Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-starlette for
openSUSE:Factory checked in at 2026-06-18 18:38:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-starlette (Old)
and /work/SRC/openSUSE:Factory/.python-starlette.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-starlette"
Thu Jun 18 18:38:58 2026 rev:38 rq:1360239 version:1.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-starlette/python-starlette.changes
2026-06-13 18:46:45.823999256 +0200
+++
/work/SRC/openSUSE:Factory/.python-starlette.new.1981/python-starlette.changes
2026-06-18 18:39:44.350815842 +0200
@@ -1,0 +2,17 @@
+Tue Jun 16 06:00:12 UTC 2026 - Steve Kowalik <[email protected]>
+
+- Update to 1.3.1 (fixes CVE-2026-54282, bsc#1268520, CVE-2026-54283,
bsc#1268517):
+ * Use StarletteDeprecationWarning instead of DeprecationWarning
+ * Enforce max_fields and max_part_size in FormParser
+ * Enforce FormParser limits in parser callbacks
+ * Clamp oversized suffix ranges in FileResponse
+ * Catch OSError alongside MultiPartException when closing temp files
+ * Add httpx2 to the full extra
+ * Adjust testclient typing and warnings
+ * Fix IndexError in URL.replace() on a URL with no authority
+ * Annotate URLPath protocol parameter with Literal
+ * avoid collapsing exception groups from user code
+ * Use removeprefix to strip weak ETag indicator in is_not_modified
+ * Build request.url from structured components
+
+-------------------------------------------------------------------
Old:
----
starlette-1.2.0.tar.gz
New:
----
starlette-1.3.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-starlette.spec ++++++
--- /var/tmp/diff_new_pack.soocOi/_old 2026-06-18 18:39:48.602993236 +0200
+++ /var/tmp/diff_new_pack.soocOi/_new 2026-06-18 18:39:48.622994070 +0200
@@ -27,13 +27,13 @@
%{?sle15_python_module_pythons}
Name: python-starlette%{psuffix}
-Version: 1.2.0
+Version: 1.3.1
Release: 0
Summary: Lightweight ASGI framework/toolkit
License: BSD-3-Clause
URL: https://github.com/encode/starlette
Source:
https://github.com/encode/starlette/archive/refs/tags/%{version}.tar.gz#/starlette-%{version}.tar.gz
-BuildRequires: %{python_module base >= 3.9}
+BuildRequires: %{python_module base >= 3.10}
BuildRequires: %{python_module hatchling}
BuildRequires: %{python_module pip}
BuildRequires: fdupes
@@ -43,12 +43,13 @@
BuildArch: noarch
%if %{with test}
BuildRequires: %{python_module anyio >= 3.6.2}
-BuildRequires: %{python_module starlette}
+BuildRequires: %{python_module starlette = %{version}}
# typing_extensions, see below
# SECTION [full]
BuildRequires: %{python_module PyYAML}
BuildRequires: %{python_module Jinja2}
BuildRequires: %{python_module httpx >= 0.28}
+BuildRequires: %{python_module httpx2 >= 2.0}
BuildRequires: %{python_module itsdangerous}
BuildRequires: %{python_module python-multipart >= 0.0.18}
# /SECTION
@@ -61,6 +62,8 @@
# testing requires it for all flavors
BuildRequires: %{python_module typing_extensions >= 4.10.0}
BuildRequires: %{python_module importlib-metadata >= 7.0.1}
+# httpx2[zstd]
+BuildRequires: %{python_module zstandard}
# /SECITON
%endif
%python_subpackages
@@ -91,9 +94,7 @@
# cannot just use ifarch conditionals here...
ignored_tests="test_set_cookie"
ignored_tests="$ignored_tests or test_expires_on_set_cookie"
-# disable these until we have httpx2 packaged
-ignored_tests="$ignored_tests or test_request_headers or
test_websocket_headers"
-%pytest -W ignore::PendingDeprecationWarning --asyncio-mode=strict -k "not
($ignored_tests)"
+%pytest -k "not ($ignored_tests)"
%endif
++++++ starlette-1.2.0.tar.gz -> starlette-1.3.1.tar.gz ++++++
++++ 2279 lines of diff (skipped)
