asosnovsky / Shortumation

[Not Maintained] A better way to write automations in home-assistant without having to install and run a seperate automation engine!
MIT License
298 stars 6 forks source link

Update dependency fastapi to v0.109.1 [SECURITY] #188

Closed renovate[bot] closed 6 months ago

renovate[bot] commented 9 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
fastapi ==0.78.0 -> ==0.109.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-24762

Summary

When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options.

An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests.

This can create a ReDoS (Regular expression Denial of Service): https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

This only applies when the app uses form data, parsed with python-multipart.

Details

A regular HTTP Content-Type header could look like:

Content-Type: text/html; charset=utf-8

python-multipart parses the option with this RegEx: https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74

A custom option could be made and sent to the server to break it with:

Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

PoC

Create a simple WSGI application, that just parses the Content-Type, and run it with python main.py:


# main.py
from wsgiref.simple_server import make_server
from wsgiref.validate import validator

from multipart.multipart import parse_options_header

def simple_app(environ, start_response):
    _, _ = parse_options_header(environ["CONTENT_TYPE"])

    start_response("200 OK", [("Content-type", "text/plain")])
    return [b"Ok"]

httpd = make_server("", 8123, validator(simple_app))
print("Serving on port 8123...")
httpd.serve_forever()

Then send the attacking request with:

$ curl -v -X 'POST' -H $'Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --data-binary 'input=1' 'http://localhost:8123/'

Impact

It's a ReDoS, (Regular expression Denial of Service), it only applies to those reading form data. This way it also affects other libraries using Starlette, like FastAPI.

Original Report

This was originally reported to FastAPI as an email to security@tiangolo.com, sent via https://huntr.com/, the original reporter is Marcello, https://github.com/byt3bl33d3r

Original report to FastAPI Hey Tiangolo! My name's Marcello and I work on the ProtectAI/Huntr Threat Research team, a few months ago we got a report (from @​nicecatch2000) of a ReDoS affecting another very popular Python web framework. After some internal research, I found that FastAPI is vulnerable to the same ReDoS under certain conditions (only when it parses Form data not JSON). Here are the details: I'm using the latest version of FastAPI (0.109.0) and the following code: ```Python from typing import Annotated from fastapi.responses import HTMLResponse from fastapi import FastAPI,Form from pydantic import BaseModel class Item(BaseModel): username: str app = FastAPI() @​app.get("/", response_class=HTMLResponse) async def index(): return HTMLResponse("Test", status_code=200) @​app.post("/submit/") async def submit(username: Annotated[str, Form()]): return {"username": username} @​app.post("/submit_json/") async def submit_json(item: Item): return {"username": item.username} ``` I'm running the above with uvicorn with the following command: ```console uvicorn server:app ``` Then run the following cUrl command: ``` curl -v -X 'POST' -H $'Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --data-binary 'input=1' 'http://localhost:8000/submit/' ``` You'll see the server locks up, is unable to serve anymore requests and one CPU core is pegged to 100% You can even start uvicorn with multiple workers with the --workers 4 argument and as long as you send (workers + 1) requests you'll completely DoS the FastApi server. If you try submitting Json to the /submit_json endpoint with the malicious Content-Type header you'll see it isn't vulnerable. So this only affects FastAPI when it parses Form data. Cheers #### Impact An attacker is able to cause a DoS on a FastApi server via a malicious Content-Type header if it parses Form data. #### Occurrences [params.py L586](https://togithub.com/tiangolo/fastapi/blob/d74b3b25659b42233a669f032529880de8bd6c2d/fastapi/params.py#L586)

