Bumps ujson from 2.0.3 to 5.2.0.
Sourced from ujson's releases.
5.2.0
Added
- Support parsing NaN, Infinity and -Infinity (#514)
@Erotemic- Support dynamically linking against system double-conversion library (#508)
@musicinmybrain- Add env var to control stripping debug info (#507)
@musicinmybrain- Add
JSONDecodeError(#498)@JustAnotherArchivistFixed
- Fix buffer overflows (CVE-2021-45958) (#519)
@JustAnotherArchivist- Upgrade Black to fix Click (#515)
@hugovk- simplify exception handling on integer overflow (#510)
@RouquinBlanc- Remove dead code that used to handle the separate int type in Python 2 (#509)
@JustAnotherArchivist- Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505)
@JustAnotherArchivist5.1.0
Changed
- Strip debugging symbols from Linux binaries (#493)
@bwoodsend5.0.0
Added
- Use cibuildwheel to build wheels (#491)
@bwoodsendRemoved
Fixed
4.3.0
Added
- Enable Windows on ARM64 target (#488)
@nsait-linaro4.2.0
Added
- Add a default keyword argument to dumps (#470)
@garenchan- Add support for Python 3.10 (#472)
@hugovk- Build 32-bit wheels for Windows (#481)
@hugovk- Build PyPy3 wheels for manylinux (#475)
@hugovk- Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64) (#478)
@bwoodsend- Build wheels for musl Linux (musllinux_1_1_x86_64) (#476)
@bwoodsendChanged
... (truncated)
f6860f1 Remove shebangc0ff7b1 python -m pytest362fed3 Clearer pytest command82917c0 actions/checkout@v33c095f1 Widen tests to cover more possible buffer overflowsf4d2c87 Refactor buffer reservations to ensure sufficient space on all additions1846e08 Add fuzz test to CI/CD.5875168 Fix some more seg-faults on encoding.1a39406 Remove the hidden JSON_NO_EXTRA_WHITESPACE compile knob.20aa1a6 Add a fuzzing test to search for segfaults in encoding.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps certifi from 2020.4.5.1 to 2022.12.7.
9e9e840 2022.12.07b81bdb2 2022.09.24939a28f 2022.09.14aca828a 2022.06.15.2de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...b8eb5e9 2022.06.15.147fb7ab Fix deprecation warning on Python 3.11 (#199)b0b48e0 fixes #198 -- update link in license9d514b4 2022.06.154151e88 Add py.typed to MANIFEST.in to package in sdist (#196)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps ujson from 2.0.3 to 5.4.0.
Sourced from ujson's releases.
5.4.0
Added
- Add support for arbitrary size integers (#548)
@JustAnotherArchivistFixed
- CVE-2022-31116:
- Replace
wchar_tstring decoding implementation with auint32_t-based one (#555)@JustAnotherArchivist- Fix handling of surrogates on decoding (#550)
@JustAnotherArchivist- CVE-2022-31117: Potential double free of buffer during string decoding
@JustAnotherArchivist- Fix memory leak on encoding errors when the buffer was resized (#549)
@JustAnotherArchivist- Integer parsing: always detect overflows (#544)
@NaN-git- Fix handling of surrogates on encoding (#530)
@JustAnotherArchivist5.3.0
Added
Changed
- Benchmark refactor - argparse CLI (#533)
@ErotemicFixed
- Fix segmentation faults when errors occur while handling unserialisable objects (#531)
@JustAnotherArchivist- Fix segmentation fault when an exception is raised while converting a dict key to a string (#526)
@JustAnotherArchivist- Fix memory leak dumping on non-string dict keys (#521)
@JustAnotherArchivist- Fix ref counting on repeated default function calls (#524)
@JustAnotherArchivist- Remove redundant
wheeldependency frompyproject.toml(#535)@hugovk5.2.0
Added
- Support parsing NaN, Infinity and -Infinity (#514)
@Erotemic- Support dynamically linking against system double-conversion library (#508)
@musicinmybrain- Add env var to control stripping debug info (#507)
@musicinmybrain- Add
JSONDecodeError(#498)@JustAnotherArchivistFixed
- Fix buffer overflows (CVE-2021-45958) (#519)
@JustAnotherArchivist- Upgrade Black to fix Click (#515)
@hugovk- simplify exception handling on integer overflow (#510)
@RouquinBlanc- Remove dead code that used to handle the separate int type in Python 2 (#509)
@JustAnotherArchivist- Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505)
@JustAnotherArchivist5.1.0
Changed
... (truncated)
9c20de0 Merge pull request from GHSA-fm67-cv37-96ffb21da40 Fix double free on string decoding if realloc fails67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based onecc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints4b5cccc Merge pull request #553 from bwoodsend/pypy-ciabe26fc Merge pull request #551 from bwoodsend/bye-bye-travis3efb5cc Delete old TravisCI workflow and references.404de1a xfail test_decode_surrogate_characters() on Windows PyPy.f7e66dc Switch to musl docker base images.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps pyjwt from 1.7.1 to 2.4.0.
