0.68.0

### Changes

**Update to Uvicorn 0.28.1** (6166a66)

This release will update/upgrade to Uvicorn 0.28.1.
[Changes](encode/uvicorn@0.25.0...0.28.1)
to Uvicorn between 0.25.0 and 0.28.1 include updates to `root_path`/
`--root-path` to comply with the ASGI spec, and fixes to `Keep-Alive`
behavior to avoid timeouts and `h11.LocalProtocolError` exceptions that
occur when processing pipelined requests.

**Update to Gunicorn 22.0.0** (#108,
bf4661e)

This release will update/upgrade to
[Gunicorn 22.0.0](https://docs.gunicorn.org/en/stable/news.html).
Gunicorn 22.0.0 resolves a high-severity security vulnerability
([CVE-2024-1135](https://nvd.nist.gov/vuln/detail/CVE-2024-1135),
[GHSA-w3h3-4rj7-4ph4](GHSA-w3h3-4rj7-4ph4)):

> Gunicorn fails to properly validate Transfer-Encoding headers, leading
> to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests
> with conflicting Transfer-Encoding headers, attackers can bypass
> security restrictions and access restricted endpoints. This issue is
> due to Gunicorn's handling of Transfer-Encoding headers, where it
> incorrectly processes requests with multiple, conflicting
> Transfer-Encoding headers, treating them as chunked regardless of the
> final encoding specified. This vulnerability has been shown to allow
> access to endpoints restricted by gunicorn. This issue has been
> addressed in version 22.0.0.
>
> To be affected users must have a network path which does not filter
> out invalid requests. These users are advised to block access to
> restricted endpoints via a firewall or other mechanism if they are
> unable to update.

### Commits

- Bump version from 0.67.1 to 0.68.0 (3fc1f79)
- Quote `&` in GitHub Actions workflow YAML (0043237)
- Update to Uvicorn 0.28.1 (6166a66)
- Bump gunicorn from 21.2.0 to 22.0.0 (#108) (bf4661e)
- Update changelog for version 0.67.1 (#107) (9579bba)

0.67.1

### Changes

**Fix Docker tags for specific Debian version** (e84fc8b)

PR #105 and
commit 6a99cd0
introduced support for specifying the Debian version when building
Docker images, ensuring that the version does not change unexpectedly.
This change altered Docker tag syntax by adding the Debian version
release name (currently "bookworm") to all Debian Docker images.
For example, `ghcr.io/br3ndonland/inboard:latest` became
`ghcr.io/br3ndonland/inboard:latest-bookworm`. inboard is not planning
to support multiple Debian versions simultaneously. inboard will update
to the next Debian version, Debian 13 ("trixie") when it is stable and
will provide a new release after the update. This means there is no need
to add the Debian version release name to the Docker tags.

This commit will update the code in the GitHub Actions workflow job and
Dockerfile to match the previous tag syntax. The latest Debian image
will return to `ghcr.io/br3ndonland/inboard:latest` and the latest
Debian slim image to `ghcr.io/br3ndonland/inboard:latest-slim`.
Syntax for Alpine Docker images remains unaltered, so tags like
`ghcr.io/br3ndonland/inboard:latest-alpine` are still valid.

### Commits

- Bump version from 0.67.0 to 0.67.1 (2bfe218)
- Fix Docker tags for specific Debian version (#105) (e84fc8b)
- Update changelog for version 0.67.0 (#106) (1d20b7d)

0.67.0

### Changes

**Specify Debian version** (#105, 6a99cd0)

On 2023-06-14, Docker updated the default Debian Linux version in its
Python official images from Debian bullseye to Debian bookworm
([docker-library/official-images#14854](docker-library/official-images#14854)).
As inboard uses the default Debian Linux version from the Docker Python
official images, this meant that the next release of inboard
(0.50.0 - 2023-06-22) automatically updated to bookworm. There were some
[issues](https://github.com/docker-library/python/issues?q=bookworm)
noted by the community after this update. This was noted in inboard
[0.51.0 - 2023-07-09](https://inboard.bws.bio/changelog#0510-2023-07-09).
Thanks to @bodograumann for pointing this out in the related discussion
([#80](#80)).

inboard will now specify the Debian version when building Docker images,
ensuring that the version does not change unexpectedly.
The current Debian version is still Debian 12 ("bookworm").
The next Debian version, Debian 13 ("trixie") does not have a release
date yet, but inboard will update to trixie when it is stable and will
provide a new release after the update.

