From c9c03cf97b21c4ba33d75df2644d5f1314ad23b2 Mon Sep 17 00:00:00 2001 From: Mathijs de Bruin Date: Thu, 31 Oct 2024 09:34:45 +0000 Subject: [PATCH] Update dependencies to address security issues. * fastapi 0.115.3, dropping support for older versions due to CVE-2024-47874 * starlette 0.41.2, closes #1443 * werkzeug 3.0.6 --- .github/workflows/pytest.yaml | 2 +- backend/poetry.lock | 22 +++++++++++----------- backend/pyproject.toml | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/pytest.yaml b/.github/workflows/pytest.yaml index e98c6260c6..28577db76b 100644 --- a/.github/workflows/pytest.yaml +++ b/.github/workflows/pytest.yaml @@ -10,7 +10,7 @@ jobs: strategy: matrix: python-version: ['3.9', '3.10', '3.11', '3.12'] - fastapi-version: ['0.110', '0.111', '0.112'] + fastapi-version: ['0.115'] env: BACKEND_DIR: ./backend steps: diff --git a/backend/poetry.lock b/backend/poetry.lock index a48eb5778d..27efcf3288 100644 --- a/backend/poetry.lock +++ b/backend/poetry.lock @@ -1258,18 +1258,18 @@ weaviate = ["weaviate-client (>2)"] [[package]] name = "fastapi" -version = "0.112.4" +version = "0.115.4" description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production" optional = false python-versions = ">=3.8" files = [ - {file = "fastapi-0.112.4-py3-none-any.whl", hash = "sha256:6d4f9c3301825d4620665cace8e2bc34e303f61c05a5382d1d61a048ea7f2f37"}, - {file = "fastapi-0.112.4.tar.gz", hash = "sha256:b1f72e1f72afe7902ccd639ba320abb5d57a309804f45c10ab0ce3693cadeb33"}, + {file = "fastapi-0.115.4-py3-none-any.whl", hash = "sha256:0b504a063ffb3cf96a5e27dc1bc32c80ca743a2528574f9cdc77daa2d31b4742"}, + {file = "fastapi-0.115.4.tar.gz", hash = "sha256:db653475586b091cb8b2fec2ac54a680ac6a158e07406e1abae31679e8826349"}, ] [package.dependencies] pydantic = ">=1.7.4,<1.8 || >1.8,<1.8.1 || >1.8.1,<2.0.0 || >2.0.0,<2.0.1 || >2.0.1,<2.1.0 || >2.1.0,<3.0.0" -starlette = ">=0.37.2,<0.39.0" +starlette = ">=0.40.0,<0.42.0" typing-extensions = ">=4.8.0" [package.extras] @@ -4937,13 +4937,13 @@ files = [ [[package]] name = "starlette" -version = "0.37.2" +version = "0.41.2" description = "The little ASGI library that shines." optional = false python-versions = ">=3.8" files = [ - {file = "starlette-0.37.2-py3-none-any.whl", hash = "sha256:6fe59f29268538e5d0d182f2791a479a0c64638e6935d1c6989e63fb2699c6ee"}, - {file = "starlette-0.37.2.tar.gz", hash = "sha256:9af890290133b79fc3db55474ade20f6220a364a0402e0b556e7cd5e1e093823"}, + {file = "starlette-0.41.2-py3-none-any.whl", hash = "sha256:fbc189474b4731cf30fcef52f18a8d070e3f3b46c6a04c97579e85e6ffca942d"}, + {file = "starlette-0.41.2.tar.gz", hash = "sha256:9834fd799d1a87fd346deb76158668cfa0b0d56f85caefe8268e2d97c3468b62"}, ] [package.dependencies] @@ -5514,13 +5514,13 @@ anyio = ">=3.0.0" [[package]] name = "werkzeug" -version = "3.0.4" +version = "3.0.6" description = "The comprehensive WSGI web application library." optional = false python-versions = ">=3.8" files = [ - {file = "werkzeug-3.0.4-py3-none-any.whl", hash = "sha256:02c9eb92b7d6c06f31a782811505d2157837cea66aaede3e217c7c27c039476c"}, - {file = "werkzeug-3.0.4.tar.gz", hash = "sha256:34f2371506b250df4d4f84bfe7b0921e4762525762bbd936614909fe25cd7306"}, + {file = "werkzeug-3.0.6-py3-none-any.whl", hash = "sha256:1bc0c2310d2fbb07b1dd1105eba2f7af72f322e1e455f2f93c993bee8c8a5f17"}, + {file = "werkzeug-3.0.6.tar.gz", hash = "sha256:a8dd59d4de28ca70471a34cba79bed5f7ef2e036a76b3ab0835474246eb41f8d"}, ] [package.dependencies] @@ -5760,4 +5760,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = ">=3.9,<4.0.0" -content-hash = "2bb8dff76542b4b0c5c3e19fcbcd63f0abf5ea804abd58d6462e34058538776a" +content-hash = "83dcb100388452b55021b7121738be63f4a8f00b2a5640d006e36561f9d43fc5" diff --git a/backend/pyproject.toml b/backend/pyproject.toml index e8f06c13b9..d9f63d44e9 100644 --- a/backend/pyproject.toml +++ b/backend/pyproject.toml @@ -43,8 +43,8 @@ python = ">=3.9,<4.0.0" httpx = ">=0.23.0" literalai = "0.0.623" dataclasses_json = "^0.6.7" -fastapi = ">=0.110.1,<0.113" -starlette = "^0.37.2" +fastapi = ">=0.115.3,<0.116" +starlette = "^0.41.2" uvicorn = "^0.25.0" python-socketio = "^5.11.0" aiofiles = "^23.1.0"