Support for wildcard in UV_INSECURE_HOST#8052
Merged
charliermarsh merged 4 commits intoastral-sh:mainfrom Oct 12, 2024
Merged
Conversation
Contributor
Author
|
Note that other tests require adapting from |
zanieb
approved these changes
Oct 9, 2024
Member
zanieb
left a comment
There was a problem hiding this comment.
I don't know if I'd declare this as stronger semantics, it's just "Allow disabling SSL for all hosts", right?
zanieb
reviewed
Oct 9, 2024
| if Some(self.host.as_ref()) != url.host_str() { | ||
| return false; | ||
| } | ||
| let allow_all_hosts = self.host == "*"; |
Member
There was a problem hiding this comment.
Can we avoid the subsequent comparison in this case? i.e. just do if self.host == "*" { return true }?
Contributor
Author
There was a problem hiding this comment.
For sure — in fact I’d like to go one step further and make TrustedHost an enumerated with a “Wildcard” variant if y’all like that direction.
Contributor
Author
There was a problem hiding this comment.
I’d like to go one step further and make TrustedHost an enumerated with a “Wildcard” variant
I ended up doing just that.
33960c2 to
ac41abc
Compare
Allow '*' as a value to match all hosts, and provide `reqwest_blocking_get` for uv tests, so that they also respect UV_INSECURE_HOST (since they respect `ALL_PROXY`). This lets those tests pass with a forward proxy - we can think about setting a root certificate later so that we don't need to disable certificate verification at all.
ac41abc to
7de5e9b
Compare
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Oct 15, 2024
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.4.20` -> `0.4.21` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.4.21`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0421) [Compare Source](astral-sh/uv@0.4.20...0.4.21) ##### Enhancements - Add support for managed installations of free-threaded Python ([#​8100](astral-sh/uv#8100)) - Add note about `uvx` to `uv tool run` short help ([#​7695](astral-sh/uv#7695)) - Enable HTTP/2 requests ([#​8049](astral-sh/uv#8049)) - Support `uv tree --no-dev` ([#​8109](astral-sh/uv#8109)) - Support PEP 723 metadata with `uv run -` ([#​8111](astral-sh/uv#8111)) - Support `pip install --exact` ([#​8044](astral-sh/uv#8044)) - Support `uv export --no-header` ([#​8096](astral-sh/uv#8096)) - ADd Python 3.13 images to Docker publish ([#​8105](astral-sh/uv#8105)) - Support remote (`https://`) scripts in `uv run` ([#​6375](astral-sh/uv#6375)) - Allow comma value-delimited arguments in `uv run --with` ([#​7909](astral-sh/uv#7909)) ##### Configuration - Support wildcards in `UV_INSECURE_HOST` ([#​8052](astral-sh/uv#8052)) ##### Performance - Use shared index when fetching metadata in lock satisfaction routine ([#​8147](astral-sh/uv#8147)) ##### Bug fixes - Add prerelease compatibility check to `uv python` CLI ([#​8020](astral-sh/uv#8020)) - Avoid deleting a project environment directory if we cannot tell if a `pyvenv.cfg` file exists ([#​8012](astral-sh/uv#8012)) - Avoid excluding valid wheels for exact `requires-python` bounds ([#​8140](astral-sh/uv#8140)) - Bump `netrc` crate to latest commit ([#​8021](astral-sh/uv#8021)) - Fix `uv python pin 3.13t` failure when parsing version for project requires check ([#​8056](astral-sh/uv#8056)) - Fix handling of != intersections in `requires-python` ([#​7897](astral-sh/uv#7897)) - Remove the newly created tool environment if sync failed ([#​8038](astral-sh/uv#8038)) - Respect dynamic extras in `uv lock` and `uv sync` ([#​8091](astral-sh/uv#8091)) - Treat resolver failures as fatal in lockfile validation ([#​8083](astral-sh/uv#8083)) - Use `git config --get` for author information for improved backwards compatibility ([#​8101](astral-sh/uv#8101)) - Use comma-separated values for `UV_FIND_LINKS` ([#​8061](astral-sh/uv#8061)) - Use shared resolver state between add and lock to avoid double Git update ([#​8146](astral-sh/uv#8146)) - Make `--relocatable` entrypoints robust to symlinking ([#​8079](astral-sh/uv#8079)) - Improve compatibility with VSCode PS1 prompt ([#​8006](astral-sh/uv#8006)) - Fix "Stream did not contain valid UTF-8" failures in Windows ([#​8120](astral-sh/uv#8120)) - Use `--with-requirements` in `uvx` error hint ([#​8112](astral-sh/uv#8112)) ##### Documentation - Include `uvx` installation in Docker examples ([#​8179](astral-sh/uv#8179)) - Make the instructions for the Windows standalone installer consistent across README and documentation ([#​8125](astral-sh/uv#8125)) - Update pip compatibility guide to note transitive URL dependency support ([#​8081](astral-sh/uv#8081)) - Document `--reinstall` with `--exclude-newer` to ensure downgrades ([#​6721](astral-sh/uv#6721)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Allow '*' as a value to match all hosts, and provide
reqwest_blocking_getfor uv tests, so that they also respect UV_INSECURE_HOST (since they respectALL_PROXY).This lets those tests pass with a forward proxy - we can think about setting a root certificate later so that we don't need to disable certificate verification at all.
I tested this locally by running:
GIT_SSL_NO_VERIFY=true ALL_PROXY=localhost:8080 UV_INSECURE_HOST="*" cargo nextest run sync_wheel_path_source_errorWith my forward proxy showing: