Update dependency fastapi to v0.109.1 [SECURITY] - autoclosed

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fastapi (changelog)	`0.109.0` -> `0.109.1`

GitHub Vulnerability Alerts

CVE-2024-24762

Summary

When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options.

An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests.

This can create a ReDoS (Regular expression Denial of Service): https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

This only applies when the app uses form data, parsed with python-multipart.

Details

A regular HTTP Content-Type header could look like:

Content-Type: text/html; charset=utf-8

python-multipart parses the option with this RegEx: https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74

A custom option could be made and sent to the server to break it with:

Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

PoC

Create a simple WSGI application, that just parses the Content-Type, and run it with python main.py:


# main.py
from wsgiref.simple_server import make_server
from wsgiref.validate import validator

from multipart.multipart import parse_options_header

def simple_app(environ, start_response):
    _, _ = parse_options_header(environ["CONTENT_TYPE"])

    start_response("200 OK", [("Content-type", "text/plain")])
    return [b"Ok"]

httpd = make_server("", 8123, validator(simple_app))
print("Serving on port 8123...")
httpd.serve_forever()

Then send the attacking request with:

$ curl -v -X 'POST' -H $'Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --data-binary 'input=1' 'http://localhost:8123/'

Impact

It's a ReDoS, (Regular expression Denial of Service), it only applies to those reading form data. This way it also affects other libraries using Starlette, like FastAPI.

Original Report

This was originally reported to FastAPI as an email to security@tiangolo.com, sent via https://huntr.com/, the original reporter is Marcello, https://github.com/byt3bl33d3r

Original report to FastAPI

Hey Tiangolo! My name's Marcello and I work on the ProtectAI/Huntr Threat Research team, a few months ago we got a report (from @nicecatch2000) of a ReDoS affecting another very popular Python web framework. After some internal research, I found that FastAPI is vulnerable to the same ReDoS under certain conditions (only when it parses Form data not JSON). Here are the details: I'm using the latest version of FastAPI (0.109.0) and the following code: ```Python from typing import Annotated from fastapi.responses import HTMLResponse from fastapi import FastAPI,Form from pydantic import BaseModel class Item(BaseModel): username: str app = FastAPI() @app.get("/", response_class=HTMLResponse) async def index(): return HTMLResponse("Test", status_code=200) @app.post("/submit/") async def submit(username: Annotated[str, Form()]): return {"username": username} @app.post("/submit_json/") async def submit_json(item: Item): return {"username": item.username} ``` I'm running the above with uvicorn with the following command: ```console uvicorn server:app ``` Then run the following cUrl command: ``` curl -v -X 'POST' -H $'Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --data-binary 'input=1' 'http://localhost:8000/submit/' ``` You'll see the server locks up, is unable to serve anymore requests and one CPU core is pegged to 100% You can even start uvicorn with multiple workers with the --workers 4 argument and as long as you send (workers + 1) requests you'll completely DoS the FastApi server. If you try submitting Json to the /submit_json endpoint with the malicious Content-Type header you'll see it isn't vulnerable. So this only affects FastAPI when it parses Form data. Cheers #### Impact An attacker is able to cause a DoS on a FastApi server via a malicious Content-Type header if it parses Form data. #### Occurrences [params.py L586](https://togithub.com/tiangolo/fastapi/blob/d74b3b25659b42233a669f032529880de8bd6c2d/fastapi/params.py#L586)

Release Notes

fastapi/fastapi (fastapi)