Release Notes

tiangolo/fastapi (fastapi) ### [`v0.109.1`](https://togithub.com/tiangolo/fastapi/releases/tag/0.109.1) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.109.0...0.109.1) ##### Security fixes - ⬆️ Upgrade minimum version of `python-multipart` to `>=0.0.7` to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade `python-multipart`. Read more in the [advisory: Content-Type Header ReDoS](https://togithub.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389). ##### Features - ✨ Include HTTP 205 in status codes with no body. PR [#​10969](https://togithub.com/tiangolo/fastapi/pull/10969) by [@​tiangolo](https://togithub.com/tiangolo). ##### Refactors - ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR [#​10876](https://togithub.com/tiangolo/fastapi/pull/10876) by [@​emmettbutler](https://togithub.com/emmettbutler). - ♻️ Simplify string format with f-strings in `fastapi/utils.py`. PR [#​10576](https://togithub.com/tiangolo/fastapi/pull/10576) by [@​eukub](https://togithub.com/eukub). - 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR [#​10893](https://togithub.com/tiangolo/fastapi/pull/10893) by [@​jiridanek](https://togithub.com/jiridanek). - ✅ Re-enable test in `tests/test_tutorial/test_header_params/test_tutorial003.py` after fix in Starlette. PR [#​10904](https://togithub.com/tiangolo/fastapi/pull/10904) by [@​ooknimm](https://togithub.com/ooknimm). ##### Docs - 📝 Tweak wording in `help-fastapi.md`. PR [#​11040](https://togithub.com/tiangolo/fastapi/pull/11040) by [@​tiangolo](https://togithub.com/tiangolo). - 📝 Tweak docs for Behind a Proxy. PR [#​11038](https://togithub.com/tiangolo/fastapi/pull/11038) by [@​tiangolo](https://togithub.com/tiangolo). - 📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR [#​11036](https://togithub.com/tiangolo/fastapi/pull/11036) by [@​Donnype](https://togithub.com/Donnype). - 📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR [#​11029](https://togithub.com/tiangolo/fastapi/pull/11029) by [@​jtemporal](https://togithub.com/jtemporal). - 📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR [#​10979](https://togithub.com/tiangolo/fastapi/pull/10979) by [@​tiangolo](https://togithub.com/tiangolo). - ✏️ Fix typo in `fastapi/security/oauth2.py`. PR [#​10972](https://togithub.com/tiangolo/fastapi/pull/10972) by [@​RafalSkolasinski](https://togithub.com/RafalSkolasinski). - 📝 Update `HTTPException` details in `docs/en/docs/tutorial/handling-errors.md`. PR [#​5418](https://togithub.com/tiangolo/fastapi/pull/5418) by [@​papb](https://togithub.com/papb). - ✏️ A few tweaks in `docs/de/docs/tutorial/first-steps.md`. PR [#​10959](https://togithub.com/tiangolo/fastapi/pull/10959) by [@​nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix link in `docs/en/docs/advanced/async-tests.md`. PR [#​10960](https://togithub.com/tiangolo/fastapi/pull/10960) by [@​nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix typos for Spanish documentation. PR [#​10957](https://togithub.com/tiangolo/fastapi/pull/10957) by [@​jlopezlira](https://togithub.com/jlopezlira). - 📝 Add warning about lifespan functions and backwards compatibility with events. PR [#​10734](https://togithub.com/tiangolo/fastapi/pull/10734) by [@​jacob-indigo](https://togithub.com/jacob-indigo). - ✏️ Fix broken link in `docs/tutorial/sql-databases.md` in several languages. PR [#​10716](https://togithub.com/tiangolo/fastapi/pull/10716) by [@​theoohoho](https://togithub.com/theoohoho). - ✏️ Remove broken links from `external_links.yml`. PR [#​10943](https://togithub.com/tiangolo/fastapi/pull/10943) by [@​Torabek](https://togithub.com/Torabek). - 📝 Update template docs with more info about `url_for`. PR [#​5937](https://togithub.com/tiangolo/fastapi/pull/5937) by [@​EzzEddin](https://togithub.com/EzzEddin). - 📝 Update usage of Token model in security docs. PR [#​9313](https://togithub.com/tiangolo/fastapi/pull/9313) by [@​piotrszacilowski](https://togithub.com/piotrszacilowski). - ✏️ Update highlighted line in `docs/en/docs/tutorial/bigger-applications.md`. PR [#​5490](https://togithub.com/tiangolo/fastapi/pull/5490) by [@​papb](https://togithub.com/papb). - 📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR [#​10212](https://togithub.com/tiangolo/fastapi/pull/10212) by [@​aanchlia](https://togithub.com/aanchlia). - 📝 Add hyperlink to `docs/en/docs/tutorial/static-files.md`. PR [#​10243](https://togithub.com/tiangolo/fastapi/pull/10243) by [@​hungtsetse](https://togithub.com/hungtsetse). - 📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR [#​9440](https://togithub.com/tiangolo/fastapi/pull/9440) by [@​softwarebloat](https://togithub.com/softwarebloat). - 📝 Review and rewording of `en/docs/contributing.md`. PR [#​10480](https://togithub.com/tiangolo/fastapi/pull/10480) by [@​nilslindemann](https://togithub.com/nilslindemann). - 📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR [#​9701](https://togithub.com/tiangolo/fastapi/pull/9701) by [@​mnrozhkov](https://togithub.com/mnrozhkov). - 📝 Reword in docs, from "have in mind" to "keep in mind". PR [#​10376](https://togithub.com/tiangolo/fastapi/pull/10376) by [@​malicious](https://togithub.com/malicious). - 📝 Add External Link: Talk by Jeny Sadadia. PR [#​10265](https://togithub.com/tiangolo/fastapi/pull/10265) by [@​JenySadadia](https://togithub.com/JenySadadia). - 📝 Add location info to `tutorial/bigger-applications.md`. PR [#​10552](https://togithub.com/tiangolo/fastapi/pull/10552) by [@​nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix Pydantic method name in `docs/en/docs/advanced/path-operation-advanced-configuration.md`. PR [#​10826](https://togithub.com/tiangolo/fastapi/pull/10826) by [@​ahmedabdou14](https://togithub.com/ahmedabdou14). ##### Translations - 🌐 Add Spanish translation for `docs/es/docs/external-links.md`. PR [#​10933](https://togithub.com/tiangolo/fastapi/pull/10933) by [@​pablocm83](https://togithub.com/pablocm83). - 🌐 Update Korean translation for `docs/ko/docs/tutorial/first-steps.md`, `docs/ko/docs/tutorial/index.md`, `docs/ko/docs/tutorial/path-params.md`, and `docs/ko/docs/tutorial/query-params.md`. PR [#​4218](https://togithub.com/tiangolo/fastapi/pull/4218) by [@​SnowSuno](https://togithub.com/SnowSuno). - 🌐 Add Chinese translation for `docs/zh/docs/tutorial/dependencies/dependencies-with-yield.md`. PR [#​10870](https://togithub.com/tiangolo/fastapi/pull/10870) by [@​zhiquanchi](https://togithub.com/zhiquanchi). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/concepts.md`. PR [#​10282](https://togithub.com/tiangolo/fastapi/pull/10282) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Add Azerbaijani translation for `docs/az/docs/index.md`. PR [#​11047](https://togithub.com/tiangolo/fastapi/pull/11047) by [@​aykhans](https://togithub.com/aykhans). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/middleware.md`. PR [#​2829](https://togithub.com/tiangolo/fastapi/pull/2829) by [@​JeongHyeongKim](https://togithub.com/JeongHyeongKim). - 🌐 Add German translation for `docs/de/docs/tutorial/body-nested-models.md`. PR [#​10313](https://togithub.com/tiangolo/fastapi/pull/10313) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Persian translation for `docs/fa/docs/tutorial/middleware.md`. PR [#​9695](https://togithub.com/tiangolo/fastapi/pull/9695) by [@​mojtabapaso](https://togithub.com/mojtabapaso). - 🌐 Update Farsi translation for `docs/fa/docs/index.md`. PR [#​10216](https://togithub.com/tiangolo/fastapi/pull/10216) by [@​theonlykingpin](https://togithub.com/theonlykingpin). - 🌐 Add German translation for `docs/de/docs/tutorial/body-fields.md`. PR [#​10310](https://togithub.com/tiangolo/fastapi/pull/10310) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/tutorial/body.md`. PR [#​10295](https://togithub.com/tiangolo/fastapi/pull/10295) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/tutorial/body-multiple-params.md`. PR [#​10308](https://togithub.com/tiangolo/fastapi/pull/10308) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/security/get-current-user.md`. PR [#​2681](https://togithub.com/tiangolo/fastapi/pull/2681) by [@​sh0nk](https://togithub.com/sh0nk). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/advanced-dependencies.md`. PR [#​3798](https://togithub.com/tiangolo/fastapi/pull/3798) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/events.md`. PR [#​3815](https://togithub.com/tiangolo/fastapi/pull/3815) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/behind-a-proxy.md`. PR [#​3820](https://togithub.com/tiangolo/fastapi/pull/3820) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/testing-events.md`. PR [#​3818](https://togithub.com/tiangolo/fastapi/pull/3818) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/testing-websockets.md`. PR [#​3817](https://togithub.com/tiangolo/fastapi/pull/3817) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/testing-database.md`. PR [#​3821](https://togithub.com/tiangolo/fastapi/pull/3821) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/deta.md`. PR [#​3837](https://togithub.com/tiangolo/fastapi/pull/3837) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/history-design-future.md`. PR [#​3832](https://togithub.com/tiangolo/fastapi/pull/3832) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/project-generation.md`. PR [#​3831](https://togithub.com/tiangolo/fastapi/pull/3831) by [@​jaystone776](https://togithub.com/jaystone776). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/docker.md`. PR [#​10296](https://togithub.com/tiangolo/fastapi/pull/10296) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Update Spanish translation for `docs/es/docs/features.md`. PR [#​10884](https://togithub.com/tiangolo/fastapi/pull/10884) by [@​pablocm83](https://togithub.com/pablocm83). - 🌐 Add Spanish translation for `docs/es/docs/newsletter.md`. PR [#​10922](https://togithub.com/tiangolo/fastapi/pull/10922) by [@​pablocm83](https://togithub.com/pablocm83). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/background-tasks.md`. PR [#​5910](https://togithub.com/tiangolo/fastapi/pull/5910) by [@​junah201](https://togithub.com/junah201). - :globe_with_meridians: Add Turkish translation for `docs/tr/docs/alternatives.md`. PR [#​10502](https://togithub.com/tiangolo/fastapi/pull/10502) by [@​alperiox](https://togithub.com/alperiox). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/dependencies/index.md`. PR [#​10989](https://togithub.com/tiangolo/fastapi/pull/10989) by [@​KaniKim](https://togithub.com/KaniKim). - 🌐 Add Korean translation for `/docs/ko/docs/tutorial/body.md`. PR [#​11000](https://togithub.com/tiangolo/fastapi/pull/11000) by [@​KaniKim](https://togithub.com/KaniKim). - 🌐 Add Portuguese translation for `docs/pt/docs/tutorial/schema-extra-example.md`. PR [#​4065](https://togithub.com/tiangolo/fastapi/pull/4065) by [@​luccasmmg](https://togithub.com/luccasmmg). - 🌐 Add Turkish translation for `docs/tr/docs/history-design-future.md`. PR [#​11012](https://togithub.com/tiangolo/fastapi/pull/11012) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Turkish translation for `docs/tr/docs/resources/index.md`. PR [#​11020](https://togithub.com/tiangolo/fastapi/pull/11020) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Turkish translation for `docs/tr/docs/how-to/index.md`. PR [#​11021](https://togithub.com/tiangolo/fastapi/pull/11021) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add German translation for `docs/de/docs/tutorial/query-params.md`. PR [#​10293](https://togithub.com/tiangolo/fastapi/pull/10293) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/benchmarks.md`. PR [#​10866](https://togithub.com/tiangolo/fastapi/pull/10866) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Turkish translation for `docs/tr/docs/learn/index.md`. PR [#​11014](https://togithub.com/tiangolo/fastapi/pull/11014) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Persian translation for `docs/fa/docs/tutorial/security/index.md`. PR [#​9945](https://togithub.com/tiangolo/fastapi/pull/9945) by [@​mojtabapaso](https://togithub.com/mojtabapaso). - 🌐 Add Turkish translation for `docs/tr/docs/help/index.md`. PR [#​11013](https://togithub.com/tiangolo/fastapi/pull/11013) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Turkish translation for `docs/tr/docs/about/index.md`. PR [#​11006](https://togithub.com/tiangolo/fastapi/pull/11006) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Update Turkish translation for `docs/tr/docs/benchmarks.md`. PR [#​11005](https://togithub.com/tiangolo/fastapi/pull/11005) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Italian translation for `docs/it/docs/index.md`. PR [#​5233](https://togithub.com/tiangolo/fastapi/pull/5233) by [@​matteospanio](https://togithub.com/matteospanio). - 🌐 Add Korean translation for `docs/ko/docs/help/index.md`. PR [#​10983](https://togithub.com/tiangolo/fastapi/pull/10983) by [@​KaniKim](https://togithub.com/KaniKim). - 🌐 Add Korean translation for `docs/ko/docs/features.md`. PR [#​10976](https://togithub.com/tiangolo/fastapi/pull/10976) by [@​KaniKim](https://togithub.com/KaniKim). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/security/get-current-user.md`. PR [#​5737](https://togithub.com/tiangolo/fastapi/pull/5737) by [@​KdHyeon0661](https://togithub.com/KdHyeon0661). