Commit graph

18 commits

Author SHA1 Message Date
e1905be377 chore(deps): update dependency flask-cors to v5 (#41)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [Flask-Cors](https://github.com/corydolphin/flask-cors) | `==4.0.2` -> `==5.0.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/Flask-Cors/5.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/Flask-Cors/5.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/Flask-Cors/4.0.2/5.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/Flask-Cors/4.0.2/5.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

>  **Important**
>
> Release Notes retrieval for this PR were skipped because no github.com credentials were available.
> If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes).

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OC4wIiwidXBkYXRlZEluVmVyIjoiMzguNTguMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->

Reviewed-on: https://git.mgrote.net///container-images/python-api-server/pulls/41
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-09-02 15:25:59 +02:00
0b9f351d03 chore(deps): update dependency flask-cors to v4.0.2 (#40)
Some checks are pending
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/cron/build Pipeline is pending
ci/woodpecker/cron/lint Pipeline is pending
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-08-30 22:06:55 +02:00
97052bbe45 chore(deps): update dependency gunicorn to v23 (#37)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [gunicorn](https://github.com/benoitc/gunicorn) ([changelog](https://docs.gunicorn.org/en/stable/news.html)) | `==22.0.0` -> `==23.0.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/gunicorn/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/gunicorn/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/gunicorn/22.0.0/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/gunicorn/22.0.0/23.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>benoitc/gunicorn (gunicorn)</summary>

### [`v23.0.0`](https://github.com/benoitc/gunicorn/releases/tag/23.0.0)

[Compare Source](https://github.com/benoitc/gunicorn/compare/22.0.0...23.0.0)

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and  which improve safety

You're invited to upgrade asap your own installation.

# 23.0.0 - 2024-08-10

-   minor docs fixes (:pr:`3217`, :pr:`3089`, :pr:`3167`)
-   worker_class parameter accepts a class (:pr:`3079`)
-   fix deadlock if request terminated during chunked parsing (:pr:`2688`)
-   permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:`3261`)
-   permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:`3261`)
-   sdist generation now explicitly excludes sphinx build folder (:pr:`3257`)
-   decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising `TypeError` (:pr:`2336`)
-   raise correct Exception when encounting invalid chunked requests (:pr:`3258`)
-   the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:`3192`)
-   include IPv6 loopback address `[::1]` in default for :ref:`forwarded-allow-ips` and :ref:`proxy-allow-ips` (:pr:`3192`)

\*\* NOTE \*\*

-   The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
-   Review your :ref:`forwarded-allow-ips` setting if you are still not seeing the SCRIPT_NAME transmitted
-   Review your :ref:`forwarder-headers` setting if you are missing headers after upgrading from a version prior to 22.0.0

\*\* Breaking changes \*\*

-   refuse requests where the uri field is empty (:pr:`3255`)
-   refuse requests with invalid CR/LR/NUL in heade field values (:pr:`3253`)
-   remove temporary `--tolerate-dangerous-framing` switch from 22.0 (:pr:`3260`)
-   If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMy4xIiwidXBkYXRlZEluVmVyIjoiMzguMjMuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->

Reviewed-on: #37
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-08-12 23:56:49 +02:00
cdc929da7b chore(deps): update dependency requests to v2.32.3 (#23)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-05-30 02:01:09 +02:00
801d0362cb chore(deps): update dependency requests to v2.32.2 (#21)
Some checks failed
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline failed
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-05-22 02:04:04 +02:00
519e4d0121 chore(deps): update dependency requests to v2.32.1 (#20)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-05-21 02:23:54 +02:00
92df72f00d chore(deps): update dependency flask-cors to v4.0.1 (#14)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-05-05 02:56:12 +02:00
f758ec9d2a chore(deps): update dependency gunicorn to v22 (#7)
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [gunicorn](https://github.com/benoitc/gunicorn) ([changelog](https://docs.gunicorn.org/en/stable/news.html)) | major | `==21.2.0` -> `==22.0.0` |

---

### Release Notes

<details>
<summary>benoitc/gunicorn (gunicorn)</summary>

### [`v22.0.0`](https://github.com/benoitc/gunicorn/releases/tag/22.0.0): Gunicorn 22.0 has been released

[Compare Source](https://github.com/benoitc/gunicorn/compare/21.2.0...22.0.0)

**Gunicorn 22.0.0 has been released.** This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

    22.0.0 - 2024-04-17
    ===================

    - use `utime` to notify workers liveness
    - migrate setup to pyproject.toml
    - fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    - parsing additional requests is no longer attempted past unsupported request framing
    - on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    - requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    - Trailer fields are no longer inspected for headers indicating secure scheme
    - support Python 3.12

    ** Breaking changes **

    - minimum version is Python 3.7
    - the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    - requests specifying unsupported transfer coding (order) are refused by default (rare)
    - HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    - HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    - HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    - HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    - HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    - HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    - requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    - empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

    ** SECURITY **

    - fix CVE-2024-1135

1.  Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
2.  Packages: https://pypi.org/project/gunicorn/

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMDAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjMwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Reviewed-on: #7
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-04-17 11:45:58 +02:00
e2d0c76519 chore(deps): update dependency flask to v3.0.3 (#4)
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-04-07 22:00:52 +02:00
981bf4f756 chore(deps): update dependency flask to v3.0.2 (#18)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| Flask ([changelog](https://flask.palletsprojects.com/changes/)) | patch | `==3.0.1` -> `==3.0.2` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjguMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2OC4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->

Reviewed-on: #18
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
2024-02-06 18:56:19 +01:00
6918842303 chore(deps): update dependency flask to v3 2024-01-22 20:47:47 +00:00
d3c4cc91a9 test with old version 2024-01-22 21:47:15 +01:00
5be74d414a set python-packages versions explicit 2024-01-22 21:43:15 +01:00
e27473ead4 remove explicit set versions
Signed-off-by: Michael Grote <michael.grote@posteo.de>
2023-10-03 18:07:58 +02:00
e6dceb6ddc set Werktzeug Version explicit (https://stackoverflow.com/questions/77213053/importerror-cannot-import-name-url-quote-from-werkzeug-urls)
Signed-off-by: Michael Grote <michael.grote@posteo.de>
2023-10-03 18:03:18 +02:00
mg
13a3ab0076 add swagger (#1)
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/python-api-server#1
2023-04-25 20:52:45 +02:00
e15c6e4727 add gunicorn 2023-04-13 14:53:55 +02:00
cae938ca7e add Dockerfile + App 2023-04-12 16:08:55 +02:00