Sourced from pyjwt's releases.
2.4.0
Security
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
What's Changed
- Add support for Python 3.10 by
@hugovkin jpadilla/pyjwt#699- Don't use implicit optionals by
@rekyungminin jpadilla/pyjwt#705- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#708- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#710- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#711- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#712- documentation fix: show correct scope for decode_complete() by
@sseeringin jpadilla/pyjwt#661- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#716- Explicit check the key for ECAlgorithm by
@estinin jpadilla/pyjwt#713- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#720- api_jwk: Add PyJWKSet.getitem by
@woodruffwin jpadilla/pyjwt#725- Update usage.rst by
@guneybilenin jpadilla/pyjwt#727- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#728- fix: Update copyright information by
@kkirschein jpadilla/pyjwt#729- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by
@dmahr1in jpadilla/pyjwt#734- Fixed typo in usage.rst by
@israelabrahamin jpadilla/pyjwt#738- Add detached payload support for JWS encoding and decoding by
@fviardin jpadilla/pyjwt#723- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#740- Raise DeprecationWarning for jwt.decode(verify=...) by
@akxin jpadilla/pyjwt#742- Don't mutate options dictionary in .decode_complete() by
@akxin jpadilla/pyjwt#743- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#748- Replace various string interpolations with f-strings by
@akxin jpadilla/pyjwt#744- Update CHANGELOG.rst by
@hipertrackerin jpadilla/pyjwt#751New Contributors
@hugovkmade their first contribution in jpadilla/pyjwt#699@rekyungminmade their first contribution in jpadilla/pyjwt#705@sseeringmade their first contribution in jpadilla/pyjwt#661@estinmade their first contribution in jpadilla/pyjwt#713@woodruffwmade their first contribution in jpadilla/pyjwt#725@guneybilenmade their first contribution in jpadilla/pyjwt#727@dmahr1made their first contribution in jpadilla/pyjwt#734@israelabrahammade their first contribution in jpadilla/pyjwt#738@fviardmade their first contribution in jpadilla/pyjwt#723@akxmade their first contribution in jpadilla/pyjwt#742@hipertrackermade their first contribution in jpadilla/pyjwt#751Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0
2.3.0
What's Changed
- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#700- Add exception chaining by
@ehdgua01in jpadilla/pyjwt#702- Revert "Remove arbitrary kwargs." by
@auvipyin jpadilla/pyjwt#701
... (truncated)
Sourced from pyjwt's changelog.
v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__Security
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24Changed
- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713 - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742Fixed
- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705 - documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661 - fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729 - Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743 Added
- Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
- Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751
v2.3.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&gt;__Fixed
- Revert &quot;Remove arbitrary kwargs.&quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &lt;https://github.com/jpadilla/pyjwt/pull/701&gt;`__ Added
- Add exception chaining
[#702](https://github.com/jpadilla/pyjwt/issues/702) &lt;https://github.com/jpadilla/pyjwt/pull/702&gt;__
v2.2.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&gt;__</tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary>
<ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li> </ul> </details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
dependenciesDependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps websockets from 8.1 to 9.1.
Sourced from websockets's changelog.
9.1 ...
May 27, 2021
.. note::
**Version 9.1 fixes a security issue introduced in version 8.0.**Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.
9.0.2 .....
May 15, 2021
Restored compatibility of
python -m websocketswith Python < 3.9.Restored compatibility with mypy.
9.0.1 .....
May 2, 2021
- Fixed issues with the packaging of the 9.0 release.
9.0 ...
May 1, 2021
.. note::
**Version 9.0 moves or deprecates several APIs.**Aliases provide backwards compatibility for all previously public APIs.
:class:
~datastructures.Headersand :exc:~datastructures.MultipleValuesErrorwere moved fromwebsockets.httpto :mod:websockets.datastructures. If you're using them, you should adjust the import path.The
client,server,protocol, andauthmodules were moved from thewebsocketspackage towebsockets.legacysub-package, as part of an upcoming refactoring. Despite the name, they're still fully supported. The refactoring should be a transparent upgrade for most uses when it's available. The legacy implementation will be preserved according to thebackwards-compatibility policy_.
