Workflow

Starlette

Latest version: v0.45.2

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 10 of 12

0.19.1

Not secure
Fixed
* Fix inference of `Route.name` when created from methods [1553](https://github.com/encode/starlette/pull/1553).
* Avoid `TypeError` on `websocket.disconnect` when code is `None` [1574](https://github.com/encode/starlette/pull/1574).

Deprecated
* Deprecate `WS_1004_NO_STATUS_RCVD` and `WS_1005_ABNORMAL_CLOSURE` in favor of `WS_1005_NO_STATUS_RCVD` and `WS_1006_ABNORMAL_CLOSURE`, as the previous constants didn't match the [WebSockets specs](https://www.iana.org/assignments/websocket/websocket.xhtml) [#1580](https://github.com/encode/starlette/pull/1580).

0.19.0

Not secure
Added
* Error handler will always run, even if the error happens on a background task [761](https://github.com/encode/starlette/pull/761).
* Add `headers` parameter to `HTTPException` [1435](https://github.com/encode/starlette/pull/1435).
* Internal responses with `405` status code insert an `Allow` header, as described by [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.5) [1436](https://github.com/encode/starlette/pull/1436).
* The `content` argument in `JSONResponse` is now required [1431](https://github.com/encode/starlette/pull/1431).
* Add custom URL convertor register [1437](https://github.com/encode/starlette/pull/1437).
* Add content disposition type parameter to `FileResponse` [1266](https://github.com/encode/starlette/pull/1266).
* Add next query param with original request URL in requires decorator [920](https://github.com/encode/starlette/pull/920).
* Add `raw_path` to `TestClient` scope [1445](https://github.com/encode/starlette/pull/1445).
* Add union operators to `MutableHeaders` [1240](https://github.com/encode/starlette/pull/1240).
* Display missing route details on debug page [1363](https://github.com/encode/starlette/pull/1363).
* Change `anyio` required version range to `>=3.4.0,<5.0` [1421](https://github.com/encode/starlette/pull/1421) and [#1460](https://github.com/encode/starlette/pull/1460).
* Add `typing-extensions>=3.10` requirement - used only on lower versions than Python 3.10 [1475](https://github.com/encode/starlette/pull/1475).

Fixed
* Prevent `BaseHTTPMiddleware` from hiding errors of `StreamingResponse` and mounted applications [1459](https://github.com/encode/starlette/pull/1459).
* `SessionMiddleware` uses an explicit `path=...`, instead of defaulting to the ASGI 'root_path' [1512](https://github.com/encode/starlette/pull/1512).
* `Request.client` is now compliant with the ASGI specifications [1462](https://github.com/encode/starlette/pull/1462).
* Raise `KeyError` at early stage for missing boundary [1349](https://github.com/encode/starlette/pull/1349).

Deprecated
* Deprecate WSGIMiddleware in favor of a2wsgi [1504](https://github.com/encode/starlette/pull/1504).
* Deprecate `run_until_first_complete` [1443](https://github.com/encode/starlette/pull/1443).

0.18.0

Not secure
Added
* Change default chunk size from 4Kb to 64Kb on `FileResponse` [1345](https://github.com/encode/starlette/pull/1345).
* Add support for `functools.partial` in `WebSocketRoute` [1356](https://github.com/encode/starlette/pull/1356).
* Add `StaticFiles` packages with directory [1350](https://github.com/encode/starlette/pull/1350).
* Allow environment options in `Jinja2Templates` [1401](https://github.com/encode/starlette/pull/1401).
* Allow HEAD method on `HttpEndpoint` [1346](https://github.com/encode/starlette/pull/1346).
* Accept additional headers on `websocket.accept` message [1361](https://github.com/encode/starlette/pull/1361) and [#1422](https://github.com/encode/starlette/pull/1422).
* Add `reason` to `WebSocket` close ASGI event [1417](https://github.com/encode/starlette/pull/1417).
* Add headers attribute to `UploadFile` [1382](https://github.com/encode/starlette/pull/1382).
* Don't omit `Content-Length` header for `Content-Length: 0` cases [1395](https://github.com/encode/starlette/pull/1395).
* Don't set headers for responses with 1xx, 204 and 304 status code [1397](https://github.com/encode/starlette/pull/1397).
* `SessionMiddleware.max_age` now accepts `None`, so cookie can last as long as the browser session [1387](https://github.com/encode/starlette/pull/1387).

Fixed
* Tweak `hashlib.md5()` function on `FileResponse`s ETag generation. The parameter [`usedforsecurity`](https://bugs.python.org/issue9216) flag is set to `False`, if the flag is available on the system. This fixes an error raised on systems with [FIPS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/FIPS_Mode_-_an_explanation) enabled [#1366](https://github.com/encode/starlette/pull/1366) and [#1410](https://github.com/encode/starlette/pull/1410).
* Fix `path_params` type on `url_path_for()` method i.e. turn `str` into `Any` [1341](https://github.com/encode/starlette/pull/1341).
* `Host` now ignores `port` on routing [1322](https://github.com/encode/starlette/pull/1322).

0.17.1

Not secure
Fixed
* Fix `IndexError` in authentication `requires` when wrapped function arguments are distributed between `*args` and `**kwargs` [1335](https://github.com/encode/starlette/pull/1335).

0.17.0

Not secure
Added
* `Response.delete_cookie` now accepts the same parameters as `Response.set_cookie` [1228](https://github.com/encode/starlette/pull/1228).
* Update the `Jinja2Templates` constructor to allow `PathLike` [1292](https://github.com/encode/starlette/pull/1292).

Fixed
* Fix BadSignature exception handling in SessionMiddleware [1264](https://github.com/encode/starlette/pull/1264).
* Change `HTTPConnection.__getitem__` return type from `str` to `typing.Any` [1118](https://github.com/encode/starlette/pull/1118).
* Change `ImmutableMultiDict.getlist` return type from `typing.List[str]` to `typing.List[typing.Any]` [1235](https://github.com/encode/starlette/pull/1235).
* Handle `OSError` exceptions on `StaticFiles` [1220](https://github.com/encode/starlette/pull/1220).
* Fix `StaticFiles` 404.html in HTML mode [1314](https://github.com/encode/starlette/pull/1314).
* Prevent anyio.ExceptionGroup in error views under a BaseHTTPMiddleware [1262](https://github.com/encode/starlette/pull/1262).

Removed
* Remove GraphQL support [1198](https://github.com/encode/starlette/pull/1198).

0.16.0

Not secure
Added
* Added [Encode](https://github.com/sponsors/encode) funding option
[1219](https://github.com/encode/starlette/pull/1219)

Fixed
* `starlette.websockets.WebSocket` instances are now hashable and compare by identity
[1039](https://github.com/encode/starlette/pull/1039)
* A number of fixes related to running task groups in lifespan
[1213](https://github.com/encode/starlette/pull/1213),
[1227](https://github.com/encode/starlette/pull/1227)

Deprecated/removed
* The method `starlette.templates.Jinja2Templates.get_env` was removed
[1218](https://github.com/encode/starlette/pull/1218)
* The ClassVar `starlette.testclient.TestClient.async_backend` was removed,
the backend is now configured using constructor kwargs
[1211](https://github.com/encode/starlette/pull/1211)
* Passing an Async Generator Function or a Generator Function to `starlette.router.Router(lifespan_context=)` is deprecated. You should wrap your lifespan in `contextlib.asynccontextmanager`.
[1227](https://github.com/encode/starlette/pull/1227)
[1110](https://github.com/encode/starlette/pull/1110)

Page 10 of 12

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.