Merge pull request #12 from micheltlutz/fix/security-1.1.0

Security update for version 1.1.0
micheltlutz · Apr 29, 2024 · 5db6562 · 5db6562
2 parents 6b940e0 + ea8ff5d
commit 5db6562
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -7,7 +7,8 @@ currently being supported with security updates.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.0.x   | :white_check_mark: |
+| 1.1.0   | :x:                |
+| 1.1.1   | :white_check_mark: |
 <!--| 5.0.x   | :x:                |
 | 4.0.x   | :white_check_mark: |
 | < 4.0   | :x:                |-->
@@ -19,3 +20,9 @@ Use this section to tell people how to report a vulnerability.
 Tell them where to go, how often they can expect to get an update on a
 reported vulnerability, what to expect if the vulnerability is accepted or
 declined, etc.
+
+## fastapi
+
+Original Report
+
+This was originally reported to FastAPI as an email to security@tiangolo.com, sent via https://huntr.com/, the original reporter is Marcello, https://github.com/byt3bl33d3r
diff --git a/app/.env b/app/.env
@@ -9,4 +9,4 @@ DATABASE_URL=sqlite:///./dev-challenge.db
 TEST_DATABASE_URL=sqlite:///./dev-challenge-test.db
 WORKERS_PER_CORE=1 # config for uvicorn
 MAX_WORKERS=1 # config for uvicorn
-VERSION=1.0.0
+VERSION=1.1.1
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-fastapi[all]~=0.103.2
+fastapi[all]>=0.109.1
 uvicorn
 passlib~=1.7.4
 python-jose

diff --git a/requirements_for_dev.txt b/requirements_for_dev.txt
@@ -1,4 +1,4 @@
-fastapi[all]~=0.103.2
+fastapi[all]>=0.109.1
 uvicorn
 passlib~=1.7.4
 python-jose