From 87eb70675e88983d2ba742ff6dbcb4052823fa69 Mon Sep 17 00:00:00 2001 From: Lucas Seiki Oshiro Date: Sat, 11 Jul 2026 19:01:36 -0300 Subject: [PATCH] chore: bump fastapi to 0.133.1 and starlette to 1.0.1 Apply the same version bump from 81add39 to v1, fixing these CVEs: - CVE-2026-48710 - CVE-2026-48818 - CVE-2026-54283 --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 8a7048d10a7..ecbcf89c75f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ dependencies = [ "anyio>=4.9,<5", # For MCP Session Manager "authlib>=1.6.6,<2", # For RestAPI Tool "click>=8.1.8,<9", # For CLI tools - "fastapi>=0.124.1,<1", # FastAPI framework + "fastapi>=0.133.1,<1", # FastAPI framework "google-api-python-client>=2.157,<3", # Google API client discovery "google-auth[pyopenssl]>=2.47", # Google Auth library "google-cloud-aiplatform[agent-engines]>=1.148.1,<2", # For VertexAI integrations, e.g. example store. @@ -71,7 +71,7 @@ dependencies = [ "requests>=2.32.4,<3", "sqlalchemy>=2,<3", # SQL database ORM "sqlalchemy-spanner>=1.14", # Spanner database session service - "starlette>=0.49.1,<1", # For FastAPI CLI + "starlette>=1.0.1,<2", # For FastAPI CLI "tenacity>=9,<10", # For Retry management "typing-extensions>=4.5,<5", "tzlocal>=5.3,<6", # Time zone utilities