... (truncated)
d0f3288 Bump version number.547a26b Use constant-time comparison for passwords.a14226a Bump version number.8900c13 Add mypy to dictionary.0713dbf Add test coverage.b99c4fe Restore real imports for compatibility with mypy.e44e085 Use relative imports everywhere, for consistency.70fadbf Restore compatibility with Python < 3.9.217ac2d Fix broken link.fc176f4 Bump version number.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps fastapi from 0.54.2 to 0.65.2.
Sourced from fastapi's releases.
0.65.2
Security fixes
- 🔒 Check Content-Type request header before assuming JSON. Initial PR #2118 by
@patrickkwang.This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.
In versions lower than
0.65.2, FastAPI would try to read the request payload as JSON even if thecontent-typeheader sent was not set toapplication/jsonor a compatible JSON media type (e.g.application/geo+json).So, a request with a content type of
text/plaincontaining JSON data would be accepted and the JSON data would be extracted.But requests with content type
text/plainare exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.See CVE-2021-32677 for more details.
Thanks to Dima Boger for the security report! 🙇🔒
Internal
- 🔧 Update sponsors badge, course bundle. PR #3340 by
@tiangolo.- 🔧 Add new gold sponsor Jina 🎉. PR #3291 by
@tiangolo.- 🔧 Add new banner sponsor badge for FastAPI courses bundle. PR #3288 by
@tiangolo.- 👷 Upgrade Issue Manager GitHub Action. PR #3236 by
@tiangolo.0.65.1
Security fixes
- 📌 Upgrade pydantic pin, to handle security vulnerability CVE-2021-29510. PR #3213 by
@tiangolo.0.65.0
Breaking Changes - Upgrade
- ⬆️ Upgrade Starlette to
0.14.2, including internalUJSONResponsemigrated from Starlette. This includes several bug fixes and features from Starlette. PR #2335 by@hanneskuettner.Translations
- 🌐 Initialize new language Polish for translations. PR #3170 by
@neternefer.Internal
- 👷 Add GitHub Action cache to speed up CI installs. PR #3204 by
@tiangolo.- ⬆️ Upgrade setup-python GitHub Action to v2. PR #3203 by
@tiangolo.- 🐛 Fix docs script to generate a new translation language with
overridesboilerplate. PR #3202 by@tiangolo.- ✨ Add new Deta banner badge with new sponsorship tier 🙇. PR #3194 by
@tiangolo.- 👥 Update FastAPI People. PR #3189 by
@github-actions[bot].- 🔊 Update FastAPI People to allow better debugging. PR #3188 by
@tiangolo.0.64.0
Features
... (truncated)
4d91f97 🔖 Release version 0.65.2aabe2c7 📝 Update release notes377234a 🔒 Create Security Policy38b7858 📝 Update release notesfa7e3c9 🐛 Check Content-Type request header before assuming JSON (#2118)90120dd 📝 Update release notes3677254 🔧 Update sponsors badge, course bundle (#3340)40bb0c5 📝 Update release notes60918d2 🔧 Add new gold sponsor Jina 🎉 (#3291)3afce2c 📝 Update release notesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps urllib3 from 1.25.9 to 1.26.5.
Sourced from urllib3's releases.
1.26.5
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
- Fixed deprecation warnings emitted in Python 3.10.
- Updated vendored
sixlibrary to 1.16.0.- Improved performance of URL parser when splitting the authority component.
If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors
1.26.4
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
- Changed behavior of the default
SSLContextwhen connecting to HTTPS proxy during HTTPS requests. The defaultSSLContextnow setscheck_hostname=True.If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors
1.26.3
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
Fixed bytes and string comparison issue with headers (Pull #2141)
Changed
ProxySchemeUnknownerror message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors
1.26.2
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
- Fixed an issue where
wrap_socketandCERT_REQUIREDwouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)1.26.1
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
- Fixed an issue where two
User-Agentheaders would be sent if aUser-Agentheader key is passed asbytes(Pull #2047)1.26.0
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting
ssl_version=ssl.PROTOCOL_TLSv1_1(Pull #2002) Starting in urllib3 v2.0: Connections that receive aDeprecationWarningwill failDeprecated
RetryoptionsRetry.DEFAULT_METHOD_WHITELIST,Retry.DEFAULT_REDIRECT_HEADERS_BLACKLISTandRetry(method_whitelist=...)in favor ofRetry.DEFAULT_ALLOWED_METHODS,Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, andRetry(allowed_methods=...)(Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed
... (truncated)
Sourced from urllib3's changelog.
1.26.5 (2021-05-26)
- Fixed deprecation warnings emitted in Python 3.10.
- Updated vendored
sixlibrary to 1.16.0.- Improved performance of URL parser when splitting the authority component.
