- update to 0.109.1 [bsc#1219610] CVE-2024-24762:

* Upgrade minimum version of `python-multipart` to `>=0.0.7`
    to fix a vulnerability when using form data with a ReDos
    attack. You can also simply upgrade `python-multipart`.
  * Read more in the advisory: Content-Type Header ReDoS.
  * Include HTTP 205 in status codes with no body.
  * Fix broken link in `docs/tutorial/sql-databases.md` in
    several languages.
  * Remove broken links from `external_links.yml`.
  * Update template docs with more info about `url_for`. PR
    #5937 by @EzzEddin.
  * Update usage of Token model in security docs.
  * Update highlighted line in `docs/en/docs/tutorial/bigger-
    applications.md`.
  * Add External Link: Explore How to Effectively Use JWT With
    FastAPI.
  * Add hyperlink to `docs/en/docs/tutorial/static-files.md`.
  * Add External Link: Instrument a FastAPI service adding
    tracing with OpenTelemetry and send/show traces in Grafana
    Tempo.
  * Review and rewording of `en/docs/contributing.md`.
  * Add External Link: ML serving and monitoring with FastAPI
    and Evidently.
  * Reword in docs, from "have in mind" to "keep in mind".
  * Add External Link: Talk by Jeny Sadadia.
  * Add location info to `tutorial/bigger-applications.md`.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-fastapi?expand=0&rev=64

fastapi-0.109.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b978095b9ee01a5cf49b19f4bc1ac9b8ca83aa076e770ef8fd9af09a2b88d191
-size 11475098

fastapi-0.109.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5402389843a3561918634eb327e86b9ae98645a9e7696bede9074449c48d610a
+size 11720487

python-fastapi.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Feb  6 14:19:32 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.109.1 [bsc#1219610] CVE-2024-24762:
+  * Upgrade minimum version of `python-multipart` to `>=0.0.7`
+    to fix a vulnerability when using form data with a ReDos
+    attack. You can also simply upgrade `python-multipart`.
+  * Read more in the advisory: Content-Type Header ReDoS.
+  * Include HTTP 205 in status codes with no body.
+  * Fix broken link in `docs/tutorial/sql-databases.md` in
+    several languages.
+  * Remove broken links from `external_links.yml`.
+  * Update template docs with more info about `url_for`. PR
+    #5937 by @EzzEddin.
+  * Update usage of Token model in security docs.
+  * Update highlighted line in `docs/en/docs/tutorial/bigger-
+    applications.md`.
+  * Add External Link: Explore How to Effectively Use JWT With
+    FastAPI.
+  * Add hyperlink to `docs/en/docs/tutorial/static-files.md`.
+  * Add External Link: Instrument a FastAPI service adding
+    tracing with OpenTelemetry and send/show traces in Grafana
+    Tempo.
+  * Review and rewording of `en/docs/contributing.md`.
+  * Add External Link: ML serving and monitoring with FastAPI
+    and Evidently.
+  * Reword in docs, from "have in mind" to "keep in mind".
+  * Add External Link: Talk by Jeny Sadadia.
+  * Add location info to `tutorial/bigger-applications.md`.
+
 -------------------------------------------------------------------
 Sat Jan 13 20:37:39 UTC 2024 - Ben Greiner <code@bnavigator.de>
 

python-fastapi.spec

@@ -20,7 +20,7 @@
 %bcond_with ringdisabled
 %{?sle15_python_module_pythons}
 Name:           python-fastapi
-Version:        0.109.0
+Version:        0.109.1
 Release:        0
 Summary:        FastAPI framework
 License:        MIT
@@ -46,7 +46,7 @@ BuildRequires:  %{python_module PyYAML >= 5.3.1}
 BuildRequires:  %{python_module anyio >= 3.2.1}
 BuildRequires:  %{python_module dirty-equals}
 BuildRequires:  %{python_module httpx >= 0.23.0}
-BuildRequires:  %{python_module python-multipart >= 0.0.5}
+BuildRequires:  %{python_module python-multipart >= 0.0.7}
 BuildRequires:  %{python_module sqlalchemy < 2.0}
 BuildRequires:  %{python_module trio}
 %if !%{with ringdisabled}