Bump mitmproxy from 0.15 to 4.0.4

[dependabot]

Bumps mitmproxy from 0.15 to 4.0.4.

Release notes

Sourced from mitmproxy's releases.

v4.0.4

• Security: Protect mitmweb against DNS rebinding. (CVE-2018-14505, @​atx)
• Reduce certificate lifetime to two years to be conformant with
  the current CA/Browser Forum Baseline Requirements. (@​muffl0n)
  (https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/)
• Update cryptography to version 2.3.

You can find the latest release packages on https://mitmproxy.org/downloads/.

v4.0.3

• Add support for IPv6 transparent mode on Windows (#3174)
• Add Docker images for ARMv7 - Raspberry Pi (#3190)
• Major overhaul of our release workflow - you probably won't notice it, but for us it's a big thing!
• Fix the Python version detection on Python 3.5, we now show a more intuitive error message (#3188)
• Fix application shutdown on Windows (#3172)
• Fix IPv6 scope suffixes in block addon (#3164)
• Fix options update when added (#3157)
• Fix "Edit Flow" button in mitmweb (#3136)

You can find the latest release packages on our snapshot server.

v4.0.1

The previous release had a packaging issue, so we bumped it to v4.0.1 and re-released it.
This contains no actual bugfixes or new features.

Please see the v4.0.0 release notes!

v4.0.0

Features

• mitmproxy now requires Python 3.6!
• Moved the core to asyncio - which gives us a very significant performance boost!
• Reduce memory consumption by using SO_KEEPALIVE (#3076)
• Export request as httpie command (#3031)
• Configure mitmproxy console keybindings with the keys.yaml file. See docs for more.

Breaking Changes

• The --conf command-line flag is now --confdir, and specifies the mitmproxy configuration
  directory, instead of the options yaml file (which is at config.yaml under the configuration directory).
• allow_remote got replaced by block_global and block_private (#3100)
• No more custom events (#3093)
• The cadir option has been renamed to confdir
• We no longer magically capture print statements in addons and translate
  them to logs. Please use ctx.log.info explicitly.

Bugfixes

• Correctly block connections from remote clients with IPv4-mapped IPv6 client addresses (#3099)
• Expand ~ in paths during the cut command (#3078)
• Remove socket listen backlog constraint
• Improve handling of user script exceptions (#3050, #2837)

... (truncated)

Changelog

Sourced from mitmproxy's changelog.

31 July 2018: mitmproxy 4.0.4

* Security: Protect mitmweb against DNS rebinding. (CVE-2018-14505, [@​atx](https://github.com/atx))
* Reduce certificate lifetime to two years to be conformant with
  the current CA/Browser Forum Baseline Requirements. ([@​muffl0n](https://github.com/muffl0n))
  (https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/)
* Update cryptography to version 2.3.

15 June 2018: mitmproxy 4.0.3

* Add support for IPv6 transparent mode on Windows ([#3174](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3174))
* Add Docker images for ARMv7 - Raspberry Pi ([#3190](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3190))
* Major overhaul of our release workflow - you probably won't notice it, but for us it's a big thing!
* Fix the Python version detection on Python 3.5, we now show a more intuitive error message ([#3188](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3188))
* Fix application shutdown on Windows ([#3172](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3172))
* Fix IPv6 scope suffixes in block addon ([#3164](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3164))
* Fix options update when added ([#3157](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3157))
* Fix "Edit Flow" button in mitmweb ([#3136](https://github-redirect.dependabot.com/mitmproxy/mitmproxy/issues/3136))

15 June 2018: mitmproxy 4.0.2
* Skipped!

17 May 2018: mitmproxy 4.0.1

** Bugfixes **
* The previous release had a packaging issue, so we bumped it to v4.0.1 and re-released it.
* This contains no actual bugfixes or new features.

17 May 2018: mitmproxy 4.0

** Features **
* mitmproxy now requires Python 3.6!
* Moved the core to asyncio - which gives us a very significant performance boost!
* Reduce memory consumption by using SO_KEEPALIVE (#3076)
* Export request as httpie command (#3031)
* Configure mitmproxy console keybindings with the keys.yaml file. See docs for more.

** Breaking Changes **
* The --conf command-line flag is now --confdir, and specifies the mitmproxy configuration
directory, instead of the options yaml file (which is at config.yaml under the configuration directory).
* allow_remote got replaced by block_global and block_private (#3100)
* No more custom events (#3093)
* The cadir option has been renamed to confdir
* We no longer magically capture print statements in addons and translate
them to logs. Please use ctx.log.info explicitly.

** Bugfixes **
* Correctly block connections from remote clients with IPv4-mapped IPv6 client addresses (#3099)
* Expand ~ in paths during the cut command (#3078)

... (truncated)

Commits

• 5c27805 bump version to 4.0.4
• 7fd0c59 update CHANGELOG for 4.0.4
• c74418c bump dependencies
• f467873 Change lifetime of dummy certificate to two years
• 9c41a92 Add DEFAULT_EXP_DUMMY_CERT and set to 90 days
• d956785 mitmweb: improve dns rebinding protection, support ipv6
• f196d77 mitmweb: protect against dns rebinding
• b62b119 Bump to v4.0.3
• c1998e8 cibuild: permit non-dev versions on maintenance branches
• c63174c Simpler addon clear mechanism
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #19.