Tomodachi

Latest version: v0.28.3

Safety actively analyzes 714792 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 26

0.28.3

- Fixes an issue where the OTEL prometheus meter provider would start the prometheus exporter server although the service was not instrumented if an OTEL meter was created outside of the service' auto instrumentation scope. On hot reloads of code changes this would also cause the prometheus exporter server to be started multiple times, causing the service to fail to restart due to a port conflict.
- Fixes an issue in OTEL prometheus exporter target info where the service_name and job could be incorrectly set to "unknown_service" if an OTEL meter was created before the service was fully initialized and instrumented.
- Added jwcrypto to the list of safe modules that won't be cleared during the hot auto reload on code changes.
- Restricted version constraint of OTEL API / OTEL SDK to 1.27.0 until support for exemplar builder is fully implemented into tomodachi's aggregators.

0.28.2

- Fixes a bug for AWS SQS queues with dead-letter queue configured which would trigger if SQS.DeleteMessage calls would unexpectedly fail or fail all retries for a message and the same message would be received again to the same consumer over and over again, where it would be ignored as a duplicated SQS message, until it would be sent to the DLQ. Even if the message was redrived to the queue and the same consumer would keep receiving it, it would still ignore the message as a duplicate. This would cause the message to be stuck in a loop.

Note that this change will run the handler function of the consumer after 60 seconds has passed and it receives the message again, which in a setup where a service has a single receiving consumer leaves responsibility of the handler to handle idempotency more strictly, in the same way as in setups with multiple consumers.

0.28.1

- Fixes an issue when attempting to call reading functions on a multipart web request in a handler would previously result in an "Could not find starting boundary in ..." error. This fix will now again make it possible to upload files as multipart web requests, and read those files from await request.post() in service http handlers.

0.28.0

- Supports `aiohttp` 3.10.x versions. Dropped support for `aiohttp` versions prior to 3.9.5.
- Enforces more recent versions of dependencies for OTEL (`>=1.27.0`, `>=0.48b0`) when installed with `opentelemetry` extras.
- Enforces more recent versions of protobuf (`>=4.25.0`) when installed with `protobuf` extras.
- Requires `yarl` to use version 1.16.0+.
- Support for Python 3.13. Python 3.13 has been added to test matrix and trove classifiers.
- Dropped support for Python 3.8.

0.27.2

- Correction of message attributes type definition. Now also aligns better with updated `types-aiobotocore` definitions.

0.27.1

- Support for `aiobotocore` 2.12.x releases and 2.13.x releases.
- Support for recent versions of OTEL prometheus exporter (`opentelemetry-exporter-prometheus`).
- Updated tests run via GHA to use latest version of `localstack`.

Page 3 of 26

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.