**Add support for Python 3.12** (#104, ba83a67)

This release will add
[Python 3.12](https://docs.python.org/3/whatsnew/3.12.html)
support to inboard.

- inboard will now run tests with Python 3.12, in addition to 3.8-3.11
- inboard will now build and publish its PyPI package using Python 3.12
- inboard will now include a Python 3.12 classifier in its PyPI package
- inboard will now ship Docker images running Python 3.12, in addition
  to 3.8-3.11, and Docker images tagged with `latest` will now use 3.12

Related projects that have released support for Python 3.12 include:

- AnyIO ([4.0.0 - 2023-08-30](https://github.com/agronholm/anyio/releases/tag/4.0.0))
- FastAPI ([0.109.0 - 2024-01-11](https://github.com/tiangolo/fastapi/releases/tag/0.109.0))
- Hatch ([1.8.0 - 2023-12-11](https://github.com/pypa/hatch/releases/tag/hatch-v1.8.0))
- `pipx` ([1.3.0 - 2023-12-02](https://github.com/pypa/pipx/releases/tag/1.3.0))
- Starlette ([0.31.0 - 2023-07-24](https://github.com/encode/starlette/releases/tag/0.31.0))
- Uvicorn ([0.24.0 - 2023-11-04](https://github.com/encode/uvicorn/releases/tag/0.24.0))

Related projects that have not released support for Python 3.12 include:

- [Gunicorn](https://github.com/benoitc/gunicorn) (has not released
  Python 3.12 support, but is testing with Python 3.12 in development)
- [Pydantic](https://github.com/pydantic/pydantic) (extent of Python
  3.12 support unclear, see
  [pydantic/pydantic#6704](pydantic/pydantic#6704))

### Commits

- Bump version from 0.66.1 to 0.67.0 (325ed9b)
- Update to pytest 8 (c462c90)
- Specify Debian version (#105) (6a99cd0)
- Add support for Python 3.12 (#104) (ba83a67)
- Fix GitHub Actions badge in README (145313e)
- Update changelog for version 0.66.1 (#103) (552ebaa)

0.66.1

### Changes

**Publish to PyPI with OIDC trusted publisher** (59ec546)

This release will update Python package publishing to the newest format
recommended by PyPI. This project previously published packages with the
`hatch publish` command and a project-scoped PyPI API token (token only
valid for this project) stored in GitHub Secrets. The project will now
publish packages using a
[PyPI OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi)
(OpenID Connect)
[trusted publisher](https://docs.pypi.org/trusted-publishers/) with the
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
action. This is the method that Hatch itself uses (pypa/hatch#891)
(Hatch does not "dogfood" its own `hatch publish` feature).

The advantage to OIDC is that authentication is performed with temporary
API tokens (only valid for 15 minutes) instead of persistent tokens that
must be manually generated on PyPI and pasted into GitHub Secrets. The
disadvantage is that authentication is more complicated.

To use PyPI OIDC, a
[trusted publisher](https://docs.pypi.org/trusted-publishers/) was set
up for the PyPI project. Next, a dedicated
[GitHub Actions deployment environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment)
was created for PyPI with protection rules that only allow use of the
environment with Git tags. The environment protection rules combine with
tag protection rules in the existing
[GitHub rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)
to ensure PyPI packages can only be published if a maintainer triggers a
workflow run with a Git tag ref.

The GitHub Actions workflow will be updated to use the deployment
environment. Deployment environments must be selected at the job level
before the job begins, so a setup job will be added that selects the
appropriate deployment environment and passes it to the PyPI job.
Each use of a deployment environment creates a deployment that can be
either active or inactive. GitHub Actions auto-inactivates deployments,
and although this behavior is not configurable or documented, there are
some possible workarounds/hacks suggested by a community discussion
[comment](https://github.com/orgs/community/discussions/67982#discussioncomment-7086962).
The workaround used here will be to provide each deployment with its own
unique URL.

To publish the Python package to PyPI, `hatch build` will output package
build files to the `dist/` directory, then pypa/gh-action-pypi-publish
will authenticate and upload the files. pypa/gh-action-pypi-publish
provides exact version tags like pypa/[email protected] and
branches for major and minor version numbers like
pypa/gh-action-pypi-publish@release/v1.8.