1.26.4 (2021-03-15)
- Changed behavior of the default
SSLContextwhen connecting to HTTPS proxy during HTTPS requests. The defaultSSLContextnow setscheck_hostname=True.1.26.3 (2021-01-26)
Fixed bytes and string comparison issue with headers (Pull #2141)
Changed
ProxySchemeUnknownerror message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)1.26.2 (2020-11-12)
- Fixed an issue where
wrap_socketandCERT_REQUIREDwouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)1.26.1 (2020-11-11)
- Fixed an issue where two
User-Agentheaders would be sent if aUser-Agentheader key is passed asbytes(Pull #2047)1.26.0 (2020-11-10)
NOTE: urllib3 v2.0 will drop support for Python 2.
Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning
... (truncated)
d161647 Release 1.26.52d4a3fe Improve performance of sub-authority splitting in URL2698537 Update vendored six to 1.16.007bed79 Fix deprecation warnings for Python 3.10 ssl moduled725a9b Add Python 3.10 to GitHub Actions339ad34 Use pytest==6.2.4 on Python 3.10+f271c9c Apply latest Black formatting1884878 [1.26] Properly proxy EOF on the SSLTransport test suitea891304 Release 1.26.48d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2rDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
fastapi-versioning api versioning for fastapi web applications Installation pip install fastapi-versioning Examples from fastapi import FastAPI from f
Deploy an inference API on AWS (EC2) using FastAPI Docker and Github Actions To learn more about this project: medium blog post The goal of this proje
REST API with FastAPI and SQLite3
The Podcaster API This is a FastAPI application that provides a RESTful API for the Podcasts from different podcast's RSS feeds. The API response is i
Nepali Dictionary API A Nepali dictionary api created using Fast API and inspired from https://github.com/nirooj56/Nepdict. You can say this is just t
Twitter API with fastAPI Content Forms Cookies and headers management Files edition Status codes HTTPExceptions Docstrings or documentation Deprecate
First API using FastApi Made this Simple Api to store and Retrive Student Data of My College Ncc-Bim To View All the endpoits Visit /docs To Run Local
Mnist API server w/ FastAPI
fastapi - celery - rabbitmq - redis -> Docker A simple docker-compose app for orchestrating a fastapi application, a celery queue with rabbitmq(broker
Quickstart Then run the following commands to bootstrap your environment with poetry: git clone https://github.com/xiaozl/fastapi-realworld-example-ap
前言 这个是 2.0 版本,使用现在流行的前后端分离思想重构。 体验网址:https://douyin.bigdataboy.cn 更新日志 2020.05.30:使用 FastAPI 前后端分离重构 2020.05.02:已更新,正常使用 2020.04.27:抖音结构更新,已修复视频有水印。(失
FastAPI Todolist Description Todolist aplication made with Python's FastAPI framework and Hexagonal Architecture. This is a test repository for the pu
FastAPI-Auth Example app using FastAPI and JWT virtualenv -p python3 venv source venv/bin/activate pip3 install -r requirements.txt mv config.yaml.exa
视频教学地址 中文学习教程 1、本教程每一个案例都可以独立跑,前提是安装好依赖包。 2、本教程并未按照官方教程顺序,而是按照实际使用顺序编排。 Video Teaching Address FastAPI Learning Example 1.Each case in this tutorial c
Mall项目后台管理 前段时间学习Vue写了一个移动端项目 https://www.charmcode.cn/app/mall/home 然后教程到此就结束了, 我就总感觉少点什么,计划自己着手写一套后台管理。 相关项目 移动端Mall项目源码(Vue构建): https://github.com/
Backend API Skeleton Based on @tiangolo's full stack postgres template, with some things added, some things removed, and some things changed. This is
cloudrun-fastapi Boilerplate for running FastAPI on Google Cloud Run with Google Cloud Build for deployment. For all documentation visit the docs fold
django-fastapi-example This is an experiment to demonstrate one potential way of running FastAPI with Django. It won't be actively maintained. If you'
FastAPI Auth Pluggable auth for use with FastAPI Supports OAuth2 Password Flow Uses JWT access and refresh tokens 100% mypy and test coverage Supports
472 Jan 2, 2023
60 Dec 17, 2022
2 Mar 14, 2022
2 Nov 7, 2021
4 Mar 18, 2022
1 Dec 21, 2021
2 Jun 21, 2022
8 Feb 8, 2022
83 Dec 19, 2022
55 Dec 15, 2022
64 Nov 25, 2022
91 Dec 31, 2022
28 Oct 25, 2022
381 Dec 11, 2022
131 Jan 1, 2023
18 Oct 31, 2022
139 Dec 27, 2022
78 Jan 3, 2023