Starlette

Fixed

* Exclude the query parameters from the `scope[raw_path]` on the `TestClient` [2716](https://github.com/encode/starlette/pull/2716).
* Replace `dict` by `Mapping` on `HTTPException.headers` [2749](https://github.com/encode/starlette/pull/2749).
* Correct middleware argument passing and improve factory pattern [2752](https://github.com/encode/starlette/2752).

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.41.2...0.41.3

What's Changed

* Revert bump on `python-multipart` by Kludex in https://github.com/encode/starlette/pull/2737

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.41.1...0.41.2

What's Changed

* Change `python-multipart` import to `python_multipart` by Kludex in https://github.com/encode/starlette/pull/2733
* Bump minimum `python-multipart` version to 0.0.13 by Kludex in https://github.com/encode/starlette/pull/2734

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.41.0...0.41.1

Added

* Allow to raise `HTTPException` before `websocket.accept()` https://github.com/encode/starlette/pull/2725

This release fixes a Denial of service (DoS) via `multipart/form-data` requests.

You can view the full security advisory:
[GHSA-f96h-pmfr-66vw](https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw)

Fixed

- Add `max_part_size` to `MultiPartParser` to limit the size of parts in `multipart/form-data`
requests [fd038f3](https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733).

Fixed

- Allow use of `request.url_for` when only "app" scope is available [2672](https://github.com/encode/starlette/pull/2672).
- Fix internal type hints to support `python-multipart==0.0.12` [2708](https://github.com/encode/starlette/pull/2708).

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.39.1...0.39.2