject.toml (#535) @hugovk

5.2.0

Added

Support parsing NaN, Infinity and -Infinity (#514) @Erotemic

Support dynamically linking against system double-conversion library (#508) @musicinmybrain

Add env var to control stripping debug info (#507) @musicinmybrain

Add JSONDecodeError (#498) @JustAnotherArchivist

Fixed

Fix buffer overflows (CVE-2021-45958) (#519) @JustAnotherArchivist

Upgrade Black to fix Click (#515) @hugovk

simplify exception handling on integer overflow (#510) @RouquinBlanc

Remove dead code that used to handle the separate int type in Python 2 (#509) @JustAnotherArchivist

Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @JustAnotherArchivist

5.1.0

Changed

... (truncated)

Commits

9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
b21da40 Fix double free on string decoding if realloc fails
67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
3efb5cc Delete old TravisCI workflow and references.
404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
f7e66dc Switch to musl docker base images.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 0

Bump waitress from 2.1.1 to 2.1.2

Bumps waitress from 2.1.1 to 2.1.2.

Changelog

Sourced from waitress's changelog.

2.1.2

Bugfix
- When expose_tracebacks is enabled waitress would fail to properly encode
  unicode thereby causing another error during error handling. See
  https://github.com/Pylons/waitress/pull/378

Header length checking had a calculation that was done incorrectly when the
data was received across multple socket reads. This calculation has been
corrected, and no longer will Waitress send back a 413 Request Entity Too
Large. See Pylons/waitress#376

Security Bugfix
in 2.1.0 a new feature was introduced that allowed the WSGI thread to start sending data to the socket. However this introduced a race condition whereby a socket may be closed in the sending thread while the main thread is about to call select() therey causing the entire application to be taken down. Waitress will no longer close the socket in the WSGI thread, instead waking up the main thread to cleanup. See Pylons/waitress#377

Commits

0aa4879 Remove change of default for clear_untrusted_proxy_headers
2784628 Revert "Merge pull request #370 from Yourun-proger/del_warnings"
479df63 Prep 2.1.2
4f6789b Merge pull request #377 from Pylons/bugfix/select-closed-socket-race
1952050 Merge pull request #379 from Pylons/enhancement/pyupgrade-3.7
8f5b473 pyupgrade 3.7
c7a3d7e Only close socket in the main thread
7c3739b Merge pull request #376 from Pylons/bugfix/header-calculation
3066fdd Merge pull request #378 from Pylons/bugfix/expose_tracebacks-encode-error
4467d76 Fix tests to assume body is bytes
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 0

Bump httpx from 0.15.4 to 0.23.0

Bumps httpx from 0.15.4 to 0.23.0.

Release notes

Sourced from httpx's releases.

Version 0.23.0

0.23.0 (23rd May, 2022)

Changed

Drop support for Python 3.6. (#2097)

Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

Fix URL.copy_with for some oddly formed URL cases. (#2185)

Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)

Fix console markup escaping in command line client. (#1866)

When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)

Ensure that iter_bytes never yields zero-length chunks. (#2068)

Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)

When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)

Fix display of --proxies argument in the command line client help. (#2125)

Close responses when task cancellations occur during stream reading. (#2156)

Fix type error on accessing .request on HTTPError exceptions. (#2158)

Version 0.22.0

0.22.0 (26th January, 2022)

Added

Support for the SOCKS5 proxy protocol via the socksio package. (#2034)

Support for custom headers in multipart/form-data requests (#1936)

Fixed

Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)

Fix Headers.update(...) to correctly handle repeated headers (#2038)

Version 0.21.3

0.21.3 (6th January, 2022)

Fixed

Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

Version 0.21.2

0.21.2 (5th January, 2022)

Fixed

HTTP/2 support for tunnelled proxy cases. (#2009)

Improved the speed of large file uploads. (#1948)

Version 0.21.1

... (truncated)

Changelog

Sourced from httpx's changelog.

0.23.0 (23rd May, 2022)

Changed

Drop support for Python 3.6. (#2097)

Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

Fix URL.copy_with for some oddly formed URL cases. (#2185)

Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)

Fix console markup escaping in command line client. (#1866)

When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)

Ensure that iter_bytes never yields zero-length chunks. (#2068)

Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)

When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)

Fix display of --proxies argument in the command line client help. (#2125)

Close responses when task cancellations occur during stream reading. (#2156)

Fix type error on accessing .request on HTTPError exceptions. (#2158)

0.22.0 (26th January, 2022)

Added

Support for the SOCKS5 proxy protocol via the socksio package. (#2034)

Support for custom headers in multipart/form-data requests (#1936)

Fixed

Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)

Fix Headers.update(...) to correctly handle repeated headers (#2038)

0.21.3 (6th January, 2022)

Fixed

Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

0.21.2 (5th January, 2022)

Fixed

HTTP/2 support for tunnelled proxy cases. (#2009)

Improved the speed of large file uploads. (#1948)

0.21.1 (16th November, 2021)

Fixed

The response.url property is now correctly annotated as URL, instead of Optional[URL]. (#1940)

... (truncated)

Commits

89cdd90 Version 0.23.0 (#2214)
1c33a28 Make charset auto-detection optional. (#2165)
940d61b Removed curio from async.md (#2240)
14a1704 Switch to explicit typing.Optional throughout (#2096)
9673a35 Drop async_generator requirement (#2228)
5eba32a Remove RequestBodyUnavailable from module docstring (#2226)
6f31bc4 Bump mkdocs-material from 8.1.4 to 8.2.14 (#2218)
c5eb4b8 Bump cryptography from 36.0.2 to 37.0.2 (#2217)
1a526cf Bump actions/checkout from 2 to 3 (#2216)
7a53543 Bump actions/setup-python from 1 to 3 (#2215)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language