### [`v0.109.1`](https://togithub.com/fastapi/fastapi/releases/tag/0.109.1) [Compare Source](https://togithub.com/fastapi/fastapi/compare/0.109.0...0.109.1) ##### Security fixes - ⬆️ Upgrade minimum version of `python-multipart` to `>=0.0.7` to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade `python-multipart`. Read more in the [advisory: Content-Type Header ReDoS](https://togithub.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389). ##### Features - ✨ Include HTTP 205 in status codes with no body. PR [#10969](https://togithub.com/tiangolo/fastapi/pull/10969) by [@tiangolo](https://togithub.com/tiangolo). ##### Refactors - ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR [#10876](https://togithub.com/tiangolo/fastapi/pull/10876) by [@emmettbutler](https://togithub.com/emmettbutler). - ♻️ Simplify string format with f-strings in `fastapi/utils.py`. PR [#10576](https://togithub.com/tiangolo/fastapi/pull/10576) by [@eukub](https://togithub.com/eukub). - 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR [#10893](https://togithub.com/tiangolo/fastapi/pull/10893) by [@jiridanek](https://togithub.com/jiridanek). - ✅ Re-enable test in `tests/test_tutorial/test_header_params/test_tutorial003.py` after fix in Starlette. PR [#10904](https://togithub.com/tiangolo/fastapi/pull/10904) by [@ooknimm](https://togithub.com/ooknimm). ##### Docs - 📝 Tweak wording in `help-fastapi.md`. PR [#11040](https://togithub.com/tiangolo/fastapi/pull/11040) by [@tiangolo](https://togithub.com/tiangolo). - 📝 Tweak docs for Behind a Proxy. PR [#11038](https://togithub.com/tiangolo/fastapi/pull/11038) by [@tiangolo](https://togithub.com/tiangolo). - 📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR [#11036](https://togithub.com/tiangolo/fastapi/pull/11036) by [@Donnype](https://togithub.com/Donnype). - 📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR [#11029](https://togithub.com/tiangolo/fastapi/pull/11029) by [@jtemporal](https://togithub.com/jtemporal). - 📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR [#10979](https://togithub.com/tiangolo/fastapi/pull/10979) by [@tiangolo](https://togithub.com/tiangolo). - ✏️ Fix typo in `fastapi/security/oauth2.py`. PR [#10972](https://togithub.com/tiangolo/fastapi/pull/10972) by [@RafalSkolasinski](https://togithub.com/RafalSkolasinski). - 📝 Update `HTTPException` details in `docs/en/docs/tutorial/handling-errors.md`. PR [#5418](https://togithub.com/tiangolo/fastapi/pull/5418) by [@papb](https://togithub.com/papb). - ✏️ A few tweaks in `docs/de/docs/tutorial/first-steps.md`. PR [#10959](https://togithub.com/tiangolo/fastapi/pull/10959) by [@nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix link in `docs/en/docs/advanced/async-tests.md`. PR [#10960](https://togithub.com/tiangolo/fastapi/pull/10960) by [@nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix typos for Spanish documentation. PR [#10957](https://togithub.com/tiangolo/fastapi/pull/10957) by [@jlopezlira](https://togithub.com/jlopezlira). - 📝 Add warning about lifespan functions and backwards compatibility with events. PR [#10734](https://togithub.com/tiangolo/fastapi/pull/10734) by [@jacob-indigo](https://togithub.com/jacob-indigo). - ✏️ Fix broken link in `docs/tutorial/sql-databases.md` in several languages. PR [#10716](https://togithub.com/tiangolo/fastapi/pull/10716) by [@theoohoho](https://togithub.com/theoohoho). - ✏️ Remove broken links from `external_links.yml`. PR [#10943](https://togithub.com/tiangolo/fastapi/pull/10943) by [@Torabek](https://togithub.com/Torabek). - 📝 Update template docs with more info about `url_for`. PR [#5937](https://togithub.com/tiangolo/fastapi/pull/5937) by [@EzzEddin](https://togithub.com/EzzEddin). - 📝 Update usage of Token model in security docs. PR [#9313](https://togithub.com/tiangolo/fastapi/pull/9313) by [@piotrszacilowski](https://togithub.com/piotrszacilowski). - ✏️ Update highlighted line in `docs/en/docs/tutorial/bigger-applications.md`. PR [#5490](https://togithub.com/tiangolo/fastapi/pull/5490) by [@papb](https://togithub.com/papb). - 📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR [#10212](https://togithub.com/tiangolo/fastapi/pull/10212) by [@aanchlia](https://togithub.com/aanchlia). - 📝 Add hyperlink to `docs/en/docs/tutorial/static-files.md`. PR [#10243](https://togithub.com/tiangolo/fastapi/pull/10243) by [@hungtsetse](https://togithub.com/hungtsetse). - 📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR [#9440](https://togithub.com/tiangolo/fastapi/pull/9440) by [@softwarebloat](https://togithub.com/softwarebloat). - 📝 Review and rewording of `en/docs/contributing.md`. PR [#10480](https://togithub.com/tiangolo/fastapi/pull/10480) by [@nilslindemann](https://togithub.com/nilslindemann). - 📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR [#9701](https://togithub.com/tiangolo/fastapi/pull/9701) by [@mnrozhkov](https://togithub.com/mnrozhkov). - 📝 Reword in docs, from "have in mind" to "keep in mind". PR [#10376](https://togithub.com/tiangolo/fastapi/pull/10376) by [@malicious](https://togithub.com/malicious). - 📝 Add External Link: Talk by Jeny Sadadia. PR [#10265](https://togithub.com/tiangolo/fastapi/pull/10265) by [@JenySadadia](https://togithub.com/JenySadadia). - 📝 Add location info to `tutorial/bigger-applications.md`. PR [#10552](https://togithub.com/tiangolo/fastapi/pull/10552) by [@nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix Pydantic method name in `docs/en/docs/advanced/path-operation-advanced-configuration.md`. PR [#10826](https://togithub.com/tiangolo/fastapi/pull/10826) by [@ahmedabdou14](https://togithub.com/ahmedabdou14). ##### Translations - 🌐 Add Spanish translation for `docs/es/docs/external-links.md`. PR [#10933](https://togithub.com/tiangolo/fastapi/pull/10933) by [@pablocm83](https://togithub.com/pablocm83). - 🌐 Update Korean translation for `docs/ko/docs/tutorial/first-steps.md`, `docs/ko/docs/tutorial/index.md`, `docs/ko/docs/tutorial/path-params.md`, and `docs/ko/docs/tutorial/query-params.md`. PR [#4218](https://togithub.com/tiangolo/fastapi/pull/4218) by [@SnowSuno](https://togithub.com/SnowSuno). - 🌐 Add Chinese translation for `docs/zh/docs/tutorial/dependencies/dependencies-with-yield.md`. PR [#10870](https://togithub.com/tiangolo/fastapi/pull/10870) by [@zhiquanchi](https://togithub.com/zhiquanchi). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/concepts.md`. PR [#10282](https://togithub.com/tiangolo/fastapi/pull/10282) by [@xzmeng](https://togithub.com/xzmeng). - 🌐 Add Azerbaijani translation for `docs/az/docs/index.md`. PR [#11047](https://togithub.com/tiangolo/fastapi/pull/11047) by [@aykhans](https://togithub.com/aykhans). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/middleware.md`. PR [#2829](https://togithub.com/tiangolo/fastapi/pull/2829) by [@JeongHyeongKim](https://togithub.com/JeongHyeongKim). - 🌐 Add German translation for `docs/de/docs/tutorial/body-nested-models.md`. PR [#10313](https://togithub.com/tiangolo/fastapi/pull/10313) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Persian translation for `docs/fa/docs/tutorial/middleware.md`. PR [#9695](https://togithub.com/tiangolo/fastapi/pull/9695) by [@mojtabapaso](https://togithub.com/mojtabapaso). - 🌐 Update Farsi translation for `docs/fa/docs/index.md`. PR [#10216](https://togithub.com/tiangolo/fastapi/pull/10216) by [@theonlykingpin](https://togithub.com/theonlykingpin). - 🌐 Add German translation for `docs/de/docs/tutorial/body-fields.md`. PR [#10310](https://togithub.com/tiangolo/fastapi/pull/10310) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/tutorial/body.md`. PR [#10295](https://togithub.com/tiangolo/fastapi/pull/10295) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/tutorial/body-multiple-params.md`. PR [#10308](https://togithub.com/tiangolo/fastapi/pull/10308) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/security/get-current-user.md`. PR [#2681](https://togithub.com/tiangolo/fastapi/pull/2681) by [@sh0nk](https://togithub.com/sh0nk). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/advanced-dependencies.md`. PR [#3798](https://togithub.com/tiangolo/fastapi/pull/3798) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/events.md`. PR [#3815](https://togithub.com/tiangolo/fastapi/pull/3815) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/behind-a-proxy.md`. PR [#3820](https://togithub.com/tiangolo/fastapi/pull/3820) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/testing-events.md`. PR [#3818](https://togithub.com/tiangolo/fastapi/pull/3818) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/testing-websockets.md`. PR [#3817](https://togithub.com/tiangolo/fastapi/pull/3817) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/testing-database.md`. PR [#3821](https://togithub.com/tiangolo/fastapi/pull/3821) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/deta.md`. PR [#3837](https://togithub.com/tiangolo/fastapi/pull/3837) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/history-design-future.md`. PR [#3832](https://togithub.com/tiangolo/fastapi/pull/3832) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/project-generation.md`. PR [#3831](https://togithub.com/tiangolo/fastapi/pull/3831) by [@jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/docker.md`. PR [#10296](https://togithub.com/tiangolo/fastapi/pull/10296) by [@xzmeng](https://togithub.com/xzmeng). - 🌐 Update Spanish translation for `docs/es/docs/features.md`. PR [#10884](https://togithub.com/tiangolo/fastapi/pull/10884) by [@pablocm83](https://togithub.com/pablocm83). - 🌐 Add Spanish translation for `docs/es/docs/newsletter.md`. PR [#10922](https://togithub.com/tiangolo/fastapi/pull/10922) by [@pablocm83](https://togithub.com/pablocm83). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/background-tasks.md`. PR [#5910](https://togithub.com/tiangolo/fastapi/pull/5910) by [@junah201](https://togithub.com/junah201). - :globe_with_meridians: Add Turkish translation for `docs/tr/docs/alternatives.md`. PR [#10502](https://togithub.com/tiangolo/fastapi/pull/10502) by [@alperiox](https://togithub.com/alperiox). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/dependencies/index.md`. PR [#10989](https://togithub.com/tiangolo/fastapi/pull/10989) by [@KaniKim](https://togithub.com/KaniKim). - 🌐 Add Korean translation for `/docs/ko/docs/tutorial/body.md`. PR [#11000](https://togithub.com/tiangolo/fastapi/pull/11000) by [@KaniKim](https://togithub.com/KaniKim). - 🌐 Add Portuguese translation for `docs/pt/docs/tutorial/schema-extra-example.md`. PR [#4065](https://togithub.com/tiangolo/fastapi/pull/4065) by [@luccasmmg](https://togithub.com/luccasmmg). - 🌐 Add Turkish translation for `docs/tr/docs/history-design-future.md`. PR [#11012](https://togithub.com/tiangolo/fastapi/pull/11012) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Turkish translation for `docs/tr/docs/resources/index.md`. PR [#11020](https://togithub.com/tiangolo/fastapi/pull/11020) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Turkish translation for `docs/tr/docs/how-to/index.md`. PR [#11021](https://togithub.com/tiangolo/fastapi/pull/11021) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add German translation for `docs/de/docs/tutorial/query-params.md`. PR [#10293](https://togithub.com/tiangolo/fastapi/pull/10293) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/benchmarks.md`. PR [#10866](https://togithub.com/tiangolo/fastapi/pull/10866) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Turkish translation for `docs/tr/docs/learn/index.md`. PR [#11014](https://togithub.com/tiangolo/fastapi/pull/11014) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Persian translation for `docs/fa/docs/tutorial/security/index.md`. PR [#9945](https://togithub.com/tiangolo/fastapi/pull/9945) by [@mojtabapaso](https://togithub.com/mojtabapaso). - 🌐 Add Turkish translation for `docs/tr/docs/help/index.md`. PR [#11013](https://togithub.com/tiangolo/fastapi/pull/11013) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Turkish translation