Inboard

Changes

Changes

**Update to FastAPI 0.115** (ee33487a8d750e4953fea5da89328b25c95aff40)

This release will update/upgrade from FastAPI 0.112 to
[FastAPI 0.115](https://fastapi.tiangolo.com/release-notes/).
FastAPI 0.113, 0.114, and 0.115 are included in the same inboard release
because the updates in each release are all similar.

FastAPI 0.113-0.115 enable cookies, form fields, headers, and query
parameters to be declared with Pydantic models. Query parameters, for
example, have been
[supported](https://fastapi.tiangolo.com/tutorial/query-params-str-validations/)
for many versions now, but application developers usually had to encode
them as "kwargs" (keyword arguments) in every API endpoint function,
resulting in code duplication and the need for custom logic. Now that
[query parameter models](https://fastapi.tiangolo.com/tutorial/query-param-models/)
are supported, models can be declared once and reused multiple times.

There are still gaps here - although FastAPI now supports reusing query
parameters, it does not provide features for helping API endpoint
functions work with those query parameters. Query parameters are
often used to set up filter and sort clauses for relational databases.
The construction of `SELECT` statements from these query parameters is
still left up to application developers. The related package
[SQLModel](https://github.com/fastapi/sqlmodel), while it does combine
Pydantic and SQLAlchemy models, does not provide features for `SELECT`
statement construction at this time either. Other third-party packages
like [fastapi-filters](https://github.com/uriyyo/fastapi-filters) may be
helpful.

**Drop Python 3.8 support**
(df6885d72b2d73e5226398eb61bb27592d0026f1,
7ac105f85befb14d6a9cf0a03ee6c602c585e308)

Python 3.8 is at [end-of-life](https://devguide.python.org/versions/).
This release will drop support for Python 3.8. This could be a breaking
change for users still running 3.8, so those users should consider
updating to 3.9 or above.

Commits

- Bump version from 0.70.0 to 0.71.0 (3cb5b60)
- Upgrade syntax after dropping Python 3.8 (7ac105f)
- Update to FastAPI 0.115 (ee33487)
- Drop Python 3.8 support (df6885d)
- Update to Ruff 0.6 (af5bae1)
- Update to `mypy==1.11.2` (99bac5a)
- Update to `pipx==1.7.1` (f74e09b)
- Update changelog for version 0.70.0 (111) (97d2d04)

Tagger: Brendon Smith <bwsbws.bio>

Date: 2024-10-05 15:21:56 -0400

text
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgwLDNmire1DHY/g9GC1rGGr+mrE
kJ3FC96XsyoFKzm6IAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQBKosxKPNQIPKxRK5ckfzKJlYu+UXIDgXZbFnZYWxG/E2OLu0koAltC0THPleLDFga
S0DohWIVQ3jMB02NRBQww=
-----END SSH SIGNATURE-----

Changes

Changes

This release will update/upgrade to
[FastAPI 0.111](https://fastapi.tiangolo.com/release-notes/).
This is a minor release to align with FastAPI versioning.

FastAPI 0.111.0 adds a `fastapi` CLI that is not relevant to inboard.
FastAPI 0.111.1 removes `orjson` and `ujson` from default dependencies.
Users who depend on `orjson` or `ujson` should add these dependencies to
their requirements files.

Commits

- Bump version from 0.68.0 to 0.69.0 (af06254)
- Update to FastAPI 0.111 (5f9ee0a)
- Update changelog for version 0.68.0 (109) (2416a23)

Tagger: Brendon Smith <bwsbws.bio>

Date: 2024-07-14 14:40:56 -0400

text
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgwLDNmire1DHY/g9GC1rGGr+mrE
kJ3FC96XsyoFKzm6IAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQKl8MnPlFZ51cBAk7RA5zd42Ggi6JwHyuV1G+l1m28l2naB1ZeG0Ubr/lGXqejiMku
9lg73rNFFOXlrLkM4A4Ag=
-----END SSH SIGNATURE-----

Changes

**Update to Uvicorn 0.28.1** (6166a668d9019fc90adc5f268041f9bc1dd6df43)

This release will update/upgrade to Uvicorn 0.28.1.
[Changes](https://github.com/encode/uvicorn/compare/0.25.0...0.28.1)
to Uvicorn between 0.25.0 and 0.28.1 include updates to `root_path`/
`--root-path` to comply with the ASGI spec, and fixes to `Keep-Alive`
behavior to avoid timeouts and `h11.LocalProtocolError` exceptions that
occur when processing pipelined requests.

