Skip to content

[BUZZOK-28255] update starlette to fix CVE #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[BUZZOK-28255] update starlette to fix CVE #259

wants to merge 1 commit into from

Conversation

@andrii-shchur
Copy link

@andrii-shchur andrii-shchur commented Nov 3, 2025

This repository is public. Do not put here any private DataRobot or customer's data: code, datasets, model artifacts, .etc.

Summary

updatedstarlette to fix CVE. Also updated fastapi since it was conflicting with the new starlette version
related PR: datarobot/datarobot-user-models#1739

Rationale

@andrii-shchur andrii-shchur mentioned this pull request Nov 3, 2025
Merged
mjnitz02
mjnitz02 requested changes Nov 5, 2025
View reviewed changes
Copy link
Collaborator

@mjnitz02 mjnitz02 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to hold off on this until we stabilize the agent environments. Right now they are broken

mjnitz02
mjnitz02 reviewed Nov 5, 2025
View reviewed changes
Copy link
Collaborator

@mjnitz02 mjnitz02 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a very high possibility that the fastapi upgrades were incompatible with the codespaces ipykernel and we won't be able to upgrade it. We need to isolate this problem after we are able to release before we attempt to upgrade this. We should ask for an exemption on this CVE for now. cc @tsdaemon

@mjnitz02
Copy link
Collaborator

mjnitz02 commented Nov 5, 2025

The changes in datarobot/datarobot-user-models#1739 were also reverted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjnitz02 mjnitz02 mjnitz02 requested changes

@akshoop akshoop akshoop approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@andrii-shchur @mjnitz02 @akshoop @tsdaemon