Open demeringo opened 2 hours ago
demeringo
commented
2 hours ago I understand that among other possible breaking changes we need now to explicitly install some features of fastapi with:
poetry add "fastapi[all]"This also implies a migration from pydantic 1 to pydantic 2. #314 I do not know if we can separate the update or if they need to be done together.
demeringo
commented
2 hours ago Both fastapi and pydantic need to be updated together.
demeringo
commented
2 hours ago Running
# Updating fastapi and pydantic
poetry add fastapi@latest
poetry add pydantic@latest
# Install pydantic migration tool
poetry add bump-pydantic
# Migrate codebase to pydantic v2
bump-pydantic boaviztapi
# Uninstall the pydantic migration tool
poetry remove bump-pydantic
Problem
This project uses an old version of fastapi (0.95.2) wich has a known security issue.
Update is not straighforward and future maintenance will be difficult.
See security issue https://github.com/Boavizta/boaviztapi/security/dependabot/55
Solution
Ugrade to a recent release of fastapi (>0.109.1) https://github.com/fastapi/fastapi
Alternatives
Additional context or elements
A simple update to the latest release does not work out of the box. It breaks the tests. There seem to be breaking changes and we may have to adapt the code.
https://fastapi.tiangolo.com/release-notes/#docs_25