Update dependency waitress to v3 #129

renovate-bot · 2024-09-13T13:36:42+02:00

renovate-bot commented

2024-09-13 13:36:42 +02:00

This PR contains the following updates:

Package	Type	Update	Change
waitress (changelog)	packages	major	`==2.1.2` -> `==3.0.2`

Release Notes

Pylons/waitress (waitress)

`v3.0.2`

Compare Source

Security


- When using Waitress to process trusted proxy headers, Waitress will now
  update the headers to drop any untrusted values, thereby making sure that
  WSGI apps only get trusted and validated values that Waitress itself used to
  update the environ. See https://github.com/Pylons/waitress/pull/452 and
  https://github.com/Pylons/waitress/issues/451

`v3.0.1`

Compare Source

Security


- Fix a bug that would lead to Waitress busy looping on select() on a half-open
  socket due to a race condition that existed when creating a new HTTPChannel.
  See https://github.com/Pylons/waitress/pull/435,
  https://github.com/Pylons/waitress/issues/418 and
  https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6

  With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and
  helping track this down.

- No longer strip the header values before passing them to the WSGI environ.
  See https://github.com/Pylons/waitress/pull/434 and
  https://github.com/Pylons/waitress/issues/432

- Fix a race condition in Waitress when `channel_request_lookahead` is enabled
  that could lead to HTTP request smuggling.

  See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

`v3.0.0`

Compare Source

Rename "master" git branch to "main"
Fix a bug that would appear on macOS whereby if we accept() a socket that is
already gone, setting socket options would fail and take down the server. See
https://github.com/Pylons/waitress/pull/399
Fixed testing of vendored asyncore code to not rely on particular naming for
errno's. See https://github.com/Pylons/waitress/pull/397
HTTP Request methods and versions are now validated to meet the HTTP
standards thereby dropping invalid requests on the floor. See
https://github.com/Pylons/waitress/pull/423
No longer close the connection when sending a HEAD request response. See
https://github.com/Pylons/waitress/pull/428
Always attempt to send the Connection: close response header when we are
going to close the connection to let the remote know in more instances.
https://github.com/Pylons/waitress/pull/429
Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and
PyPy 3.9, 3.10. See https://github.com/Pylons/waitress/pull/412
Document that trusted_proxy may be set to a wildcard value to trust all
proxies. See https://github.com/Pylons/waitress/pull/431

Updated Defaults


- clear_untrusted_proxy_headers is set to True by default. See
  https://github.com/Pylons/waitress/pull/370

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [waitress](https://github.com/Pylons/waitress) ([changelog](https://docs.pylonsproject.org/projects/waitress/en/latest/index.html#change-history)) | packages | major | `==2.1.2` -> `==3.0.2` | --- ### Release Notes <details> <summary>Pylons/waitress (waitress)</summary> ### [`v3.0.2`](https://github.com/Pylons/waitress/blob/HEAD/CHANGES.txt#302-2024-11-16) [Compare Source](https://github.com/Pylons/waitress/compare/v3.0.1...v3.0.2) Security ``` - When using Waitress to process trusted proxy headers, Waitress will now update the headers to drop any untrusted values, thereby making sure that WSGI apps only get trusted and validated values that Waitress itself used to update the environ. See https://github.com/Pylons/waitress/pull/452 and https://github.com/Pylons/waitress/issues/451 ``` ### [`v3.0.1`](https://github.com/Pylons/waitress/blob/HEAD/CHANGES.txt#301-2024-11-28) [Compare Source](https://github.com/Pylons/waitress/compare/v3.0.0...v3.0.1) Security ``` - Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See https://github.com/Pylons/waitress/pull/435, https://github.com/Pylons/waitress/issues/418 and https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and helping track this down. - No longer strip the header values before passing them to the WSGI environ. See https://github.com/Pylons/waitress/pull/434 and https://github.com/Pylons/waitress/issues/432 - Fix a race condition in Waitress when `channel_request_lookahead` is enabled that could lead to HTTP request smuggling. See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj ``` ### [`v3.0.0`](https://github.com/Pylons/waitress/blob/HEAD/CHANGES.txt#300-2024-02-04) [Compare Source](https://github.com/Pylons/waitress/compare/v2.1.2...v3.0.0) - Rename "master" git branch to "main" - Fix a bug that would appear on macOS whereby if we accept() a socket that is already gone, setting socket options would fail and take down the server. See https://github.com/Pylons/waitress/pull/399 - Fixed testing of vendored asyncore code to not rely on particular naming for errno's. See https://github.com/Pylons/waitress/pull/397 - HTTP Request methods and versions are now validated to meet the HTTP standards thereby dropping invalid requests on the floor. See https://github.com/Pylons/waitress/pull/423 - No longer close the connection when sending a HEAD request response. See https://github.com/Pylons/waitress/pull/428 - Always attempt to send the Connection: close response header when we are going to close the connection to let the remote know in more instances. https://github.com/Pylons/waitress/pull/429 - Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and PyPy 3.9, 3.10. See https://github.com/Pylons/waitress/pull/412 - Document that trusted_proxy may be set to a wildcard value to trust all proxies. See https://github.com/Pylons/waitress/pull/431 Updated Defaults ``` - clear_untrusted_proxy_headers is set to True by default. See https://github.com/Pylons/waitress/pull/370 ``` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit 2024-09-13 13:36:42 +02:00

