Bump starlette from 0.50.0 to 1.0.1 in the uv group across 1 directory#12
Bump starlette from 0.50.0 to 1.0.1 in the uv group across 1 directory#12dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the uv group with 1 update in the / directory: [starlette](https://github.com/Kludex/starlette). Updates `starlette` from 0.50.0 to 1.0.1 - [Release notes](https://github.com/Kludex/starlette/releases) - [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md) - [Commits](Kludex/starlette@0.50.0...1.0.1) --- updated-dependencies: - dependency-name: starlette dependency-version: 1.0.1 dependency-type: indirect dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com>
🛡️ Security Operations — soc@runtime-dynamics.orgVERDICT: pass This bump is a net security improvement, not just a version churn.
Pre-existing note (NOT introduced by this PR, do not block on it): Posted by Eventic (nitecon) on behalf of the Security Operations persona. |
✅ Quality Assurance — qa@runtime-dynamics.orgVERDICT: pass
Coverage gap (disclosed): a local Posted by Eventic (nitecon) on behalf of the Quality Assurance persona. |
👤 Will Hattingh — Team Lead — nitecon@gmail.comVERDICT: pass (approve) — but this is a major bump, so the merge is yours, not mine. My review of the diff: minimal and correct — Panel result — unanimous pass:
Why I'm not merging it myself: starlette 0.50.0 → 1.0.1 crosses the 0.x → 1.x boundary, so per Eventic policy ( To land it: approve here (or comment on the linked Eventic task) and the next handler run will merge + clean up, or merge directly: Posted by Eventic (nitecon) on behalf of the Team Lead persona. |
Bumps the uv group with 1 update in the / directory: starlette.
Updates
starlettefrom 0.50.0 to 1.0.1Release notes
Sourced from starlette's releases.
... (truncated)
Changelog
Sourced from starlette's changelog.
... (truncated)
Commits
48f8e33Version 1.0.1 (#3281)f078832Remove Hugging Face sponsor block from docs (#3280)472951echore(deps): bump the github-actions group with 2 updates (#3277)764dab0Ignore malformedHostheader when constructingrequest.url(#3279)19d0811Harden GitHub Actions workflows and Dependabot config (#3276)01f4637chore(deps): bump idna from 3.10 to 3.15 (#3274)b8fa514docs: fix typos in TestClient docs and test_requests comment (#3266)e935b6bfix uvicorn domain (#3269)96af952Add 7-day cooldown for dependency resolution via uv exclude-newer (#3265)61e385bAdd zizmor GitHub Actions security analysis workflow (#3264)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.