Checkmarx / capital

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
GNU Affero General Public License v3.0
274 stars 67 forks source link

Bump fastapi from 0.79.0 to 0.95.0 #38

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps fastapi from 0.79.0 to 0.95.0.

Release notes

Sourced from fastapi's releases.

0.95.0

Highlights

This release adds support for dependencies and parameters using Annotated and recommends its usage. ✨

This has several benefits, one of the main ones is that now the parameters of your functions with Annotated would not be affected at all.

If you call those functions in other places in your code, the actual default values will be kept, your editor will help you notice missing required arguments, Python will require you to pass required arguments at runtime, you will be able to use the same functions for different things and with different libraries (e.g. Typer will soon support Annotated too, then you could use the same function for an API and a CLI), etc.

Because Annotated is standard Python, you still get all the benefits from editors and tools, like autocompletion, inline errors, etc.

One of the biggest benefits is that now you can create Annotated dependencies that are then shared by multiple path operation functions, this will allow you to reduce a lot of code duplication in your codebase, while keeping all the support from editors and tools.

For example, you could have code like this:

def get_current_user(token: str):
    # authenticate user
    return User()

@​app.get("/items/") def read_items(user: User = Depends(get_current_user)): ...

@​app.post("/items/") def create_item(*, user: User = Depends(get_current_user), item: Item): ...

@​app.get("/items/{item_id}") def read_item(*, user: User = Depends(get_current_user), item_id: int): ...

@​app.delete("/items/{item_id}") def delete_item(*, user: User = Depends(get_current_user), item_id: int): ...

There's a bit of code duplication for the dependency:

user: User = Depends(get_current_user)

...the bigger the codebase, the more noticeable it is.

Now you can create an annotated dependency once, like this:

... (truncated)

Commits
  • d666ccb 🔖 Release version 0.95.0
  • 38f0cad 📝 Tweak release notes
  • bd90bed 📝 Update release notes
  • 546392d 📝 Update release notes
  • 0bc87ec 📝 Tweak tip recommending Annotated in docs (#9270)
  • fbfd535 📝 Update release notes
  • 994ea1a 📝 Update release notes
  • 6967354 📝 Update order of examples, latest Python version first, and simplify version...
  • 166d348 📝 Update release notes
  • 9eaed2e 📝 Update all docs to use Annotated as the main recommendation, with new exa...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #47.