build(deps): update mitmproxy/mitmproxy Docker tag to v12

[fro-bot]

This PR contains the following updates:

Package	Update	Change	OpenSSF
mitmproxy/mitmproxy	major	11.1.3 → 12.2.3

---

Release Notes

mitmproxy/mitmproxy (mitmproxy/mitmproxy)

v12.2.3

Compare Source

• Reduce generated leaf certificate validity from 199 to 197 days so the 2-day
  notBefore backdate remains below Chromium's 200-day limit.
  (#​8203, @​emanuele-em)
• Fixed a bug where mitmweb would not pick up its XSRF cookie.
  (#​8224, @​mhils)
• Fix authority and subject key identifier mismatch errors when mitmproxy
  is configured with a custom CA whose SubjectKeyIdentifier was not derived
  as SHA-1 of the public key.
  (#​8214, @​unique-jakub)
• Fix IndexError in is_mostly_bin when exporting flows to HAR with payloads
  that have a UTF-8 continuation byte at the 100-byte cutoff.
  (#​8196, @​juliosuas)

v12.2.2

Compare Source

• GHSA-527g-3w9m-29hv:
  Fix LDAP injection vulnerability reported by @​yueyueL.
  (#​8178, @​mhils)
• Reduce CERT_EXPIRY to 199 days.
  (#​8142, @​opstic)
• Switch all content-encoding compression algorithms to use fastest settings by default.
  This significantly improves addon runtime performance when assigning to message.content.
  (#​8055, @​Prinzhorn)
• Fix addon options not being included in --options output.
  (#​4423, @​emanuele-em)
• Fix view.settings.setval.toggle command to correctly use the provided key parameter instead of hardcoded "key" string.
  (#​8167, @​nameearly)
• Fix 400 Bad Request for HTTP requests with uppercase scheme (e.g. HTTP://).
  (#​8174, @​emanuele-em)
• Fix console command panel losing focus due to incoming traffic (e.g. websocket messages).
  (#​8173, @​emanuele-em)
• mitmdump: Fix failed CONNECT requests not being displayed.
  (#​7083, @​Prinzhorn)
• mitmweb: Reduce FlowTable Redux subscriptions from O(rows) to O(1).
  (#​8104, @​ariel42)
• mitmweb: Fix editors not allowing content to be cleared to an empty string
  (#​8149, @​ariel42)
• Update optmanager value parsing exceptions to include the option name
  (#​8016, @​zdwg42)
• mitmweb: show intercept filter tag at the bottom for default options
  (#​8026, @​xBZZZZ)
• Fix a bug where mitmweb would show a blank page on Windows.
  (#​8041, @​Prinzhorn)
• mitmweb: Add number of selected flows in the footer
  (#​8057, @​skrattara)
• Fix modify_body crash when replacement strings contain backslash sequences.
  (#​8046, @​HueCodes)
• Added support for adding and editing comments on individual flows in the mitmproxy console.
  (#​7944, @​lups2000)
• Allow hiding the Quick Help UI in the mitmproxy console with the 'H' key.
  (#​8095, @​seroperson)
• Removed several dead functions using Skylos.
  (#​8136, @​duriantaco)

v12.2.1

Compare Source

• Make TCP inactivity timeout configurable through a new tcp_timeout option (default: 600 seconds).
  Previously, the timeout was hardcoded to 10 minutes for all TCP connections.
  (#​7909, @​keshavkrishnadav)
• Flush flow file after each flow to allow further processing.
  (#​7967, @​caiquejjx)
• infer_content_encoding: Fallback to UTF-8 for more content types
  (#​7961, @​xu-cheng)
• Remove bless from hex editors to avoid issues with macOS
  (#​7937, @​caiquejjx)
• Improves is_mostly_bin check to support chinese characters
  (#​7933, @​caiquejjx, @​mhils)
• Fix various issues in infer_content_encoding
  (#​7928, @​xu-cheng)
• Add example addon to spoof DNS responses.
  (#​7973, @​mhils)
• Gracefully handle decoding of raw binary payloads that previously caused
  "Raw cannot decode" or "failed to parse as JSON" errors
  (#​7940, @​AdityaPatadiya)
• Show query parameters for empty-body requests in the mitmproxy console.
  (#​7923, @​lups2000)
• mitmweb is now built with Vite, improving the development workflow.
  (#​7971, @​sleeyax, @​mhils)
• Fix URL of mitmweb when --web-host is an IPv6 address.
  (#​7963, @​Julien00859)
• Fix event loop leak when running tests
  (#​7982, @​DNEGEL3125)
• Fix TypeScript build by adding React types and removing obsolete @ts-expect-error directives.
  (#​7988, @​DNEGEL3125)

v12.2.0

Compare Source

• mitmproxy now supports Python 3.14. Binary releases ship with 3.14 by default.
  (#​7918, @​mhils)
• Replace htpasswd file parser with a custom implementation to migrate off unmaintained
  passlib dependency. The new parser only supports bcrypt and SHA-1 hashing.
  Contributions for additional formats are welcome as long as they don't introduce new
  dependencies.
  (#​7906, @​mhils)

