Skip to content

chore(deps): bump starlette from 1.2.1 to 1.3.1#197

Open
SudipSinha wants to merge 1 commit into
mainfrom
chore/bump-starlette-1.3.1
Open

chore(deps): bump starlette from 1.2.1 to 1.3.1#197
SudipSinha wants to merge 1 commit into
mainfrom
chore/bump-starlette-1.3.1

Conversation

@SudipSinha

@SudipSinha SudipSinha commented Jun 18, 2026

Copy link
Copy Markdown
Member

Summary

Bump starlette from 1.2.1 to 1.3.1 via lockfile update.

Security fixes

  • CVE-2026-54283 (HIGH): request.form() size limits silently ignored for application/x-www-form-urlencoded, enabling DoS
  • CVE-2026-54282 (LOW): Unvalidated request path concatenated into authority poisons request.url.hostname

Note

The remaining Dependabot alert (CVE-2026-54293, nltk path traversal) has no fix available — all versions including 3.9.4 (latest) are affected.

🤖 Generated with Claude Code

@SudipSinha
chore(deps): bump starlette from 1.2.1 to 1.3.1
772884c 
Resolves:
- CVE-2026-54283 (HIGH): request.form() limits silently ignored
- CVE-2026-54282 (LOW): unvalidated request path hostname poisoning

Signed-off-by: Sudip Sinha <Sudip.Sinha@RedHat.com>
@SudipSinha SudipSinha added dependencies Pull requests that update a dependency file ok-to-test Proceed with CI testing security labels Jun 18, 2026
@SudipSinha SudipSinha self-assigned this Jun 18, 2026
@coderabbitai

coderabbitai Bot commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 45607798-b69f-42fd-a712-83291d27934a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/bump-starlette-1.3.1

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@SudipSinha SudipSinha marked this pull request as ready for review June 18, 2026 17:12
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

PR image build and manifest generation completed successfully!

📦 PR image: quay.io/trustyai/trustyai-service-python-ci:772884cf5bcdcbbb2c02f4c893b4f6e6c13af78a

🗂️ CI manifests

devFlags:
  manifests:
    - contextDir: config
      sourcePath: ''
      uri: https://api.github.com/repos/trustyai-explainability/trustyai-service-operator-ci/tarball/service-python-772884cf5bcdcbbb2c02f4c893b4f6e6c13af78a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@SudipSinha SudipSinha

Labels

dependencies Pull requests that update a dependency file ok-to-test Proceed with CI testing security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SudipSinha