Bump starlette from 0.25.0 to 0.27.0 #28

pavsorab · 2023-06-01T14:34:41Z

Changes :

Upgrade starlette version from 0.25.0to 0.27.0
fastapi is now at 0.95.2 for supporting starlette 0.27.0
Added h11>=0.13.0 because httpcore 0.17.2 requires h11<0.15,>=0.13
Added request_body to get the request body directly to allow non-JSON data
Made changes to tests/unit_tests/test_microservice.py for passing Content-Type as text/plain
In Swagger UI, users can now enter the body for the request

For performing post requests with request body we must strictly pass headers with Content-Type as text/plain for the request to work. This is to prevent CSRF in FastAPI as mentioned here tiangolo/fastapi#3456 and GHSA-8h2j-cgx8-6xv7

To allow request Body to parse as non-JSON based on media_type the issue is ongoing in tiangolo/fastapi#9159

Fixes #26

Fixes https://github.com/vmware-labs/build-inspector/security/dependabot/5

Signed-off-by: Pavan Sorab <psorab@vmware.com>

Pavan Sorab added 3 commits June 1, 2023 19:58

Bump starlette from 0.25.0 to 0.27.0

b72ab3b

Signed-off-by: Pavan Sorab <psorab@vmware.com>

Fixed functional test

7f60dd6

Signed-off-by: Pavan Sorab <psorab@vmware.com>

Removed ellipsis to fix error when request body is empty

cb0f7fc

Signed-off-by: Pavan Sorab <psorab@vmware.com>

loredous approved these changes Jun 1, 2023

View reviewed changes

loredous merged commit 8967be9 into main Jun 1, 2023
13 checks passed

loredous deleted the bump-version-starlette-0.27 branch June 8, 2023 18:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump starlette from 0.25.0 to 0.27.0 #28

Bump starlette from 0.25.0 to 0.27.0 #28

pavsorab commented Jun 1, 2023 •

edited

Bump starlette from 0.25.0 to 0.27.0 #28

Bump starlette from 0.25.0 to 0.27.0 #28

Conversation

pavsorab commented Jun 1, 2023 • edited

pavsorab commented Jun 1, 2023 •

edited