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/security/first-steps.md`. PR [#​10541](https://togithub.com/tiangolo/fastapi/pull/10541) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/handling-errors.md`. PR [#​10375](https://togithub.com/tiangolo/fastapi/pull/10375) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/encoder.md`. PR [#​10374](https://togithub.com/tiangolo/fastapi/pull/10374) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/body-updates.md`. PR [#​10373](https://togithub.com/tiangolo/fastapi/pull/10373) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Russian translation: updated `fastapi-people.md`.. PR [#​10255](https://togithub.com/tiangolo/fastapi/pull/10255) by [@​NiKuma0](https://togithub.com/NiKuma0). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/security/index.md`. PR [#​5798](https://togithub.com/tiangolo/fastapi/pull/5798) by [@​3w36zj6](https://togithub.com/3w36zj6). - 🌐 Add German translation for `docs/de/docs/advanced/generate-clients.md`. PR [#​10725](https://togithub.com/tiangolo/fastapi/pull/10725) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/advanced/openapi-webhooks.md`. PR [#​10712](https://togithub.com/tiangolo/fastapi/pull/10712) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/advanced/custom-response.md`. PR [#​10624](https://togithub.com/tiangolo/fastapi/pull/10624) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/advanced/additional-status-codes.md`. PR [#​10617](https://togithub.com/tiangolo/fastapi/pull/10617) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add German translation for `docs/de/docs/tutorial/middleware.md`. PR [#​10391](https://togithub.com/tiangolo/fastapi/pull/10391) by [@​JohannesJungbluth](https://togithub.com/JohannesJungbluth). - 🌐 Add German translation for introduction documents. PR [#​10497](https://togithub.com/tiangolo/fastapi/pull/10497) by [@​nilslindemann](https://togithub.com/nilslindemann). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/encoder.md`. PR [#​1955](https://togithub.com/tiangolo/fastapi/pull/1955) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/extra-data-types.md`. PR [#​1932](https://togithub.com/tiangolo/fastapi/pull/1932) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Turkish translation for `docs/tr/docs/async.md`. PR [#​5191](https://togithub.com/tiangolo/fastapi/pull/5191) by [@​BilalAlpaslan](https://togithub.com/BilalAlpaslan). - 🌐 Add Turkish translation for `docs/tr/docs/project-generation.md`. PR [#​5192](https://togithub.com/tiangolo/fastapi/pull/5192) by [@​BilalAlpaslan](https://togithub.com/BilalAlpaslan). - 🌐 Add Korean translation for `docs/ko/docs/deployment/docker.md`. PR [#​5657](https://togithub.com/tiangolo/fastapi/pull/5657) by [@​nearnear](https://togithub.com/nearnear). - 🌐 Add Korean translation for `docs/ko/docs/deployment/server-workers.md`. PR [#​4935](https://togithub.com/tiangolo/fastapi/pull/4935) by [@​jujumilk3](https://togithub.com/jujumilk3). - 🌐 Add Korean translation for `docs/ko/docs/deployment/index.md`. PR [#​4561](https://togithub.com/tiangolo/fastapi/pull/4561) by [@​jujumilk3](https://togithub.com/jujumilk3). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/path-operation-configuration.md`. PR [#​3639](https://togithub.com/tiangolo/fastapi/pull/3639) by [@​jungsu-kwon](https://togithub.com/jungsu-kwon). - 🌐 Modify the description of `zh` - Traditional Chinese. PR [#​10889](https://togithub.com/tiangolo/fastapi/pull/10889) by [@​cherinyy](https://togithub.com/cherinyy). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/static-files.md`. PR [#​2957](https://togithub.com/tiangolo/fastapi/pull/2957) by [@​jeesang7](https://togithub.com/jeesang7). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/response-model.md`. PR [#​2766](https://togithub.com/tiangolo/fastapi/pull/2766) by [@​hard-coders](https://togithub.com/hard-coders). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/body-multiple-params.md`. PR [#​2461](https://togithub.com/tiangolo/fastapi/pull/2461) by [@​PandaHun](https://togithub.com/PandaHun). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/query-params-str-validations.md`. PR [#​2415](https://togithub.com/tiangolo/fastapi/pull/2415) by [@​hard-coders](https://togithub.com/hard-coders). - 🌐 Add Korean translation for `docs/ko/docs/python-types.md`. PR [#​2267](https://togithub.com/tiangolo/fastapi/pull/2267) by [@​jrim](https://togithub.com/jrim). - 🌐 Add Korean translation for `docs/ko/docs/tutorial/body-nested-models.md`. PR [#​2506](https://togithub.com/tiangolo/fastapi/pull/2506) by [@​hard-coders](https://togithub.com/hard-coders). - 🌐 Add Korean translation for `docs/ko/docs/learn/index.md`. PR [#​10977](https://togithub.com/tiangolo/fastapi/pull/10977) by [@​KaniKim](https://togithub.com/KaniKim). - 🌐 Initialize translations for Traditional Chinese. PR [#​10505](https://togithub.com/tiangolo/fastapi/pull/10505) by [@​hsuanchi](https://togithub.com/hsuanchi). - ✏️ Tweak the german translation of `docs/de/docs/tutorial/index.md`. PR [#​10962](https://togithub.com/tiangolo/fastapi/pull/10962) by [@​nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix typo error in `docs/ko/docs/tutorial/path-params.md`. PR [#​10758](https://togithub.com/tiangolo/fastapi/pull/10758) by [@​2chanhaeng](https://togithub.com/2chanhaeng). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/dependencies-with-yield.md`. PR [#​1961](https://togithub.com/tiangolo/fastapi/pull/1961) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/dependencies-in-path-operation-decorators.md`. PR [#​1960](https://togithub.com/tiangolo/fastapi/pull/1960) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/sub-dependencies.md`. PR [#​1959](https://togithub.com/tiangolo/fastapi/pull/1959) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/background-tasks.md`. PR [#​2668](https://togithub.com/tiangolo/fastapi/pull/2668) by [@​tokusumi](https://togithub.com/tokusumi). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/dependencies/index.md` and `docs/ja/docs/tutorial/dependencies/classes-as-dependencies.md`. PR [#​1958](https://togithub.com/tiangolo/fastapi/pull/1958) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/response-model.md`. PR [#​1938](https://togithub.com/tiangolo/fastapi/pull/1938) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/body-multiple-params.md`. PR [#​1903](https://togithub.com/tiangolo/fastapi/pull/1903) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/path-params-numeric-validations.md`. PR [#​1902](https://togithub.com/tiangolo/fastapi/pull/1902) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/python-types.md`. PR [#​1899](https://togithub.com/tiangolo/fastapi/pull/1899) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/handling-errors.md`. PR [#​1953](https://togithub.com/tiangolo/fastapi/pull/1953) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/response-status-code.md`. PR [#​1942](https://togithub.com/tiangolo/fastapi/pull/1942) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/extra-models.md`. PR [#​1941](https://togithub.com/tiangolo/fastapi/pull/1941) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese tranlsation for `docs/ja/docs/tutorial/schema-extra-example.md`. PR [#​1931](https://togithub.com/tiangolo/fastapi/pull/1931) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/body-nested-models.md`. PR [#​1930](https://togithub.com/tiangolo/fastapi/pull/1930) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add Japanese translation for `docs/ja/docs/tutorial/body-fields.md`. PR [#​1923](https://togithub.com/tiangolo/fastapi/pull/1923) by [@​SwftAlpc](https://togithub.com/SwftAlpc). - 🌐 Add German translation for `docs/de/docs/tutorial/index.md`. PR [#​9502](https://togithub.com/tiangolo/fastapi/pull/9502) by [@​fhabers21](https://togithub.com/fhabers21). - 🌐 Add German translation for `docs/de/docs/tutorial/background-tasks.md`. PR [#​10566](https://togithub.com/tiangolo/fastapi/pull/10566) by [@​nilslindemann](https://togithub.com/nilslindemann). - ✏️ Fix typo in `docs/ru/docs/index.md`. PR [#​10672](https://togithub.com/tiangolo/fastapi/pull/10672) by [@​Delitel-WEB](https://togithub.com/Delitel-WEB). - ✏️ Fix typos in `docs/zh/docs/tutorial/extra-data-types.md`. PR [#​10727](https://togithub.com/tiangolo/fastapi/pull/10727) by [@​HiemalBeryl](https://togithub.com/HiemalBeryl). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/dependencies/classes-as-dependencies.md`. PR [#​10410](https://togithub.com/tiangolo/fastapi/pull/10410) by [@​AlertRED](https://togithub.com/AlertRED). ##### Internal - 👥 Update FastAPI People. PR [#​11074](https://togithub.com/tiangolo/fastapi/pull/11074) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors: add Coherence. PR [#​11066](https://togithub.com/tiangolo/fastapi/pull/11066) by [@​tiangolo](https://togithub.com/tiangolo). - 👷 Upgrade GitHub Action issue-manager. PR [#​11056](https://togithub.com/tiangolo/fastapi/pull/11056) by [@​tiangolo](https://togithub.com/tiangolo). - 🍱 Update sponsors: TalkPython badge. PR [#​11052](https://togithub.com/tiangolo/fastapi/pull/11052) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors: TalkPython badge image. PR [#​11048](https://togithub.com/tiangolo/fastapi/pull/11048) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors, remove Deta. PR [#​11041](https://togithub.com/tiangolo/fastapi/pull/11041) by [@​tiangolo](https://togithub.com/tiangolo). - 💄 Fix CSS breaking RTL languages (erroneously introduced by a previous RTL PR). PR [#​11039](https://togithub.com/tiangolo/fastapi/pull/11039) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Add Italian to `mkdocs.yml`. PR [#​11016](https://togithub.com/tiangolo/fastapi/pull/11016) by [@​alejsdev](https://togithub.com/alejsdev). - 🔨 Verify `mkdocs.yml` languages in CI, update `docs.py`. PR [#​11009](https://togithub.com/tiangolo/fastapi/pull/11009) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update config in `label-approved.yml` to accept translations with 1 reviewer. PR [#​11007](https://togithub.com/tiangolo/fastapi/pull/11007) by [@​alejsdev](https://togithub.com/alejsdev). - 👷 Add changes-requested handling in GitHub Action issue manager. PR [#​10971](https://togithub.com/tiangolo/fastapi/pull/10971) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Group dependencies on dependabot updates. PR [#​10952](https://togithub.com/tiangolo/fastapi/pull/10952) by [@​Kludex](https://togithub.com/Kludex). - ⬆ Bump actions/setup-python from 4 to 5. PR [#​10764](https://togithub.com/tiangolo/fastapi/pull/10764) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11. PR [#​10731](https://togithub.com/tiangolo/fastapi/pull/10731) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump dawidd6/action-download-artifact from 2.28.0 to 3.0.0. PR [#​10777](https://togithub.com/tiangolo/fastapi/pull/10777) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - 🔧 Add support for translations to languages with a longer code name, like `zh-hant`. PR [#​10950](https://togithub.com/tiangolo/fastapi/pull/10950) by [@​tiangolo](https://togithub.com/tiangolo). ### [`v0.109.0`](https://togithub.com/tiangolo/fastapi/releases/tag/0.109.0) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.108.0...0.109.0) ##### Features - ✨ Add support for Python 3.12. PR [#​10666](https://togithub.com/tiangolo/fastapi/pull/10666) by [@​Jamim](https://togithub.com/Jamim). ##### Upgrades - ⬆️ Upgrade Starlette to >=0.35.0,<0.36.0. PR [#​10938](https://togithub.com/tiangolo/fastapi/pull/10938) by [@​tiangolo](https://togithub.com/tiangolo). ##### Docs - ✏️ Fix typo in `docs/en/docs/alternatives.md`. PR [#​10931](https://togithub.com/tiangolo/fastapi/pull/10931) by [@​s111d](https://togithub.com/s111d). - 📝 Replace `email` with `username` in `docs_src/security/tutorial007` code examples. PR [#​10649](https://togithub.com/tiangolo/fastapi/pull/10649) by [@​nilslindemann](https://togithub.com/nilslindemann). - 📝 Add VS Code tutorial link. PR [#​10592](https://togithub.com/tiangolo/fastapi/pull/10592) by [@​nilslindemann](https://togithub.com/nilslindemann). - 📝 Add notes about Pydantic v2's new `.model_dump()`. PR [#​10929](https://togithub.com/tiangolo/fastapi/pull/10929) by [@​tiangolo](https://togithub.com/tiangolo). - 📝 Fix broken link in `docs/en/docs/tutorial/sql-databases.md`. PR [#​10765](https://togithub.com/tiangolo/fastapi/pull/10765) by [@​HurSungYun](https://togithub.com/HurSungYun). - 📝 Add External Link: FastAPI application monitoring made easy. PR [#​10917](https://togithub.com/tiangolo/fastapi/pull/10917) by [@​tiangolo](https://togithub.com/tiangolo). - ✨ Generate automatic language names for docs translations. PR [#​5354](https://togithub.com/tiangolo/fastapi/pull/5354) by [@​jakul](https://togithub.com/jakul). - ✏️ Fix typos in `docs/en/docs/alternatives.md` and `docs/en/docs/tutorial/dependencies/index.md`. PR [#​10906](https://togithub.com/tiangolo/fastapi/pull/10906) by [@​s111d](https://togithub.com/s111d). - ✏️ Fix typos in `docs/en/docs/tutorial/dependencies/dependencies-with-yield.md`. PR [#​10834](https://togithub.com/tiangolo/fastapi/pull/10834) by [@​Molkree](https://togithub.com/Molkree). - 📝 Add article: "Building a RESTful API with FastAPI: Secure Signup and Login Functionality Included". PR [#​9733](https://togithub.com/tiangolo/fastapi/pull/9733) by [@​dxphilo](https://togithub.com/dxphilo). - 📝 Add warning about lifecycle events with `AsyncClient`. PR [#​4167](https://togithub.com/tiangolo/fastapi/pull/4167) by [@​andrew-chang-dewitt](https://togithub.com/andrew-chang-dewitt). - ✏️ Fix typos in `/docs/reference/exceptions.md` and `/en/docs/reference/status.md`. PR [#​10809](https://togithub.com/tiangolo/fastapi/pull/10809) by [@​clarencepenz](https://togithub.com/clarencepenz). - ✏️ Fix typo in `openapi-callbacks.md`. PR [#​10673](https://togithub.com/tiangolo/fastapi/pull/10673) by [@​kayjan](https://togithub.com/kayjan). - ✏️ Fix typo in `fastapi/routing.py` . PR [#​10520](https://togithub.com/tiangolo/fastapi/pull/10520) by [@​sepsh](https://togithub.com/sepsh). - 📝 Replace HTTP code returned in case of existing user error in docs for testing. PR [#​4482](https://togithub.com/tiangolo/fastapi/pull/4482) by [@​TristanMarion](https://togithub.com/TristanMarion). - 📝 Add blog for FastAPI & Supabase. PR [#​6018](https://togithub.com/tiangolo/fastapi/pull/6018) by [@​theinfosecguy](https://togithub.com/theinfosecguy). - 📝 Update example source files for SQL databases with SQLAlchemy. PR [#​9508](https://togithub.com/tiangolo/fastapi/pull/9508) by [@​s-mustafa](https://togithub.com/s-mustafa). - 📝 Update code examples in docs for body, replace name `create_item` with `update_item` when appropriate. PR [#​5913](https://togithub.com/tiangolo/fastapi/pull/5913) by [@​OttoAndrey](https://togithub.com/OttoAndrey). - ✏️ Fix typo in dependencies with yield source examples. PR [#​10847](https://togithub.com/tiangolo/fastapi/pull/10847) by [@​tiangolo](https://togithub.com/tiangolo). ##### Translations - 🌐 Add Bengali translation for `docs/bn/docs/index.md`. PR [#​9177](https://togithub.com/tiangolo/fastapi/pull/9177) by [@​Fahad-Md-Kamal](https://togithub.com/Fahad-Md-Kamal). - ✏️ Update Python version in `index.md` in several languages. PR [#​10711](https://togithub.com/tiangolo/fastapi/pull/10711) by [@​tamago3keran](https://togithub.com/tamago3keran). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/request-forms-and-files.md`. PR [#​10347](https://togithub.com/tiangolo/fastapi/pull/10347) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Add Ukrainian translation for `docs/uk/docs/index.md`. PR [#​10362](https://togithub.com/tiangolo/fastapi/pull/10362) by [@​rostik1410](https://togithub.com/rostik1410). - ✏️ Update Python version in `docs/ko/docs/index.md`. PR [#​10680](https://togithub.com/tiangolo/fastapi/pull/10680) by [@​Eeap](https://togithub.com/Eeap). - 🌐 Add Persian translation for `docs/fa/docs/features.md`. PR [#​5887](https://togithub.com/tiangolo/fastapi/pull/5887) by [@​amirilf](https://togithub.com/amirilf). - 🌐 Add Chinese translation for `docs/zh/docs/advanced/additional-responses.md`. PR [#​10325](https://togithub.com/tiangolo/fastapi/pull/10325) by [@​ShuibeiC](https://togithub.com/ShuibeiC). - 🌐 Fix typos in Russian translations for `docs/ru/docs/tutorial/background-tasks.md`, `docs/ru/docs/tutorial/body-nested-models.md`, `docs/ru/docs/tutorial/debugging.md`, `docs/ru/docs/tutorial/testing.md`. PR [#​10311](https://togithub.com/tiangolo/fastapi/pull/10311) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Add Russian translation for `docs/ru/docs/tutorial/request-files.md`. PR [#​10332](https://togithub.com/tiangolo/fastapi/pull/10332) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/server-workers.md`. PR [#​10292](https://togithub.com/tiangolo/fastapi/pull/10292) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/cloud.md`. PR [#​10291](https://togithub.com/tiangolo/fastapi/pull/10291) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/manually.md`. PR [#​10279](https://togithub.com/tiangolo/fastapi/pull/10279) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/https.md`. PR [#​10277](https://togithub.com/tiangolo/fastapi/pull/10277) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Add Chinese translation for `docs/zh/docs/deployment/index.md`. PR [#​10275](https://togithub.com/tiangolo/fastapi/pull/10275) by [@​xzmeng](https://togithub.com/xzmeng). - 🌐 Add German translation for `docs/de/docs/tutorial/first-steps.md`. PR [#​9530](https://togithub.com/tiangolo/fastapi/pull/9530) by [@​fhabers21](https://togithub.com/fhabers21). - 🌐 Update Turkish translation for `docs/tr/docs/index.md`. PR [#​10444](https://togithub.com/tiangolo/fastapi/pull/10444) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Chinese translation for `docs/zh/docs/learn/index.md`. PR [#​10479](https://togithub.com/tiangolo/fastapi/pull/10479) by [@​KAZAMA-DREAM](https://togithub.com/KAZAMA-DREAM). - 🌐 Add Russian translation for `docs/ru/docs/learn/index.md`. PR [#​10539](https://togithub.com/tiangolo/fastapi/pull/10539) by [@​AlertRED](https://togithub.com/AlertRED). - 🌐 Update SQLAlchemy instruction in Chinese translation `docs/zh/docs/tutorial/sql-databases.md`. PR [#​9712](https://togithub.com/tiangolo/fastapi/pull/9712) by [@​Royc30ne](https://togithub.com/Royc30ne). - 🌐 Add Turkish translation for `docs/tr/docs/external-links.md`. PR [#​10549](https://togithub.com/tiangolo/fastapi/pull/10549) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Spanish translation for `docs/es/docs/learn/index.md`. PR [#​10885](https://togithub.com/tiangolo/fastapi/pull/10885) by [@​pablocm83](https://togithub.com/pablocm83). - 🌐 Add Ukrainian translation for `docs/uk/docs/tutorial/body-fields.md`. PR [#​10670](https://togithub.com/tiangolo/fastapi/pull/10670) by [@​ArtemKhymenko](https://togithub.com/ArtemKhymenko). - 🌐 Add Hungarian translation for `/docs/hu/docs/index.md`. PR [#​10812](https://togithub.com/tiangolo/fastapi/pull/10812) by [@​takacs](https://togithub.com/takacs). - 🌐 Add Turkish translation for `docs/tr/docs/newsletter.md`. PR [#​10550](https://togithub.com/tiangolo/fastapi/pull/10550) by [@​hasansezertasan](https://togithub.com/hasansezertasan). - 🌐 Add Spanish translation for `docs/es/docs/help/index.md`. PR [#​10907](https://togithub.com/tiangolo/fastapi/pull/10907) by [@​pablocm83](https://togithub.com/pablocm83). - 🌐 Add Spanish translation for `docs/es/docs/about/index.md`. PR [#​10908](https://togithub.com/tiangolo/fastapi/pull/10908) by [@​pablocm83](https://togithub.com/pablocm83). - 🌐 Add Spanish translation for `docs/es/docs/resources/index.md`. PR [#​10909](https://togithub.com/tiangolo/fastapi/pull/10909) by [@​pablocm83](https://togithub.com/pablocm83). ##### Internal - 👥 Update FastAPI People. PR [#​10871](https://togithub.com/tiangolo/fastapi/pull/10871) by [@​tiangolo](https://togithub.com/tiangolo). - 👷 Upgrade custom GitHub Action