Update dependency waitress to v3

continuous-integration/drone/pr Build is passing

Details

e68375836f

renovate-bot force-pushed renovate/waitress-3.x from e68375836f to 04fec57242

2024-10-29 01:36:21 +01:00

Compare

renovate-bot commented

2024-10-29 01:36:21 +01:00

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Pipfile.lock

Command failed: pipenv lock
Locking [packages] dependencies...
False
<console width=80 None>
Traceback (most recent call last):
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/bin/pipenv", line 8, in <module>
    sys.exit(cli())
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/cli/options.py", line 52, in main
    return super().main(*args, **kwargs, windows_expand_args=False)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/decorators.py", line 92, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/cli/command.py", line 342, in lock
    do_lock(
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/routines/lock.py", line 67, in do_lock
    venv_resolve_deps(
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 907, in venv_resolve_deps
    c = resolve(cmd, st, project=project)
  File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 771, in resolve
    raise RuntimeError("Failed to lock Pipfile.lock!")
RuntimeError: Failed to lock Pipfile.lock!

### ⚠️ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens: - any of the package files in this branch needs updating, or - the branch becomes conflicted, or - you click the rebase/retry checkbox if found above, or - you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below: ##### File name: Pipfile.lock ``` Command failed: pipenv lock Locking [packages] dependencies... False <console width=80 None> Traceback (most recent call last): File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/bin/pipenv", line 8, in <module> sys.exit(cli()) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1157, in __call__ return self.main(*args, **kwargs) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/cli/options.py", line 52, in main return super().main(*args, **kwargs, windows_expand_args=False) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1078, in main rv = self.invoke(ctx) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1688, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1434, in invoke return ctx.invoke(self.callback, **ctx.params) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 783, in invoke return __callback(*args, **kwargs) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/decorators.py", line 92, in new_func return ctx.invoke(f, obj, *args, **kwargs) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 783, in invoke return __callback(*args, **kwargs) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/vendor/click/decorators.py", line 33, in new_func return f(get_current_context(), *args, **kwargs) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/cli/command.py", line 342, in lock do_lock( File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/routines/lock.py", line 67, in do_lock venv_resolve_deps( File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 907, in venv_resolve_deps c = resolve(cmd, st, project=project) File "/opt/containerbase/tools/pipenv/2024.4.0/3.8.20/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 771, in resolve raise RuntimeError("Failed to lock Pipfile.lock!") RuntimeError: Failed to lock Pipfile.lock! ```

renovate-bot force-pushed renovate/waitress-3.x from 04fec57242 to 320797a7d2

2024-11-16 21:36:46 +01:00

Compare

renovate/artifacts Artifact file update failure

continuous-integration/drone/pr Build is failing

Required

Details

Some required checks were not successful.

You are not authorized to merge this pull request.

View command line instructions.