Description
Actual Behavior
poetry update openapi-core
led to
- Downgrading starlette (0.46.2 -> 0.44.0)
- Installing aioitertools (0.12.0)
- Downgrading werkzeug (3.1.3 -> 3.1.1)
- Updating openapi-core (0.19.4 -> 0.19.5)
I've checked and there are no CVEs on these releases of starlette or werkzeug (although including werkzeug in my non-flask app is upsetting)
Expected Behavior
I see other dependencies have a wildcard dependency, which makes them super compatible with other packages. For some reason my local poetry forces a dowgrade of starlette when I try to use openapi-core
Doing this to ensure that fast-api can remain spec-first and we don't accidentally automatically iterate towards trouble with code security scanning tooling such as snyk
Steps to Reproduce
poetry add openapi-tools
then I update the extras to contain
python = "~=3.11.4"
datadog-lambda = "^6"
fastapi = "^0.115.11"
mangum = "^0.17.0"
openapi-core = { version = "^0.19.4", extras = ["fastapi", "starlette"] }
This is because I use the starlette middleware within fastapi, as it overcomes some error handling that fast-api doesn't handle (TBH I don't understand that part as well as I should)
OpenAPI Core Version
0.19.5
OpenAPI Core Integration
starlette,fastapi
Affected Area(s)
dependencies
References
No response
Anything else we need to know?
N/A
Would you like to implement a fix?
Yes