Update dependency connexion to v3 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
connexion	major	==2.14.2 -> ==3.0.0

By merging this PR, the issue #362 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.5	CVE-2024-39689
Medium	4.4	CVE-2024-37891

---

Release Notes

spec-first/connexion (connexion)

v3.0.0

Compare Source

Connexion 3.0: API-first for all

We are excited to announce the release of Connexion 3.0! 🎉

Connexion 3 fundamentally changes how Connexion is designed and implemented, and how it
fits into the wider Python API ecosystem. We adopted the ASGI interface, which makes Connexion both
modular and well-integrated with most modern Python API tooling.

It brings some major changes compared to 2.X:

• The improved App and new AsyncApp allow you to use Connexion as a stand-alone framework
  • The App interface was extended so you no longer have to care about the framework used
    underneath
• Connexion can now be used as middleware to supercharge any ASGI or WSGI-compatible framework
  with its spec-based functionality
• Connexion is now pluggable in many dimensions:
  • All Connexion functionality is pluggable by adding or removing middleware from its stack
  • Validation is now pluggable by content type, solving longstanding issues regarding endpoints
    with multiple content types and making it easy to add validation for additional content types
  • Authentication is now pluggable by security scheme, making it easy to customize the behavior or
    add support for additional security schemes.
• Aiohttp support has been dropped due to lack of ASGI support
• We spent a lot of effort on extending and improving our documentation_

For further details, check:

• Our Connexion 3 documentation page for a high level overview of the changes
• Our in-depth blog post on the redesign for technical details
• Below for a detailed overview of all changes 👇