v12.1.2

Compare Source

• Docker images are now build with Debian Trixie.
  (#​7851, @​mhils)
• Fix mitmweb auth cookie always using the default web_port option.
  (#​7827, @​sujaldev)
• fix: missing content-length header in curl export
  (#​7810, @​mheguy)
• fix: update log message with correct header name
  (#​7802, @​kristof-mattei)
• Update deprecated windows-2019 runner to windows-2025.
  (#​7801, @​chedieck)
• Do not escape non-ascii characters in the JSON contentview.
  (#​7740, @​mhils)
• Fix crash in mitmweb when no explicit Server-Connection is logged.
  (#​7734, @​lups2000)
• Add syntax highlighting for CSS and JavaScript contentviews.
  (#​7749, @​mhils)
• Display local timezone in the Timing tab of mitmweb.
  (#​7804, @​lups2000)
• Prevent showing the quit message in the console when no flows are available under specific configurations.
  (#​7833, @​lups2000)

Security Fixes

• GHSA-847f-9342-265h:
  Upgrade hyper-h2 to fix a request smuggling vulnerability that affects mitmproxy's
  HTTP/2 -> HTTP/1 translation. (@​mhils)

v12.1.1

Compare Source

• Fix a race condition when updating the flow list in mitmweb.
  (#​7729, @​mhils)

v12.1.0

Compare Source

• mitmweb now supports filtering by body contents (~b, ~bq, ~bs).
  (#​7704, @​lups2000, @​mhils)
• Fix raw response export incorrectly zeroing non-zero Content-Length header for HEAD requests.
  (#​7701, @​sujaldev)
• Fix concurrent mitmweb instances overwrite each other's auth cookie.
  (#​7690, @​turboOrange)

v12.0.1

Compare Source

• Fix a crash when editing raw messages bodies in mitmproxy.
  (#​7697, @​mhils)
• Added an option to pass the web token as Authentication: Bearer ... header
  (#​7681, @​gschaer)
• In DNS proxy mode, user-provided addons now trigger before DNS resolution has taken place.
  (#​7685, @​Florigolo)

v12.0.0

Compare Source

New Contentview System (#​7623, @​mhils)

• Contentviews can now be interactive and re-encode prettified data.
  For example, the new Protobuf view pretty-prints to YAML, which the user
  can edit and then re-serialize into binary representation.
• Replace the existing gRPC and Protobuf contentviews with an interactive contentview that
  supports both existing proto definitions and completely unknown protos.
• The MsgPack contentview is now interactive, too.
• The contentview API has been drastically simplified.
  Contentviews now return a plain str with the prettified data.
  Syntax highlighting is now signaled off-band (and based on tree-sitter).
• Docs: Add new documentation page and API reference for contentviews.
• Contentviews can now be written in Rust for better performance and access to
  the crates ecosystem.

Other Changes

• Add a new feature to store streamed bodies for requests and responses.
  (#​7637, @​mkiami)
• Add support for TLS 1.3 Post Handshake Authentication.
  (#​7576, @​mhils, @​cataggar)
• Add search functionality to the documentation.
  (#​7603, @​mhils)
• Introduce a new theme for docs.mitmproxy.org.
  (#​7593, @​mhils)
• Add CRL entries to dummy cert when the upstream certificate has some.
  (#​7609, @​Yepoleb, @​JordanPlayz158)
• Fix a bug where mitmproxy would incorrectly send empty HTTP/2 data frames.
  (#​7574, @​mhils, @​Dieken)
• Enhance homebrew installation command for Brewfile users.
  (#​7566, @​AntoineJT)
• Fix a bug where mitmdump would exit prematurely in server replay mode.
  (#​7571, @​mhils)
• Fix a bug where WebSocket Messages view jumps to top when a message is received
  (#​7572, @​DenizenB)
• Create content view for Socket.IO over WebSocket transport
  (#​7570, @​DenizenB)
• Correctly forward HTTP_1_1_REQUIRED errors in HTTP/2 streams.
  (#​7575, @​mhils)
• Fix a bug where HAR export would crash for malformed flows.
  (#​7666, @​mhils)
• Fix a bug where mitmweb would crash when viewing flows with undefined headers.
  (#​7595, @​emanuele-em)
• Fix a bug where mitmproxy does not listen on IPv4 and IPv6 by default in wireguard mode.
  (#​7589, @​errorxyz)
• Adjust popover placement for browsers that support anchor positioning (Chrome, Edge)
  (#​7642, @​lups2000)
• Fix mitmweb crash when searching or highlighting using ~h, ~hq, or ~hs.
  (#​7652, @​lups2000)
• mitmproxy.dns.Message has been renamed to mitmproxy.dns.DNSMessage
  (#​7670, @​mhils)
• Added support for selecting multiple flows in mitmweb using Ctrl+Click and Shift+Click. Multi-selection is now supported for deleting, duplicating, marking, reverting, replaying ,resuming, and aborting flows.
  (#​7319, @​lups2000, @​mhils)

---

Configuration

📅 Schedule: (in timezone America/Phoenix)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.