Skip to content

Bump aiohttp from 3.13.5 to 3.14.0 in /jwtproxy #811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pstokkink merged 4 commits into from
Jun 8, 2026
+11 −8
Merged

Bump aiohttp from 3.13.5 to 3.14.0 in /jwtproxy #811

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd39feb
Bump aiohttp from 3.13.5 to 3.14.0 in /jwtproxy
dependabot[bot] Jun 5, 2026
d934e7c
optimize build
pstokkink Jun 8, 2026
6ef4d5c
update packages, replace aioresponses with aiointercept
pstokkink Jun 8, 2026
bc021aa
pop host from upstream request headers before passing along
pstokkink Jun 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion jwtproxy/Dockerfile.dev
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ RUN apt-get update && apt-get install nginx -y
COPY supervisord.conf /etc

WORKDIR /app
COPY src ./
COPY nginx/nginx.conf /etc/nginx/nginx.conf
COPY nginx/server.conf /etc/nginx/conf.d/server.conf
COPY pyproject.toml .
Expand All @@ -20,5 +19,6 @@ COPY requirements.txt .

RUN pip install supervisor
RUN pip install -r requirements_dev.txt
COPY src ./

ENTRYPOINT [ "/bin/sh", "-c", "nginx -g 'daemon on;'; adev runserver /app/server.py -p 8081 --app-factory main;"]
2 changes: 1 addition & 1 deletion jwtproxy/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
aiohttp==3.13.5
aiohttp==3.14.1
aiosignal==1.4.0
async-timeout==5.0.1
attrs==26.1.0
Expand Down
4 changes: 2 additions & 2 deletions jwtproxy/requirements_dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
-r requirements.txt

aiohttp-devtools==1.1.2
aioresponses==0.7.8
aiointercept==0.1.5
anyio==3.7.1
asttokens==2.4.1
black==26.5.1
Expand All @@ -11,7 +11,7 @@ executing==2.2.1
pre-commit==4.6.0
Pygments==2.20.0
pytest==9.0.3
pytest-aiohttp==1.1.0
pytest-aiohttp==1.1.1
ruff==0.15.14
six==1.17.0
sniffio==1.3.1
Expand Down
5 changes: 4 additions & 1 deletion jwtproxy/src/server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,9 +250,12 @@
if req.can_read_body:
body = await req.text()
app_logger.debug("Request body: \n %s", body)

upstream_headers = req.headers.copy()
upstream_headers.pop("Host", None)
async with SessionManager.session().request(
req.method, target_url, headers=req.headers, params=req.rel_url.query, data=body
req.method, target_url, headers=upstream_headers, params=req.rel_url.query, data=body
) as resp:

Check failure

Code scanning / CodeQL

Full server-side request forgery Critical

The full URL of this request depends on a
user-provided value
Loading
.
The full URL of this request depends on a
user-provided value
Loading
.
app_logger.debug("Response status from upstream: %s", resp.status)
app_logger.debug("Headers from upstream: \n %s", resp.headers)
app_logger.debug("Params from upstream: \n %s", req.rel_url.query)
Expand Down
6 changes: 3 additions & 3 deletions jwtproxy/src/tests/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import os

import aioresponses
import aiointercept
import pytest

from ..server import main
Expand Down Expand Up @@ -29,6 +29,6 @@ def set_env():


@pytest.fixture
def mock_upstream():
with aioresponses.aioresponses(passthrough_unmatched=True) as m:
async def mock_upstream():
async with aiointercept.aiointercept(mock_external_urls=True) as m:
yield m
Loading