Full changelog

• Drop aiohttp support by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1491
• Add Python 3.10 in favor of 3.6 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1494
• Add empty connexion middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1502
• Extract Swagger UI functionality into middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1496
• Add pre-commit hook by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1511
• Add routing middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1497
• Extract security to middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1514
• Remove myself (Rafael Caricio) as maintainer by @​rafaelcaricio in https://github.com/spec-first/connexion/pull/1517
• Merge V2 to main by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1518
• Fix deprecation warning for Validator.iter_errors by @​jonasboecquaert in https://github.com/spec-first/connexion/pull/1536
• Refactor routing into middleware-api-operation model by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1533
• Clean up operation classes by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1535
• Removed jsonschema version check by @​jonasboecquaert in https://github.com/spec-first/connexion/pull/1540
• Remove built-in support for uWSGI by @​jacobstanly89 in https://github.com/spec-first/connexion/pull/1544
• Fix for bug of the function is_json_mimetype() by @​jacobstanly89 in https://github.com/spec-first/connexion/pull/1541
• Use resolver in security middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1553
• call as_view in methodresolver by @​bluebrown in https://github.com/spec-first/connexion/pull/1552
• Fix async tests by @​Ruwann in https://github.com/spec-first/connexion/pull/1558
• Add test for MethodViewResolver by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1559
• debug mode interaction for non-flask server by @​thvu11 in https://github.com/spec-first/connexion/pull/1556
• Add .git-blame-ignore-revs file with black commit by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1561
• Feature/method views args by @​bluebrown in https://github.com/spec-first/connexion/pull/1564
• Activate mypy check in pre-commit by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1560
• Remove "type: ignore" by using list(dict), not dict.keys() by @​cclauss in https://github.com/spec-first/connexion/pull/1575
• Merge v2 to main by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1579
• Resolve $ref referring to another $ref by @​chibacchie in https://github.com/spec-first/connexion/pull/1584
• Update json for Flask 2.3 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1582
• Use Flask request_ctx instead of _request_ctx_stack by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1583
• setup.py: Update url by @​jayvdb in https://github.com/spec-first/connexion/pull/1586
• Extract JSON request body validation to middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1588
• Remove AbstractSwaggerUIAPI class by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1589
• Removed internal variable pass_context_arg_name by @​leonardofesta in https://github.com/spec-first/connexion/pull/1568
• Explicitly support Flask async routes by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1592
• Extract boilerplate code into Routed base classes by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1590
• Move JSON response body validation to middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1591
• Remove support for deprecated x-body-name position by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1600
• Avoid warning with jsonschema 4.16.0 by @​gaetano-guerriero in https://github.com/spec-first/connexion/pull/1601
• Add form data validator for validation middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1595
• Flask apps only signal an exception on real server errors by @​enerqi in https://github.com/spec-first/connexion/pull/1611
• Move parameter validation to middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1610
• Add async app by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1613
• Update examples for Connexion 3.0 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1615
• Refactor decorators by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1618
• Switch to own maintained version of swagger-ui by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1619
• Expose additional context by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1620
• Implement user facing interface for ConnexionMiddleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1621
• Enable enforcing defaults by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1616
• Cache operation body definition by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1626
• Coerce types only in uri parser by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1627
• Introduce poetry by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1628
• Bump httpx version to 0.23 to mitigate GHSA-h8pj-cxx2-jfg2 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1632
• Refactor tests by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1631
• Define request interface and align WSGI and ASGI by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1636
• Feature/request context by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1639
• Add error handlers for AsyncApp by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1640
• Make tests framework agnostic by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1634
• Bump starlette version by @​Ruwann in https://github.com/spec-first/connexion/pull/1641
• Bump a2wsgi and drop monkeypatch by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1647
• Update NumberConverter regex to match new Werkzeug behavior (v3) by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1644
• Re-add tests for multiple and mixed file uploads by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1642
• Add support for relative refs in spec by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1648
• Clean up errors and fix hierarchy by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1649
• Enforce required RequestBody by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1652
• Create abstract validator classes by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1653
• Enable response mimetype validation for non-error responses by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1654
• Don't return 400 when read-only property is provided by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1655
• Add jsonifier as argument to app / api by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1656
• Add high-level documentation for 3.0 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1646
• Run release pipeline for pre-releases as well by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1658
• Fix filter pattern in release pipeline by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1659
• Fix ReadTheDocs config for Poetry by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1663
• Update quickstart.rst to include example of passing server arguments by @​rkrishnasanka in https://github.com/spec-first/connexion/pull/1645
• Fix and extend v3 documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1664
• Update docs index page by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1665
• Delay import error for optional flask depencendy by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1668
• Update Operations to act as wrapper of wrapped view function by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1669
• Add explicit asgiref dependency by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1667
• Pass through lifespan events by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1673
• Add lifespan middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1676
• Fix examples links in security doc page by @​opheron in https://github.com/spec-first/connexion/pull/1677
• Fix stream replay in validators by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1678
• Make security pluggable by @​Ruwann in https://github.com/spec-first/connexion/pull/1671
• Add tests for strict validation in combination with api key in query by @​Ruwann in https://github.com/spec-first/connexion/pull/1681
• Update CLI for 3.0 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1687
• Add add_middleware interface by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1683
• Add test for security_map argument by @​Ruwann in https://github.com/spec-first/connexion/pull/1691
• Inspect middleware parameters before passing in lifespan by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1686
• Remove context keyword from security handlers by @​Ruwann in https://github.com/spec-first/connexion/pull/1690
• Unpack error handler when registering on middleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1695
• Use logger error instead of exception by @​Ruwann in https://github.com/spec-first/connexion/pull/1692
• Fix add_middleware enum comparison by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1698
• Move from caret to inequality requirements by @​marcin-lulek-cint in https://github.com/spec-first/connexion/pull/1704
• Improve and fix docs index page by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1700
• Update quickstart documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1701
• Add traceback info to common error handler by @​Ruwann in https://github.com/spec-first/connexion/pull/1708
• Add middleware documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1706
• Deepcopy only headers in validator by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1710
• Use repr for error logging by @​Ruwann in https://github.com/spec-first/connexion/pull/1711
• Fix typo by @​julienschuermans in https://github.com/spec-first/connexion/pull/1713
• Bugfix/basepath by @​Ruwann in https://github.com/spec-first/connexion/pull/1716
• Bump starlette by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1734
• Make middleware_app property private by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1737
• Update routing documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1738
• chore: fix typos by @​afuetterer in https://github.com/spec-first/connexion/pull/1740
• Add swagger-ui docs and clean up swagger-ui options by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1739
• Update request handling documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1741
• Update response handling documenation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1742
• Support multiple APIs with same base path by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1736
• Add validation documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1743
• Remove debug argument from example by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1749
• Add context documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1747
• Feature/get delete body by @​Ruwann in https://github.com/spec-first/connexion/pull/1712
• Drop Python 3.7 in favor of 3.11 and 3.12 by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1752
• Create FUNDING.yml by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1753
• Centralize error handling in ExceptionMiddleware by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1754
• Add lifespan documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1759
• Add testing documentation by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1760
• Update Exceptions documentations by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1758
• Fix CLI and drop click dependency by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1762
• Update cli docs by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1763
• Remove cookbook docs and sort index better by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1765
• Update security docs by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1764
• Add gunicorn with uvicorn workers to docs by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1766
• Import WSGIDecorator under connexion.decorators by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1768
• Add new authors' copyright notice by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1770
• Improve JSON req error on disallowed empty body by @​uranusjr in https://github.com/spec-first/connexion/pull/1761
• Update readme by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1769
• Update v3 documentation for release by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1771
• Switch back from py-swagger-ui to swagger-ui-bundle by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1756
• Convert README from rst to md by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1772
• Fix images on PyPI by @​RobbeSneyders in https://github.com/spec-first/connexion/pull/1773

