Skip to content

chore(deps): bump starlette from 1.2.1 to 1.3.1#54

Merged
Sam-Aitech merged 1 commit into
mainfrom
dependabot/uv/starlette-1.3.1
Jun 19, 2026
Merged

chore(deps): bump starlette from 1.2.1 to 1.3.1#54
Sam-Aitech merged 1 commit into
mainfrom
dependabot/uv/starlette-1.3.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps starlette from 1.2.1 to 1.3.1.

Release notes

Sourced from starlette's releases.

Version 1.3.1

What's Changed

Full Changelog: Kludex/starlette@1.3.0...1.3.1

Version 1.3.0

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.2.1...1.3.0

Changelog

Sourced from starlette's changelog.

1.3.1 (June 12, 2026)

Fixed

  • Enforce max_fields and max_part_size in FormParser #3329.
  • Enforce FormParser limits in parser callbacks #3331.

1.3.0 (June 11, 2026)

Added

  • Add httpx2 to the full extra #3323.
  • Annotate the URLPath protocol parameter with Literal #3285.

Fixed

  • Build request.url from structured components #3326.
  • Clamp oversized suffix ranges in FileResponse #3307.
  • Catch OSError alongside MultiPartException when closing temp files #3191.
  • Avoid collapsing exception groups raised from user code #2830.
  • Use removeprefix to strip the weak ETag indicator in is_not_modified #3193.
  • Fix IndexError in URL.replace() on a URL with no authority #3317.
  • Adjust testclient typing and warnings #3322.
Commits
  • 8ebffd0 Version 1.3.1 (#3330)
  • 25b8e17 Enforce FormParser limits in parser callbacks (#3331)
  • dba1c4b Enforce max_fields and max_part_size in FormParser (#3329)
  • 45e51dc Use StarletteDeprecationWarning instead of DeprecationWarning (#3119)
  • 5f8610c Version 1.3.0 (#3327)
  • 167b585 Build request.url from structured components (#3326)
  • 3730925 Use removeprefix to strip weak ETag indicator in is_not_modified (#3193)
  • e6f7ad1 avoid collapsing exception groups from user code (#2830)
  • 115228f Annotate URLPath protocol parameter with Literal (#3285)
  • 113f193 docs: replace inline ASGI server list with link to canonical implemen… (#3204)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 14, 2026
@dependabot dependabot Bot requested a review from Sam-Aitech as a code owner June 14, 2026 03:16
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 14, 2026
@socket-security

socket-security Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​starlette@​1.2.1 ⏵ 1.3.1100 +1100 +17100100100

View full report

@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown

Dependency audit failed

audit-ci detected high/critical vulnerabilities.

Failing CVEs / advisories

@Sam-Aitech Sam-Aitech mentioned this pull request Jun 19, 2026
Merged
4 tasks
@Sam-Aitech

Sam-Aitech commented Jun 19, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot
chore(deps): bump starlette from 1.2.1 to 1.3.1
8147ed0 
Bumps [starlette](https://github.com/Kludex/starlette) from 1.2.1 to 1.3.1.
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@1.2.1...1.3.1)

---
updated-dependencies:
- dependency-name: starlette
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/starlette-1.3.1 branch from 5b32622 to 8147ed0 Compare June 19, 2026 03:47
@Sam-Aitech Sam-Aitech merged commit d7b3a0c into main Jun 19, 2026
13 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/starlette-1.3.1 branch June 19, 2026 03:53
@sonarqubecloud

sonarqubecloud Bot commented Jun 19, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sam-Aitech Sam-Aitech Awaiting requested review from Sam-Aitech Sam-Aitech is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sam-Aitech