Starlette

Added

* Allow to raise `HTTPException` before `websocket.accept()` https://github.com/encode/starlette/pull/2725

This release fixes a Denial of service (DoS) via `multipart/form-data` requests.

You can view the full security advisory:
[GHSA-f96h-pmfr-66vw](https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw)

Fixed

- Add `max_part_size` to `MultiPartParser` to limit the size of parts in `multipart/form-data`
requests [fd038f3](https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733).

Fixed

- Allow use of `request.url_for` when only "app" scope is available [2672](https://github.com/encode/starlette/pull/2672).
- Fix internal type hints to support `python-multipart==0.0.12` [2708](https://github.com/encode/starlette/pull/2708).

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.39.1...0.39.2

Fixed

- Avoid regex re-compilation in `responses.py` and `schemas.py` [2700](https://github.com/encode/starlette/pull/2700).
- Improve performance of `get_route_path` by removing regular expression usage [2701](https://github.com/encode/starlette/pull/2701).
- Consider `FileResponse.chunk_size` when handling multiple ranges [2703](https://github.com/encode/starlette/pull/2703).
- Use `token_hex` for generating multipart boundary strings [2702](https://github.com/encode/starlette/pull/2702).

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.39.0...0.39.1

Added

* Add support for HTTP Range to `FileResponse` [2697](https://github.com/encode/starlette/pull/2697)

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.38.6...0.39.0

Fixed

* Close unclosed `MemoryObjectReceiveStream` in `TestClient` [2693](https://github.com/encode/starlette/pull/2693).

---

**Full Changelog**: https://github.com/encode/starlette/compare/0.38.5...0.38.6