comment-docs-preview-in-pr. PR [#​10916](https://togithub.com/tiangolo/fastapi/pull/10916) by [@​tiangolo](https://togithub.com/tiangolo). - ⬆️ Upgrade GitHub Action latest-changes. PR [#​10915](https://togithub.com/tiangolo/fastapi/pull/10915) by [@​tiangolo](https://togithub.com/tiangolo). - 👷 Upgrade GitHub Action label-approved. PR [#​10913](https://togithub.com/tiangolo/fastapi/pull/10913) by [@​tiangolo](https://togithub.com/tiangolo). - ⬆️ Upgrade GitHub Action label-approved. PR [#​10905](https://togithub.com/tiangolo/fastapi/pull/10905) by [@​tiangolo](https://togithub.com/tiangolo). ### [`v0.108.0`](https://togithub.com/tiangolo/fastapi/releases/tag/0.108.0) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.107.0...0.108.0) ##### Upgrades - ⬆️ Upgrade Starlette to `>=0.29.0,<0.33.0`, update docs and usage of templates with new Starlette arguments. PR [#​10846](https://togithub.com/tiangolo/fastapi/pull/10846) by [@​tiangolo](https://togithub.com/tiangolo). ### [`v0.107.0`](https://togithub.com/tiangolo/fastapi/releases/tag/0.107.0) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.106.0...0.107.0) ##### Upgrades - ⬆️ Upgrade Starlette to 0.28.0. PR [#​9636](https://togithub.com/tiangolo/fastapi/pull/9636) by [@​adriangb](https://togithub.com/adriangb). ##### Docs - 📝 Add docs: Node.js script alternative to update OpenAPI for generated clients. PR [#​10845](https://togithub.com/tiangolo/fastapi/pull/10845) by [@​alejsdev](https://togithub.com/alejsdev). - 📝 Restructure Docs section in Contributing page. PR [#​10844](https://togithub.com/tiangolo/fastapi/pull/10844) by [@​alejsdev](https://togithub.com/alejsdev). ### [`v0.106.0`](https://togithub.com/tiangolo/fastapi/releases/tag/0.106.0) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.105.0...0.106.0) ##### Breaking Changes Using resources from dependencies with `yield` in background tasks is no longer supported. This change is what supports the new features, read below. 🤓 ##### Dependencies with `yield`, `HTTPException` and Background Tasks Dependencies with `yield` now can raise `HTTPException` and other exceptions after `yield`. 🎉 Read the new docs here: [Dependencies with `yield` and `HTTPException`](https://fastapi.tiangolo.com/tutorial/dependencies/dependencies-with-yield/#dependencies-with-yield-and-httpexception). ```Python from fastapi import Depends, FastAPI, HTTPException from typing_extensions import Annotated app = FastAPI() data = { "plumbus": {"description": "Freshly pickled plumbus", "owner": "Morty"}, "portal-gun": {"description": "Gun to create portals", "owner": "Rick"}, } class OwnerError(Exception): pass def get_username(): try: yield "Rick" except OwnerError as e: raise HTTPException(status_code=400, detail=f"Onwer error: {e}") @​app.get("/items/{item_id}") def get_item(item_id: str, username: Annotated[str, Depends(get_username)]): if item_id not in data: raise HTTPException(status_code=404, detail="Item not found") item = data[item_id] if item["owner"] != username: raise OwnerError(username) return item ``` *** Before FastAPI 0.106.0, raising exceptions after `yield` was not possible, the exit code in dependencies with `yield` was executed *after* the response was sent, so [Exception Handlers](https://fastapi.tiangolo.com/tutorial/handling-errors/#install-custom-exception-handlers) would have already run. This was designed this way mainly to allow using the same objects "yielded" by dependencies inside of background tasks, because the exit code would be executed after the background tasks were finished. Nevertheless, as this would mean waiting for the response to travel through the network while unnecessarily holding a resource in a dependency with yield (for example a database connection), this was changed in FastAPI 0.106.0. Additionally, a background task is normally an independent set of logic that should be handled separately, with its own resources (e.g. its own database connection). If you used to rely on this behavior, now you should create the resources for background tasks inside the background task itself, and use internally only data that doesn't depend on the resources of dependencies with `yield`. For example, instead of using the same database session, you would create a new database session inside of the background task, and you would obtain the objects from the database using this new session. And then instead of passing the object from the database as a parameter to the background task function, you would pass the ID of that object and then obtain the object again inside the background task function. The sequence of execution before FastAPI 0.106.0 was like the diagram in the [Release Notes for FastAPI 0.106.0](https://fastapi.tiangolo.com/release-notes/#​01060). The new execution flow can be found in the docs: [Execution of dependencies with `yield`](https://fastapi.tiangolo.com/tutorial/dependencies/dependencies-with-yield/#execution-of-dependencies-with-yield). ### [`v0.105.0`](https://togithub.com/tiangolo/fastapi/releases/tag/0.105.0) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.104.1...0.105.0) ##### Features - ✨ Add support for multiple Annotated annotations, e.g. `Annotated[str, Field(), Query()]`. PR [#​10773](https://togithub.com/tiangolo/fastapi/pull/10773) by [@​tiangolo](https://togithub.com/tiangolo). ##### Refactors - 🔥 Remove unused NoneType. PR [#​10774](https://togithub.com/tiangolo/fastapi/pull/10774) by [@​tiangolo](https://togithub.com/tiangolo). ##### Docs - 📝 Tweak default suggested configs for generating clients. PR [#​10736](https://togithub.com/tiangolo/fastapi/pull/10736) by [@​tiangolo](https://togithub.com/tiangolo). ##### Internal - 🔧 Update sponsors, add Scalar. PR [#​10728](https://togithub.com/tiangolo/fastapi/pull/10728) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors, add PropelAuth. PR [#​10760](https://togithub.com/tiangolo/fastapi/pull/10760) by [@​tiangolo](https://togithub.com/tiangolo). - 👷 Update build docs, verify README on CI. PR [#​10750](https://togithub.com/tiangolo/fastapi/pull/10750) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors, remove Fern. PR [#​10729](https://togithub.com/tiangolo/fastapi/pull/10729) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors, add Codacy. PR [#​10677](https://togithub.com/tiangolo/fastapi/pull/10677) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors, add Reflex. PR [#​10676](https://togithub.com/tiangolo/fastapi/pull/10676) by [@​tiangolo](https://togithub.com/tiangolo). - 📝 Update release notes, move and check latest-changes. PR [#​10588](https://togithub.com/tiangolo/fastapi/pull/10588) by [@​tiangolo](https://togithub.com/tiangolo). - 