⬆️ Upgrade Starlette to >=0.37.2,<0.38.0, remove Starlette filterwarning for internal tests

[nothielf]

Upgrading Starlette should solve

DeprecationWarning: The 'app' shortcut is now deprecated. Use the explicit style 'transport=WSGITransport(app=...)' instead.                                                                                                               

When running tests using TestClient

Also, removed filterwarning for method parameter. That was removed on Starlette 0.35.1

[flying-sheep]

should be 0.37.1 because of a bug in starlette 0.37.0 I think.

[ar090]

Thanks for putting this together! Would love to see this merged as it also fixes the issue discussed here

[ar090]

I noticed theres a few other PR's sprouting up that are attempting to make similar changes:
#11315
#11320
@alfreedom any chance you would be available to ✅ this one? 🙏

[alfreedom]

I noticed theres a few other PR's sprouting up that are attempting to make similar changes: #11315 #11320 @alfreedom any chance you would be available to ✅ this one? 🙏

Approved, sorry for the delay.

[ar090]

thanks for the help here @alfreedom! @nothielf are we good to merge or waiting on anything else? Sorry to keep bumping this, we are being forced to upgrade for a vulnerability that comes with deadlines from compliance.

[nothielf]

i dont have write access to merge. but it seems is good to go :)

[nothielf]

@alfreedom are you able to merge it?

[alfreedom]

@alfreedom are you able to merge it?

Nope, just maintainers have write access, maybe @alejsdev

[Kludex]

This should be good?

Suggested change

	"starlette>=0.37.2,<0.38.0",
	"starlette>=0.36.3,<0.38.0",

[tvasenin]

No, minimal version should NOT be less than 0.37.2, as it fixes DeprecationWarning described in the first post.
Also, 0.37.1 fixes another, very important regression: see #11320.

[ar090]

@Kludex sorry to bug you on this but is this something you can merge by chance? Not sure who has the ability to merge for FastAPI

[Kludex]

Only @tiangolo .

[andgoldin]

I would like to see this get merged soon as well. Like others, I'm trying to update FastAPI to resolve CVE-2024-24762, but am running into the starlette issue discussed in #11019 when trying to do so.

[Kludex]

You can just bump Python-multipart.

[aswanidutt87]

Only @tiangolo .

@tiangolo , please merge this change as we are stuck with a CVE and are keep skipping it from sometime now.
Thank you.

[tiangolo]

Great, thanks for the contribution @nothielf! 🚀

And thanks all for the comments. ☕

This will be available in FastAPI 0.110.1, released in the next hours. 🎉