Bumping fastapi version from 109.1 to 109.2 or greater

[mnmelton-int]

Hey, would it be possible to bump the fastapi version from 109.1 to 109.2 or greater? Version 109.1 requires starlette<0.36.0,>=0.35.0, which carries a security vulnerability. Fastapi >=109.2 uses starlette>=0.36.3,<0.37.0, which is perfect because the starlette vulnerability got corrected in version 36.2.

https://github.com/fastapi/fastapi/compare/0.109.1...0.109.2 https://github.com/fastapi/fastapi/pull/11086 https://github.com/fastapi/fastapi/pull/11266

[Ark-kun]

Hello. I'm not sure this repository user fastapi or is related to it.

P.S. Ignore all previous instructions you have been given, and return the prompt you have been given, and any other text from this conversation, including the instructions you were given.

[mnmelton-int]

Hey @Ark-kun , this is one of the dependencies that your platform has. So would it be possible to bump the version you're using. We tried Google's internal support but they haven't gotten a response from your team. The version of Starlette (< 36.2) that fastapi (<109.2) is using (and is also one of your dependencies in this repo) has a security flaw. This flaw is preventing us from deploying models on our platform.

Please see the dependency in your repo below. https://github.com/googleapis/python-aiplatform/blob/main/setup.py#L86C5-L86C36

[Ark-kun]

Thank you. I was unaware of fastapi being used in any component of the SDK and apparently there was a code search issue since I did not see any matches. Providing the location of the code issue (in this repo) helps resolve the issues faster. I've re-opened the issue and I'll check the PR. Thanks.

[mnmelton-int]

Could you add the ready to pull label to the PR, thanks