for `docs/tr/docs/about/index.md`. PR [#11006](https://togithub.com/tiangolo/fastapi/pull/11006) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Update Turkish translation for `docs/tr/docs/benchmarks.md`. PR [#11005](https://togithub.com/tiangolo/fastapi/pull/11005) by [@hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Italian translation for `docs/it/docs/index.md`. PR [#5233](https://togithub.com/tiangolo/fastapi/pull/5233) by [@matteospanio](https://togithub.com/matteospanio). - 🌐 Add Korean translation for `docs/ko/docs/help/index.md`. PR [#10983](https://togithub.com/tiangolo/fastapi/pull/10983) by [@KaniKim](https://togithub.com/KaniKim). - 🌐 Add Korean translation for `docs/ko/docs/features.md`. PR [#10976](https://togithub.com/tiangolo/fastapi/pull/10976) by [@KaniKim](https://togithub.com/KaniKim). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/security/get-current-user.md`. PR [#5737](https://togithub.com/tiangolo/fastapi/pull/5737) by [@KdHyeon0661](https://togithub.com/KdHyeon0661). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/security/first-steps.md`. PR [#10541](https://togithub.com/tiangolo/fastapi/pull/10541) by [@AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/handling-errors.md`. PR [#10375](https://togithub.com/tiangolo/fastapi/pull/10375) by [@AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/encoder.md`. PR [#10374](https://togithub.com/tiangolo/fastapi/pull/10374) by [@AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/body-updates.md`. PR [#10373](https://togithub.com/tiangolo/fastapi/pull/10373) by [@AlertRED](https://togithub.com/AlertRED). - 🌐 Russian translation: updated `fastapi-people.md`.. PR [#10255](https://togithub.com/tiangolo/fastapi/pull/10255) by [@NiKuma0](https://togithub.com/NiKuma0). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/security/index.md`. PR [#5798](https://togithub.com/tiangolo/fastapi/pull/5798) by [@3w36zj6](https://togithub.com/3w36zj6). - 🌐 Add German translation for `docs/de/docs/advanced/generate-clients.md`. PR [#10725](https://togithub.com/tiangolo/fastapi/pull/10725) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/advanced/openapi-webhooks.md`. PR [#10712](https://togithub.com/tiangolo/fastapi/pull/10712) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/advanced/custom-response.md`. PR [#10624](https://togithub.com/tiangolo/fastapi/pull/10624) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/advanced/additional-status-codes.md`. PR [#10617](https://togithub.com/tiangolo/fastapi/pull/10617) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/tutorial/middleware.md`. PR [#10391](https://togithub.com/tiangolo/fastapi/pull/10391) by [@JohannesJungbluth](https://togithub.com/JohannesJungbluth). - 🌐 Add German translation for introduction documents. PR [#10497](https://togithub.com/tiangolo/fastapi/pull/10497) by [@nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/encoder.md`. PR [#1955](https://togithub.com/tiangolo/fastapi/pull/1955) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/extra-data-types.md`. PR [#1932](https://togithub.com/tiangolo/fastapi/pull/1932) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Turkish translation for `docs/tr/docs/async.md`. PR [#5191](https://togithub.com/tiangolo/fastapi/pull/5191) by [@BilalAlpaslan](https://togithub.com/BilalAlpaslan). - 🌐 Add Turkish translation for `docs/tr/docs/project-generation.md`. PR [#5192](https://togithub.com/tiangolo/fastapi/pull/5192) by [@BilalAlpaslan](https://togithub.com/BilalAlpaslan). - 🌐 Add Korean translation for `docs/ko/docs/deployment/docker.md`. PR [#5657](https://togithub.com/tiangolo/fastapi/pull/5657) by [@nearnear](https://togithub.com/nearnear). - 🌐 Add Korean translation for `docs/ko/docs/deployment/server-workers.md`. PR [#4935](https://togithub.com/tiangolo/fastapi/pull/4935) by [@jujumilk3](https://togithub.com/jujumilk3). - 🌐 Add Korean translation for `docs/ko/docs/deployment/index.md`. PR [#4561](https://togithub.com/tiangolo/fastapi/pull/4561) by [@jujumilk3](https://togithub.com/jujumilk3). