Skip to content

chore: bump starlette version (backport #4158) #4248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-0.3.x
Choose a base branch
from
Open

chore: bump starlette version (backport #4158) #4248

wants to merge 1 commit into from

Conversation

@mergify
Copy link

@mergify mergify bot commented Nov 27, 2025

What does this PR do?

Require at least 0.49.1 which fixes a security vulnerability in the parsing logic of the Range header in FileResponse. Release note: https://github.com/Kludex/starlette/releases/tag/0.49.1

This is an automatic backport of pull request #4158 done by [Mergify](https://mergify.com).

@leseb @mergify
chore: bump starlette version (#4158)
a4fefcf 
# What does this PR do?

Require at least 0.49.1 which fixes a security vulnerability in the
parsing logic of the Range header in FileResponse. Release note:
https://github.com/Kludex/starlette/releases/tag/0.49.1

Signed-off-by: Sébastien Han <[email protected]>
(cherry picked from commit dc49ad3)

# Conflicts:
#	uv.lock
@mergify mergify bot added the conflicts label Nov 27, 2025
@mergify mergify bot requested review from ashwinb and yanxi0830 as code owners November 27, 2025 15:50
@mergify
Copy link
Author

mergify bot commented Nov 27, 2025

Cherry-pick of dc49ad3 has failed:

On branch mergify/bp/release-0.3.x/pr-4158
Your branch is up to date with 'origin/release-0.3.x'.

You are currently cherry-picking commit dc49ad3f.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   pyproject.toml

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   uv.lock

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot mentioned this pull request Nov 27, 2025
Merged
@meta-cla meta-cla bot added the CLA Signed This label is managed by the Meta Open Source bot. label Nov 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashwinb ashwinb Awaiting requested review from ashwinb ashwinb is a code owner

@yanxi0830 yanxi0830 Awaiting requested review from yanxi0830 yanxi0830 is a code owner

@hardikjshah hardikjshah Awaiting requested review from hardikjshah hardikjshah is a code owner

@raghotham raghotham Awaiting requested review from raghotham raghotham is a code owner

@ehhuang ehhuang Awaiting requested review from ehhuang ehhuang is a code owner

@leseb leseb Awaiting requested review from leseb leseb is a code owner

@bbrowning bbrowning Awaiting requested review from bbrowning bbrowning is a code owner

@reluctantfuturist reluctantfuturist Awaiting requested review from reluctantfuturist reluctantfuturist is a code owner

@mattf mattf Awaiting requested review from mattf mattf is a code owner

@slekkala1 slekkala1 Awaiting requested review from slekkala1 slekkala1 is a code owner

@franciscojavierarceo franciscojavierarceo Awaiting requested review from franciscojavierarceo franciscojavierarceo is a code owner

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Meta Open Source bot. conflicts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leseb