Skip to content

Commit

Permalink
Remove ujson dependency
Browse files Browse the repository at this point in the history 
- Update default_response_class to ORJSONResponse.
- Remove the ujson dependency as it's deprecated.
- Remove install [all] with fastapi
- Explicitly add dependency packages for Pydantic and Starlette
- Update FastAPI to latest version 0.75.0
- Lock stomp.py to 7.0.0 as 8.0.0 broke the app

This fixes ujson CVE-2021-45958.

This is related to:
tiangolo/fastapi#820

Signed-off-by: Wayne Sun <gsun@redhat.com>
  • Loading branch information
@waynesun09
waynesun09 committed Mar 10, 2022
1 parent fa1865f commit b6f85b3
Show file tree
Hide file tree
Showing 3 changed files with 254 additions and 416 deletions.
9 changes: 7 additions & 2 deletions Pipfile
View file
Expand Up @@ -17,10 +17,15 @@ aioredis = "*"
aiofile = "*"
pytest = "*"
pytest-dotenv = "*"
"stomp.py" = "*"
"stomp.py" = "==7.0.0"
irc = "*"
werkzeug = "*"
fastapi = {version = "==0.73.0", extras = ["all"]}
fastapi = "==0.75.0"
email-validator = "*"
jinja2 = "*"
python-multipart = "*"
pyyaml = "*"
orjson = "*"

[dev-packages]

Expand Down

0 comments on commit b6f85b3

Please sign in to comment.