Bump the pip group across 7 directories with 3 updates #1581

dependabot · 2024-02-09T20:20:03Z

Bumps the pip group with 2 updates in the /aws-cs-langserve directory: aiohttp and fastapi.
Bumps the pip group with 2 updates in the /aws-go-langserve directory: aiohttp and fastapi.
Bumps the pip group with 2 updates in the /aws-js-langserve directory: aiohttp and fastapi.
Bumps the pip group with 2 updates in the /aws-py-langserve directory: aiohttp and fastapi.
Bumps the pip group with 1 update in the /aws-py-oidc-provider-pulumi-cloud directory: cryptography.
Bumps the pip group with 2 updates in the /aws-ts-langserve directory: aiohttp and fastapi.
Bumps the pip group with 2 updates in the /aws-yaml-langserve directory: aiohttp and fastapi.

Updates aiohttp from 3.9.1 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates fastapi from 0.109.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Updates aiohttp from 3.9.1 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates fastapi from 0.109.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Updates aiohttp from 3.9.1 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates fastapi from 0.109.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Updates aiohttp from 3.9.1 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates fastapi from 0.109.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in ...
Description has been truncated

Bumps the pip group with 2 updates in the /aws-cs-langserve directory: [aiohttp](https://github.com/aio-libs/aiohttp) and [fastapi](https://github.com/tiangolo/fastapi). Bumps the pip group with 2 updates in the /aws-go-langserve directory: [aiohttp](https://github.com/aio-libs/aiohttp) and [fastapi](https://github.com/tiangolo/fastapi). Bumps the pip group with 2 updates in the /aws-js-langserve directory: [aiohttp](https://github.com/aio-libs/aiohttp) and [fastapi](https://github.com/tiangolo/fastapi). Bumps the pip group with 2 updates in the /aws-py-langserve directory: [aiohttp](https://github.com/aio-libs/aiohttp) and [fastapi](https://github.com/tiangolo/fastapi). Bumps the pip group with 1 update in the /aws-py-oidc-provider-pulumi-cloud directory: [cryptography](https://github.com/pyca/cryptography). Bumps the pip group with 2 updates in the /aws-ts-langserve directory: [aiohttp](https://github.com/aio-libs/aiohttp) and [fastapi](https://github.com/tiangolo/fastapi). Bumps the pip group with 2 updates in the /aws-yaml-langserve directory: [aiohttp](https://github.com/aio-libs/aiohttp) and [fastapi](https://github.com/tiangolo/fastapi). Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fastapi` from 0.109.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.109.1) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fastapi` from 0.109.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.109.1) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fastapi` from 0.109.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.109.1) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fastapi` from 0.109.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.109.1) Updates `cryptography` from 41.0.6 to 42.0.0 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.6...42.0.0) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fastapi` from 0.109.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.109.1) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fastapi` from 0.109.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.109.1) --- updated-dependencies: - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: indirect dependency-group: pip-security-group - dependency-name: cryptography dependency-type: direct:production dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: indirect dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-02-13T17:05:54Z

Superseded by #1589.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 9, 2024

dependabot bot closed this Feb 13, 2024

dependabot bot deleted the dependabot/pip/aws-cs-langserve/pip-security-group-683f3bb794 branch February 13, 2024 17:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 7 directories with 3 updates #1581

Bump the pip group across 7 directories with 3 updates #1581

dependabot bot commented on behalf of github Feb 9, 2024 •

edited

Loading

dependabot bot commented on behalf of github Feb 13, 2024

Bump the pip group across 7 directories with 3 updates #1581

Bump the pip group across 7 directories with 3 updates #1581

Conversation

dependabot bot commented on behalf of github Feb 9, 2024 • edited Loading

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

0.109.1

Security fixes

Features

Refactors

Docs

Translations

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

0.109.1

Security fixes

Features

Refactors

Docs

Translations

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

0.109.1

Security fixes

Features

Refactors

Docs

Translations

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

0.109.1

Security fixes

Features

Refactors

Docs

dependabot bot commented on behalf of github Feb 13, 2024

dependabot bot commented on behalf of github Feb 9, 2024 •

edited

Loading