👷 Upgrade latest-changes GitHub Action. PR [#​10587](https://togithub.com/tiangolo/fastapi/pull/10587) by [@​tiangolo](https://togithub.com/tiangolo). ### [`v0.104.1`](https://togithub.com/tiangolo/fastapi/releases/tag/0.104.1) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.104.0...0.104.1) ##### Fixes - 📌 Pin Swagger UI version to 5.9.0 temporarily to handle a bug crashing it in 5.9.1. PR [#​10529](https://togithub.com/tiangolo/fastapi/pull/10529) by [@​alejandraklachquin](https://togithub.com/alejandraklachquin). - This is not really a bug in FastAPI but in Swagger UI, nevertheless pinning the version will work while a solution is found on the [Swagger UI side](https://togithub.com/swagger-api/swagger-ui/issues/9337). ##### Docs - 📝 Update data structure and render for external-links. PR [#​10495](https://togithub.com/tiangolo/fastapi/pull/10495) by [@​tiangolo](https://togithub.com/tiangolo). - ✏️ Fix link to SPDX license identifier in `docs/en/docs/tutorial/metadata.md`. PR [#​10433](https://togithub.com/tiangolo/fastapi/pull/10433) by [@​worldworm](https://togithub.com/worldworm). - 📝 Update example validation error from Pydantic v1 to match Pydantic v2 in `docs/en/docs/tutorial/path-params.md`. PR [#​10043](https://togithub.com/tiangolo/fastapi/pull/10043) by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide). - ✏️ Fix typos in emoji docs and in some source examples. PR [#​10438](https://togithub.com/tiangolo/fastapi/pull/10438) by [@​afuetterer](https://togithub.com/afuetterer). - ✏️ Fix typo in `docs/en/docs/reference/dependencies.md`. PR [#​10465](https://togithub.com/tiangolo/fastapi/pull/10465) by [@​suravshresth](https://togithub.com/suravshresth). - ✏️ Fix typos and rewordings in `docs/en/docs/tutorial/body-nested-models.md`. PR [#​10468](https://togithub.com/tiangolo/fastapi/pull/10468) by [@​yogabonito](https://togithub.com/yogabonito). - 📝 Update docs, remove references to removed `pydantic.Required` in `docs/en/docs/tutorial/query-params-str-validations.md`. PR [#​10469](https://togithub.com/tiangolo/fastapi/pull/10469) by [@​yogabonito](https://togithub.com/yogabonito). - ✏️ Fix typo in `docs/en/docs/reference/index.md`. PR [#​10467](https://togithub.com/tiangolo/fastapi/pull/10467) by [@​tarsil](https://togithub.com/tarsil). - 🔥 Remove unnecessary duplicated docstrings. PR [#​10484](https://togithub.com/tiangolo/fastapi/pull/10484) by [@​tiangolo](https://togithub.com/tiangolo). ##### Internal - ✏️ Update Pydantic links to dotenv support. PR [#​10511](https://togithub.com/tiangolo/fastapi/pull/10511) by [@​White-Mask](https://togithub.com/White-Mask). - ✏️ Update links in `docs/en/docs/async.md` and `docs/zh/docs/async.md` to make them relative. PR [#​10498](https://togithub.com/tiangolo/fastapi/pull/10498) by [@​hasnatsajid](https://togithub.com/hasnatsajid). - ✏️ Fix links in `docs/em/docs/async.md`. PR [#​10507](https://togithub.com/tiangolo/fastapi/pull/10507) by [@​hasnatsajid](https://togithub.com/hasnatsajid). - ✏️ Fix typo in `docs/em/docs/index.md`, Python 3.8. PR [#​10521](https://togithub.com/tiangolo/fastapi/pull/10521) by [@​kerriop](https://togithub.com/kerriop). - ⬆ Bump pillow from 9.5.0 to 10.1.0. PR [#​10446](https://togithub.com/tiangolo/fastapi/pull/10446) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Update mkdocs-material requirement from <9.0.0,>=8.1.4 to >=8.1.4,<10.0.0. PR [#​5862](https://togithub.com/tiangolo/fastapi/pull/5862) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump mkdocs-material from 9.1.21 to 9.4.7. PR [#​10545](https://togithub.com/tiangolo/fastapi/pull/10545) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - 👷 Install MkDocs Material Insiders only when secrets are available, for Dependabot. PR [#​10544](https://togithub.com/tiangolo/fastapi/pull/10544) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update sponsors badges, Databento. PR [#​10519](https://togithub.com/tiangolo/fastapi/pull/10519) by [@​tiangolo](https://togithub.com/tiangolo). - 👷 Adopt Ruff format. PR [#​10517](https://togithub.com/tiangolo/fastapi/pull/10517) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Add `CITATION.cff` file for academic citations. PR [#​10496](https://togithub.com/tiangolo/fastapi/pull/10496) by [@​tiangolo](https://togithub.com/tiangolo). - 🐛 Fix overriding MKDocs theme lang in hook. PR [#​10490](https://togithub.com/tiangolo/fastapi/pull/10490) by [@​tiangolo](https://togithub.com/tiangolo). - 🔥 Drop/close Gitter chat. Questions should go to GitHub Discussions, free conversations to Discord.. PR [#​10485](https://togithub.com/tiangolo/fastapi/pull/10485) by [@​tiangolo](https://togithub.com/tiangolo). ### [`v0.104.0`](https://togithub.com/tiangolo/fastapi/releases/tag/0.104.0) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.103.2...0.104.0) #### Features - ✨ Add reference (code API) docs with PEP 727, add subclass with custom docstrings for `BackgroundTasks`, refactor docs structure. PR [#​10392](https://togithub.com/tiangolo/fastapi/pull/10392) by [@​tiangolo](https://togithub.com/tiangolo). New docs at [FastAPI Reference - Code API](https://fastapi.tiangolo.com/reference/). #### Upgrades - ⬆️ Drop support for Python 3.7, require Python 3.8 or above. PR [#​10442](https://togithub.com/tiangolo/fastapi/pull/10442) by [@​tiangolo](https://togithub.com/tiangolo). ##### Internal - ⬆ Bump dawidd6/action-download-artifact from 2.27.0 to 2.28.0. PR [#​10268](https://togithub.com/tiangolo/fastapi/pull/10268) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump actions/checkout from 3 to 4. PR [#​10208](https://togithub.com/tiangolo/fastapi/pull/10208) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.10. PR [#​10061](https://togithub.com/tiangolo/fastapi/pull/10061) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - 🔧 Update sponsors, Bump.sh images. PR [#​10381](https://togithub.com/tiangolo/fastapi/pull/10381) by [@​tiangolo](https://togithub.com/tiangolo). - 👥 Update FastAPI People. PR [#​10363](https://togithub.com/tiangolo/fastapi/pull/10363) by [@​tiangolo](https://togithub.com/tiangolo). ### [`v0.103.2`](https://togithub.com/tiangolo/fastapi/releases/tag/0.103.2) [Compare Source](https://togithub.com/tiangolo/fastapi/compare/0.103.1...0.103.2) ##### Refactors - ⬆️ Upgrade compatibility with Pydantic v2.4, new renamed functions and JSON Schema input/output models with default values. PR [#​10344](https://togithub.com/tiangolo/fastapi/pull/10344) by [@​tiangolo](https://togithub.com/tiangolo). ##### Translations - 🌐 Add Ukrainian translation for `docs/uk/docs/tutorial/extra-

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.