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/path-operation-configuration.md`. PR [#3639](https://togithub.com/tiangolo/fastapi/pull/3639) by [@jungsu-kwon](https://togithub.com/jungsu-kwon). - 🌐 Modify the description of `zh` - Traditional Chinese. PR [#10889](https://togithub.com/tiangolo/fastapi/pull/10889) by [@cherinyy](https://togithub.com/cherinyy). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/static-files.md`. PR [#2957](https://togithub.com/tiangolo/fastapi/pull/2957) by [@jeesang7](https://togithub.com/jeesang7). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/response-model.md`. PR [#2766](https://togithub.com/tiangolo/fastapi/pull/2766) by [@hard-coders](https://togithub.com/hard-coders). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/body-multiple-params.md`. PR [#2461](https://togithub.com/tiangolo/fastapi/pull/2461) by [@PandaHun](https://togithub.com/PandaHun). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/query-params-str-validations.md`. PR [#2415](https://togithub.com/tiangolo/fastapi/pull/2415) by [@hard-coders](https://togithub.com/hard-coders). - 🌐 Add Korean translation for `docs/ko/docs/python-types.md`. PR [#2267](https://togithub.com/tiangolo/fastapi/pull/2267) by [@jrim](https://togithub.com/jrim). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/body-nested-models.md`. PR [#2506](https://togithub.com/tiangolo/fastapi/pull/2506) by [@hard-coders](https://togithub.com/hard-coders). - 🌐 Add Korean translation for `docs/ko/docs/learn/index.md`. PR [#10977](https://togithub.com/tiangolo/fastapi/pull/10977) by [@KaniKim](https://togithub.com/KaniKim). - 🌐 Initialize translations for Traditional Chinese. PR [#10505](https://togithub.com/tiangolo/fastapi/pull/10505) by [@hsuanchi](https://togithub.com/hsuanchi). - ✏️ Tweak the german translation of `docs/de/docs/tutorial/index.md`. PR [#10962](https://togithub.com/tiangolo/fastapi/pull/10962) by [@nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix typo error in `docs/ko/docs/tutorial/path-params.md`. PR [#10758](https://togithub.com/tiangolo/fastapi/pull/10758) by [@2chanhaeng](https://togithub.com/2chanhaeng). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/dependencies-with-yield.md`. PR [#1961](https://togithub.com/tiangolo/fastapi/pull/1961) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/dependencies-in-path-operation-decorators.md`. PR [#1960](https://togithub.com/tiangolo/fastapi/pull/1960) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/sub-dependencies.md`. PR [#1959](https://togithub.com/tiangolo/fastapi/pull/1959) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/background-tasks.md`. PR [#2668](https://togithub.com/tiangolo/fastapi/pull/2668) by [@tokusumi](https://togithub.com/tokusumi). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/index.md` and `docs/ja/docs/tutorial/dependencies/classes-as-dependencies.md`. PR [#1958](https://togithub.com/tiangolo/fastapi/pull/1958) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/response-model.md`. PR [#1938](https://togithub.com/tiangolo/fastapi/pull/1938) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/body-multiple-params.md`. PR [#1903](https://togithub.com/tiangolo/fastapi/pull/1903) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/path-params-numeric-validations.md`. PR [#1902](https://togithub.com/tiangolo/fastapi/pull/1902) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/python-types.md`. PR [#1899](https://togithub.com/tiangolo/fastapi/pull/1899) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/handling-errors.md`. PR [#1953](https://togithub.com/tiangolo/fastapi/pull/1953) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/response-status-code.md`. PR [#1942](https://togithub.com/tiangolo/fastapi/pull/1942) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/extra-models.md`. PR [#1941](https://togithub.com/tiangolo/fastapi/pull/1941) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese