Bump fastapi dependency to >=0.92.0
#1205
Conversation
| # FIXME: handling is needed for httpx-based fastapi>=0.87.0 | ||
| - fastapi>=0.69.0,<0.87.0 |
There was a problem hiding this comment.
For more context, fastapi version 0.86.0 pins to starlette version 0.20.4, which was the last release before 0.87.0 (and so the latest version of fastapi allowed by this pin). Hence why the starlette installed has that CVE
There was a problem hiding this comment.
Thanks Charles! 🙏
Noticing the latest fastapi is causing more test failures than some of the older ones. We might consider keeping an upper bound, but just bumping that upper bound as well (based on whichever version causes the least issues)
That way we could then fix at most a handful of issues (or maybe just one)
Alternatively the issues in the newer version seem to repeat across tests. So maybe there is only one needed change to adapt to the newer versions of fastapi
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## main #1205 +/- ##
==========================================
+ Coverage 82.13% 82.23% +0.10%
==========================================
Files 78 78
Lines 4572 4572
Branches 849 849
==========================================
+ Hits 3755 3760 +5
+ Misses 634 625 -9
- Partials 183 187 +4 see 1 file with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
Looks like this is now passing! 🎉 |
This reverts commit cebfb90.
|
Thanks all! 🙏 Merging so we can get this fix out Happy to follow up on anything else as needed 🙂 |
Doing this to avoid GHSA-3qj8-93xh-pwh2; interested in what needs to change to allow this