**Update to FastAPI 0.110.1 and Starlette 0.37.2** (73eaadd)

This release will update/upgrade to
[FastAPI 0.110.1](https://fastapi.tiangolo.com/release-notes/)
and
[Starlette 0.37.2](https://www.starlette.io/release-notes/).
FastAPI 0.110 makes a change to dependencies with `yield` and `except`.
Dependencies must now raise exceptions after `except`. This change is
intended to address memory leak issues and may be a breaking change in
some projects if dependencies with `yield` and `except` used `pass`
instead of `raise`. See the
[FastAPI docs](https://fastapi.tiangolo.com/tutorial/dependencies/dependencies-with-yield/)
for further info. FastAPI 0.110.1 makes a small type annotation change
to the `Depends` dependency class.

Starlette 0.37 modifies the exception handling behavior of the `Config`
class used for application settings. The `Config` class accepts an
`env_file` arg that can be used to load environment variables from a
"dotenv" (`.env`) file. Previously, if the file was not found, the
`Config` class would silently pass without any exception. In 0.36, the
`Config` class was updated to raise a `FileNotFoundError` exception if
`env_file` was not not found. This was a breaking change but was not
documented as such (encode/starlette#2422, encode/starlette#2446).
In 0.37, the exception handling behavior has been changed again to raise
a warning instead of an exception (encode/starlette#2485), which could
also be a breaking change if users had rewritten their code to catch the
`FileNotFoundError`.
See the [fastenv docs](https://fastenv.bws.bio/comparisons#starlette)
for a detailed description of the Starlette `Config` class. Note that
FastAPI updated the Starlette minor version from 0.36 to 0.37 in the
0.110.1 patch release.

### Commits

- Bump version from 0.66.0 to 0.66.1 (474c722)
- Publish to PyPI with OIDC trusted publisher (59ec546)
- Update to `peter-evans/create-pull-request@v6` (5b499a3)
- Update to Ruff 0.3 (e42213c)
- Update to `mypy==1.9.0` (1cd64a7)
- Update to `hatch==1.9.4` (38a4e58)
- Update to `pipx==1.5.0` (8dfb90b)
- Update to FastAPI 0.110.1 and Starlette 0.37.2 (73eaadd)
- Disable CodeQL `setup-python-dependencies` (507c68c)
- Update to Node.js 20 actions (6972c7b)
- Update changelog for version 0.66.0 (#102) (7f4ff4e)

0.66.0

### Changes

**Update to FastAPI 0.110 and Starlette 0.36** (dfa4822)

This release will update/upgrade to
[FastAPI 0.110](https://fastapi.tiangolo.com/release-notes/)
and
[Starlette 0.36](https://www.starlette.io/release-notes/).
This is a minor release to align with FastAPI and Starlette versioning.

FastAPI 0.110 makes a change to dependencies with `yield` and `except`.
Dependencies must now raise exceptions after `except`, like this:

```py
def my_dep():
    try:
        yield
    except SomeException:
        raise
```

This change addresses memory leak issues and may be a breaking change in
some projects if dependencies with `yield` and `except` used `pass`
instead of `raise`. See the
[FastAPI docs](https://fastapi.tiangolo.com/tutorial/dependencies/dependencies-with-yield/)
for further info.

Changes to Starlette between 0.35 and 0.36 include exception handling
updates and AnyIO compatibility updates. Note that FastAPI updated the
Starlette minor version from 0.35 to 0.36 in the 0.109.2 patch release.

### Commits

- Bump version from 0.65.0 to 0.66.0 (ae160a0)
- Update to FastAPI 0.110 and Starlette 0.36 (dfa4822)
- Update to `peter-evans/create-pull-request@v5` (2f9b88f)
- Update to `actions/checkout@v4` (8d888d0)
- Update changelog for version 0.65.0 (#100) (8725661)

0.65.0

### Changes

**Update to FastAPI 0.109 and Starlette 0.35** (b68b991)

This release will update/upgrade to
[FastAPI 0.109](https://fastapi.tiangolo.com/release-notes/)
and
[Starlette 0.35](https://www.starlette.io/release-notes/).
This is a minor release to align with FastAPI and Starlette versioning.
FastAPI 0.109 adds Python 3.12 support. Changes to Starlette between
0.32 and 0.35 include support for middleware in `Router`, `Route`, and
`WebSocketRoute`, and updates to `Middleware` args.