tranlsation for `docs/ja/docs/tutorial/schema-extra-example.md`. PR [#1931](https://togithub.com/tiangolo/fastapi/pull/1931) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/body-nested-models.md`. PR [#1930](https://togithub.com/tiangolo/fastapi/pull/1930) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/body-fields.md`. PR [#1923](https://togithub.com/tiangolo/fastapi/pull/1923) by [@SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add German translation for `docs/de/docs/tutorial/index.md`. PR [#9502](https://togithub.com/tiangolo/fastapi/pull/9502) by [@fhabers21](https://togithub.com/fhabers21). - 🌐 Add German translation for `docs/de/docs/tutorial/background-tasks.md`. PR [#10566](https://togithub.com/tiangolo/fastapi/pull/10566) by [@nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix typo in `docs/ru/docs/index.md`. PR [#10672](https://togithub.com/tiangolo/fastapi/pull/10672) by [@Delitel-WEB](https://togithub.com/Delitel-WEB). - ✏️ Fix typos in `docs/zh/docs/tutorial/extra-data-types.md`. PR [#10727](https://togithub.com/tiangolo/fastapi/pull/10727) by [@HiemalBeryl](https://togithub.com/HiemalBeryl). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/dependencies/classes-as-dependencies.md`. PR [#10410](https://togithub.com/tiangolo/fastapi/pull/10410) by [@AlertRED](https://togithub.com/AlertRED). ##### Internal - 👥 Update FastAPI People. PR [#11074](https://togithub.com/tiangolo/fastapi/pull/11074) by [@tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors: add Coherence. PR [#11066](https://togithub.com/tiangolo/fastapi/pull/11066) by [@tiangolo](https://togithub.com/tiangolo). - 👷 Upgrade GitHub Action issue-manager. PR [#11056](https://togithub.com/tiangolo/fastapi/pull/11056) by [@tiangolo](https://togithub.com/tiangolo). - 🍱 Update sponsors: TalkPython badge. PR [#11052](https://togithub.com/tiangolo/fastapi/pull/11052) by [@tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors: TalkPython badge image. PR [#11048](https://togithub.com/tiangolo/fastapi/pull/11048) by [@tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors, remove Deta. PR [#11041](https://togithub.com/tiangolo/fastapi/pull/11041) by [@tiangolo](https://togithub.com/tiangolo). - 💄 Fix CSS breaking RTL languages (erroneously introduced by a previous RTL PR). PR [#11039](https://togithub.com/tiangolo/fastapi/pull/11039) by [@tiangolo](https://togithub.com/tiangolo). - 🔧 Add Italian to `mkdocs.yml`. PR [#11016](https://togithub.com/tiangolo/fastapi/pull/11016) by [@alejsdev](https://togithub.com/alejsdev). - 🔨 Verify `mkdocs.yml` languages in CI, update `docs.py`. PR [#11009](https://togithub.com/tiangolo/fastapi/pull/11009) by [@tiangolo](https://togithub.com/tiangolo). - 🔧 Update config in `label-approved.yml` to accept translations with 1 reviewer. PR [#11007](https://togithub.com/tiangolo/fastapi/pull/11007) by [@alejsdev](https://togithub.com/alejsdev). - 👷 Add changes-requested handling in GitHub Action issue manager. PR [#10971](https://togithub.com/tiangolo/fastapi/pull/10971) by [@tiangolo](https://togithub.com/tiangolo). - 🔧 Group dependencies on dependabot updates. PR [#10952](https://togithub.com/tiangolo/fastapi/pull/10952) by [@Kludex](https://togithub.com/Kludex). - ⬆ Bump actions/setup-python from 4 to 5. PR [#10764](https://togithub.com/tiangolo/fastapi/pull/10764) by [@dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11. PR [#10731](https://togithub.com/tiangolo/fastapi/pull/10731) by [@dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump dawidd6/action-download-artifact from 2.28.0 to 3.0.0. PR [#10777](https://togithub.com/tiangolo/fastapi/pull/10777) by [@dependabot\[bot\]](https://togithub.com/apps/dependabot). - 🔧 Add support for translations to languages with a longer code name, like `zh-hant`. PR [#10950](https://togithub.com/tiangolo/fastapi/pull/10950) by [@tiangolo](https://togithub.com/tiangolo).

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Altinn / digdir-slack-bot