Skip to content

Commit d30f6d8

Browse files
fix(deps): pin fastapi 0.135.1 + starlette 0.50.0 — 1.x breekt oude TemplateResponse-signatuur
PR #124 hergenereerde uv.lock waardoor fastapi 0.136.3 → starlette 1.2.1 meekwam. Starlette 1.x verwijdert de deprecated TemplateResponse(name, context)-signatuur; de context-dict wordt dan als templatenaam doorgegeven en elke render faalt met 'cannot use tuple as a dict key (unhashable type: dict)'. OPI heeft 57 call-sites in de oude stijl — productie gaf 500 op elke pagina. Pin terug naar de laatst werkende versies. Echte fix volgt: alle TemplateResponse-calls migreren naar request-first signatuur, daarna unpinnen.
1 parent c58ba4c commit d30f6d8

2 files changed

Lines changed: 15 additions & 12 deletions

File tree

operations-manager/python/pyproject.toml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ classifiers = [
1515
"Typing :: Typed"
1616
]
1717
dependencies = [
18-
"fastapi>=0.115.12",
18+
"fastapi==0.135.1",
1919
"alembic>=1.16.1",
2020
"pydantic==2.12.5",
2121
"jinja2>=3.1.6",
@@ -30,15 +30,15 @@ dependencies = [
3030
"fastapi-csrf-protect>=1.0.3",
3131
"sqlalchemy[asyncio]>=2.0.41",
3232
"sqlalchemy-utils>=0.41.2",
33-
"authlib>=1.6.12", # CVE-2026-44681 open redirect
33+
"authlib>=1.6.12", # CVE-2026-44681 open redirect
3434
"aiosqlite>=0.21.0",
3535
"asyncpg>=0.30.0",
3636
"async-lru>=2.0.5",
3737
"jinja2-base64-filters>=0.1.4",
38-
"python-multipart>=0.0.27", # CVE-2026-42561 DoS via unbounded headers
39-
"mako>=1.3.12", # CVE-2026-44307 path traversal in TemplateLookup
38+
"python-multipart>=0.0.27", # CVE-2026-42561 DoS via unbounded headers
39+
"mako>=1.3.12", # CVE-2026-44307 path traversal in TemplateLookup
4040
"aiohttp>=3.12.13",
41-
"gitpython>=3.1.50", # CVE-2026-42215/42284/44243/44244 + GHSA-mv93-w799-cj2w
41+
"gitpython>=3.1.50", # CVE-2026-42215/42284/44243/44244 + GHSA-mv93-w799-cj2w
4242
"deepdiff>=8.0.1",
4343
"jsonpath-ng>=1.7.0",
4444
"tenacity>=9.1.2",
@@ -58,6 +58,7 @@ dependencies = [
5858
"opentelemetry-instrumentation-sqlalchemy>=0.48b0",
5959
"opentelemetry-instrumentation-logging>=0.48b0",
6060
"jsonschema>=4.26.0",
61+
"starlette==0.50.0",
6162
]
6263

6364
[dependency-groups]

operations-manager/python/uv.lock

Lines changed: 9 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)