**Use Ruff for linting and formatting** (#99, 35e37a7)

[Ruff](https://docs.astral.sh/ruff/) is a Python linter and formatter
that has gained popularity due to its high performance and numerous
capabilities. Now that Ruff has released its
[first minor version series](https://astral.sh/blog/ruff-v0.1.0) (0.1)
and has a [versioning policy](https://docs.astral.sh/ruff/versioning/),
it's a good time to consider adopting it.

As of this release, the project's Python linting and formatting checks
will be migrated from the previous tools (Black, Flake8, isort) to Ruff.
See #99 for further details.

### Commits

- Bump version from 0.64.0 to 0.65.0 (ca0a10b)
- Update to FastAPI 0.109 and Starlette 0.35 (b68b991)
- Use Ruff for linting and formatting (#99) (35e37a7)
- Add "pypa" to CSpell words (696c43d)
- Add references on syncing dependencies with Hatch (1e9512a)
- Update Docker links in docs (e3ad60b)
- Avoid `metadata-generation-failed` in Dockerfiles (a231b11)
- Add wheel build target to avoid Hatch `ValueError` (c1328ee)
- Update to `pipx==1.4.1` (f902387)
- Update changelog for version 0.64.0 (#97) (78adc33)

0.64.0

### Changes

**Update to Gunicorn 21.2.0** (7993e61)

This release will update/upgrade to Gunicorn 21.2.0. See the Gunicorn
[docs](https://docs.gunicorn.org/en/stable/2023-news.html) and
[GitHub repo](benoitc/gunicorn@20.1.0...21.2.0)
for more details on the changes since 20.1.0.

### Commits

- Bump version from 0.63.0 to 0.64.0 (384907b)
- Update to Gunicorn 21.2.0 (7993e61)
- Update changelog for version 0.63.0 (#96) (3bd8be1)

0.63.0

### Changes

**Update to Uvicorn 0.25.0** (4cc018b)

This release will update/upgrade to
[Uvicorn 0.25.0](https://github.com/encode/uvicorn/releases).
This is a minor release to align with Uvicorn versioning.

Uvicorn 0.25.0 adds support for the WebSocket Denial Response ASGI
extension. This is used in certain cases in which a WebSocket app needs
to reject a connection and return a custom response.

Uvicorn 0.25.0 also includes some corrections to the type annotations on
`uvicorn.run()`. `inboard.types.UvicornOptions` already included correct
type annotations that match these corrections, so no changes are needed.

### Commits

- Bump version from 0.62.0 to 0.63.0 (634d094)
- Update to Uvicorn 0.25.0 (4cc018b)
- Update changelog for version 0.62.0 (#95) (a1cfb84)

0.62.0

### Changes

**Update to Uvicorn 0.24.0** (65883a9, 0d5ec23)

This release will update/upgrade to
[Uvicorn 0.24.0](https://github.com/encode/uvicorn/releases).
This is a minor release to align with Uvicorn versioning.

Uvicorn 0.24.0 adds support for Python 3.12 and for setting the app
instance with the environment variable `UVICORN_APP`. inboard already
has an environment variable for this purpose, `APP_MODULE`. Either
`APP_MODULE` or `UVICORN_APP` can be used to set the app module for
inboard, with precedence given to `APP_MODULE` for backward
compatibility.

### Commits

- Bump version from 0.61.0 to 0.62.0 (2270900)
- Support `UVICORN_APP` (0d5ec23)
- Update to Uvicorn 0.24.0 (65883a9)
- Update changelog for version 0.61.0 (#94) (665eaca)

0.61.0

### Changes

**Update to FastAPI 0.108 and Starlette 0.32** (738d54a)

This release will update/upgrade to
[FastAPI 0.108](https://fastapi.tiangolo.com/release-notes/)
and
[Starlette 0.32](https://www.starlette.io/release-notes/).
This is a minor release to align with FastAPI versioning.

Changes to Starlette between 0.29 and 0.32 include dropping support for
Python 3.7, and adding support for Python 3.12 and AnyIO 4.

### Commits

- Bump version from 0.60.0 to 0.61.0 (ccc7bf2)
- Update to FastAPI 0.108 and Starlette 0.32 (738d54a)
- Update changelog for version 0.60.0 (#93) (b0d4a4a)