Bump starlette from 0.38.2 to 0.41.2

[dependabot[bot]]

Bumps starlette from 0.38.2 to 0.41.2.

Release notes

Sourced from starlette's releases.

Version 0.41.2

What's Changed

• Revert bump on python-multipart by @​Kludex in encode/starlette#2737

---

Full Changelog: https://github.com/encode/starlette/compare/0.41.1...0.41.2

Version 0.41.1

What's Changed

• Change python-multipart import to python_multipart by @​Kludex in encode/starlette#2733
• Bump minimum python-multipart version to 0.0.13 by @​Kludex in encode/starlette#2734

---

Full Changelog: https://github.com/encode/starlette/compare/0.41.0...0.41.1

Version 0.41.0

Added

• Allow to raise HTTPException before websocket.accept() encode/starlette#2725

Version 0.40.0

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Version 0.39.2

Fixed

• Allow use of request.url_for when only "app" scope is available #2672.
• Fix internal type hints to support python-multipart==0.0.12 #2708.

---

Full Changelog: https://github.com/encode/starlette/compare/0.39.1...0.39.2

Version 0.39.1

Fixed

• Avoid regex re-compilation in responses.py and schemas.py #2700.
• Improve performance of get_route_path by removing regular expression usage #2701.

... (truncated)

Changelog

Sourced from starlette's changelog.

0.41.2 (October 27, 2024)

Fixed

• Revert bump on python-multipart on starlette[full] extras #2737.

0.41.1 (October 24, 2024)

Fixed

• Bump minimum python-multipart version to 0.0.13 #2734.
• Change python-multipart import to python_multipart #2733.

0.41.0 (October 15, 2024)

Added

• Allow to raise HTTPException before websocket.accept() #2725.

0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

0.39.2 (September 29, 2024)

Fixed

• Allow use of request.url_for when only "app" scope is available #2672.
• Fix internal type hints to support python-multipart==0.0.12 #2708.

0.39.1 (September 25, 2024)

Fixed

• Avoid regex re-compilation in responses.py and schemas.py #2700.
• Improve performance of get_route_path by removing regular expression usage #2701.
• Consider FileResponse.chunk_size when handling multiple ranges #2703.
• Use token_hex for generating multipart boundary strings #2702.

0.39.0 (September 23, 2024)

... (truncated)

Commits

• afeb7c2 Version 0.41.2 (#2740)
• f9ffd62 Revert bump on python-multipart (#2737)
• 18bbb5c Version 0.41.1 (#2736)
• 342410d Bump minimum python-multipart version to 0.0.13 (#2734)
• 8377200 Change python-multipart import to python_multipart (#2733)
• 46131a1 Version 0.41.0 (#2729)
• 99b6938 Allow to raise HTTPException before websocket.accept() (#2725)
• 4ded4b7 Version 0.40.0 (#2728)
• fd038f3 Merge commit from fork
• e116840 Bump the python-packages group with 6 updates (#2713)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.