**Update to Gunicorn 22.0.0** (108,
bf4661ed83f09db7bf4dcb95ff0cedced14f92c4)

This release will update/upgrade to
[Gunicorn 22.0.0](https://docs.gunicorn.org/en/stable/news.html).
Gunicorn 22.0.0 resolves a high-severity security vulnerability
([CVE-2024-1135](https://nvd.nist.gov/vuln/detail/CVE-2024-1135),
[GHSA-w3h3-4rj7-4ph4](https://github.com/advisories/GHSA-w3h3-4rj7-4ph4)):

> Gunicorn fails to properly validate Transfer-Encoding headers, leading
> to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests
> with conflicting Transfer-Encoding headers, attackers can bypass
> security restrictions and access restricted endpoints. This issue is
> due to Gunicorn's handling of Transfer-Encoding headers, where it
> incorrectly processes requests with multiple, conflicting
> Transfer-Encoding headers, treating them as chunked regardless of the
> final encoding specified. This vulnerability has been shown to allow
> access to endpoints restricted by gunicorn. This issue has been
> addressed in version 22.0.0.
>
> To be affected users must have a network path which does not filter
> out invalid requests. These users are advised to block access to
> restricted endpoints via a firewall or other mechanism if they are
> unable to update.

Commits

- Bump version from 0.67.1 to 0.68.0 (3fc1f79)
- Quote `&` in GitHub Actions workflow YAML (0043237)
- Update to Uvicorn 0.28.1 (6166a66)
- Bump gunicorn from 21.2.0 to 22.0.0 (108) (bf4661e)
- Update changelog for version 0.67.1 (107) (9579bba)

Tagger: Brendon Smith <bwsbws.bio>

Date: 2024-04-26 22:11:28 -0400

text
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgwLDNmire1DHY/g9GC1rGGr+mrE
kJ3FC96XsyoFKzm6IAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQP3RzZnd8mb0DehzvdJSKrJPWcFzhL2yz6SOt3vPRmB5ZifcG29/9gAovSbvGxa8EC
sSlxWxflkAIp2n05yk2QE=
-----END SSH SIGNATURE-----

Changes

**Fix Docker tags for specific Debian version** (e84fc8b24817acb3c8b7e0a96c4574ddb0f88d7d)

PR br3ndonland/inboard105 and
commit br3ndonland/inboard6a99cd09f04c000167432970b044b23623df887a
introduced support for specifying the Debian version when building
Docker images, ensuring that the version does not change unexpectedly.
This change altered Docker tag syntax by adding the Debian version
release name (currently "bookworm") to all Debian Docker images.
For example, `ghcr.io/br3ndonland/inboard:latest` became
`ghcr.io/br3ndonland/inboard:latest-bookworm`. inboard is not planning
to support multiple Debian versions simultaneously. inboard will update
to the next Debian version, Debian 13 ("trixie") when it is stable and
will provide a new release after the update. This means there is no need
to add the Debian version release name to the Docker tags.

This commit will update the code in the GitHub Actions workflow job and
Dockerfile to match the previous tag syntax. The latest Debian image
will return to `ghcr.io/br3ndonland/inboard:latest` and the latest
Debian slim image to `ghcr.io/br3ndonland/inboard:latest-slim`.
Syntax for Alpine Docker images remains unaltered, so tags like
`ghcr.io/br3ndonland/inboard:latest-alpine` are still valid.

Commits

- Bump version from 0.67.0 to 0.67.1 (2bfe218)
- Fix Docker tags for specific Debian version (105) (e84fc8b)
- Update changelog for version 0.67.0 (106) (1d20b7d)

Tagger: Brendon Smith <bwsbws.bio>

Date: 2024-04-11 19:04:37 -0400

text
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgwLDNmire1DHY/g9GC1rGGr+mrE
kJ3FC96XsyoFKzm6IAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQNksE9FyAppa86DBR/C92TCqCQkLpz4YZhv8tF8tK9scQYhVWEEVZZXSHv68VA7fUR
uLpz3hNjvEzj/vuD3/lwo=
-----END SSH SIGNATURE-----