Skip to content

chore(deps): update dependency starlette to ^0.40.0

renovate requested to merge renovate/starlette-0.x into main

This MR contains the following updates:

Package Type Update Change
starlette (changelog) dependencies minor ^0.37.2 -> ^0.40.0

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

View the Renovate pipeline for this MR

Release Notes

encode/starlette (starlette)

v0.41.0: Version 0.41.0

Compare Source

Added

v0.40.0: Version 0.40.0

Compare Source

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

  • Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

v0.39.2: Version 0.39.2

Compare Source

Fixed

  • Allow use of request.url_for when only "app" scope is available #​2672.
  • Fix internal type hints to support python-multipart==0.0.12 #​2708.

Full Changelog: https://github.com/encode/starlette/compare/0.39.1...0.39.2

v0.39.1: Version 0.39.1

Compare Source

Fixed

  • Avoid regex re-compilation in responses.py and schemas.py #​2700.
  • Improve performance of get_route_path by removing regular expression usage #​2701.
  • Consider FileResponse.chunk_size when handling multiple ranges #​2703.
  • Use token_hex for generating multipart boundary strings #​2702.

Full Changelog: https://github.com/encode/starlette/compare/0.39.0...0.39.1

v0.39.0: Version 0.39.0

Compare Source

Added

  • Add support for HTTP Range to FileResponse #​2697

Full Changelog: https://github.com/encode/starlette/compare/0.38.6...0.39.0

v0.38.6: Version 0.38.6

Compare Source

Fixed

  • Close unclosed MemoryObjectReceiveStream in TestClient #​2693.

Full Changelog: https://github.com/encode/starlette/compare/0.38.5...0.38.6

v0.38.5: Version 0.38.5

Compare Source

Fixed

  • Schedule BackgroundTasks from within BaseHTTPMiddleware #​2688. This behavior was removed in 0.38.3, and is now restored.

Full Changelog: https://github.com/encode/starlette/compare/0.38.4...0.38.5

v0.38.4: Version 0.38.4

Compare Source

Fixed

  • Ensure accurate root_path removal in get_route_path function #​2600

Full Changelog: https://github.com/encode/starlette/compare/0.38.3...0.38.4

v0.38.3: Version 0.38.3

Compare Source

Added
Fixed
  • Don't poll for disconnects in BaseHTTPMiddleware via StreamingResponse #​2620.

Full Changelog: https://github.com/encode/starlette/compare/0.38.2...0.38.3

v0.38.2: Version 0.38.2

Compare Source

Fixed

  • Fix routing.get_name() not to assume all routines have __name__ #​2648

Full Changelog: https://github.com/encode/starlette/compare/0.38.1...0.38.2

v0.38.1: Version 0.38.1

Compare Source

Removed

  • Revert "Add support for ASGI pathsend extension" #​2649.

Full Changelog: https://github.com/encode/starlette/compare/0.38.0...0.38.1

v0.38.0: Version 0.38.0

Compare Source

Added

  • Allow use of memoryview in StreamingResponse and Response #​2576 and #​2577.
  • Send 404 instead of 500 when filename requested is too long on StaticFiles #​2583.

Changed

  • Fail fast on invalid Jinja2Template instantiation parameters #​2568.
  • Check endpoint handler is async only once #​2536.

Fixed

  • Add proper synchronization to WebSocketTestSession #​2597.

Full Changelog: https://github.com/encode/starlette/compare/0.37.2...0.38.0

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Stephan Rayner

Merge request reports