New Contributors

• @​jacobstanly89 made their first contribution in https://github.com/spec-first/connexion/pull/1544
• @​bluebrown made their first contribution in https://github.com/spec-first/connexion/pull/1552
• @​thvu11 made their first contribution in https://github.com/spec-first/connexion/pull/1556
• @​chibacchie made their first contribution in https://github.com/spec-first/connexion/pull/1584
• @​jayvdb made their first contribution in https://github.com/spec-first/connexion/pull/1586
• @​leonardofesta made their first contribution in https://github.com/spec-first/connexion/pull/1568
• @​gaetano-guerriero made their first contribution in https://github.com/spec-first/connexion/pull/1601
• @​enerqi made their first contribution in https://github.com/spec-first/connexion/pull/1611
• @​rkrishnasanka made their first contribution in https://github.com/spec-first/connexion/pull/1645
• @​opheron made their first contribution in https://github.com/spec-first/connexion/pull/1677
• @​marcin-lulek-cint made their first contribution in https://github.com/spec-first/connexion/pull/1704
• @​julienschuermans made their first contribution in https://github.com/spec-first/connexion/pull/1713
• @​afuetterer made their first contribution in https://github.com/spec-first/connexion/pull/1740
• @​uranusjr made their first contribution in https://github.com/spec-first/connexion/pull/1761

Full Changelog: spec-first/connexion@2.13.0...3.0.0

---

• If you want to rebase/retry this PR, check this box

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/connexion@3.0.0	environment, filesystem, network Transitive: eval, shell, unsafe	+81	104 MB	RobbeSneyders, ruwan

🚮 Removed packages: pypi/connexion@2.14.2

View full report↗︎

[rafikmojr]

Checkmarx One – Scan Summary & Details – c1f7cf6c-69da-4a10-9a68-aaaafd295ea8

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-1135	Python-gunicorn-20.1.0	Vulnerable Package

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2023-46136	Python-Werkzeug-2.2.3
	Host Namespace is Shared	/docker-compose.yaml: 11
	Host Namespace is Shared	/docker-compose.yaml: 3
	Networks Not Set	/docker-compose.yaml: 3
	Networks Not Set	/docker-compose.yaml: 11
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/books.py: 22
	Trust_Boundary_Violation_in_Session_Variables	/api_views/users.py: 34