mirror of
https://github.com/gradio-app/gradio.git
synced 2024-12-21 02:19:59 +08:00
build(deps): unpin and upgrade python-multipart
(#10110)
Commit febbed6db1
("Pin multipart version to fix issues with yanking
(#9834)") pinned this because of issues with `micropip` yanking
versions. However, doing so blocks users of `gradio` from being able to
resolve important security vulnerabilities (see [[1]] as an example).
This updates `python-multipart` to the patched version, as well as unpins
it to prevent the need for `gradio` to cut new releases every time a
`python-multipart` vulnerability is found.
[1]: https://github.com/advisories/GHSA-59g5-xgcq-4qw3
Signed-off-by: Luke Hsiao <luke.hsiao@numbersstation.ai>
This commit is contained in:
parent
e450674ce4
commit
f1718c4713
@ -632,7 +632,7 @@ class GradioMultiPartParser:
|
|||||||
raise MultiPartException("Missing boundary in multipart.") from e
|
raise MultiPartException("Missing boundary in multipart.") from e
|
||||||
|
|
||||||
# Callbacks dictionary.
|
# Callbacks dictionary.
|
||||||
callbacks: multipart.multipart.MultipartCallbacks = {
|
callbacks = {
|
||||||
"on_part_begin": self.on_part_begin,
|
"on_part_begin": self.on_part_begin,
|
||||||
"on_part_data": self.on_part_data,
|
"on_part_data": self.on_part_data,
|
||||||
"on_part_end": self.on_part_end,
|
"on_part_end": self.on_part_end,
|
||||||
@ -644,7 +644,7 @@ class GradioMultiPartParser:
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Create the parser.
|
# Create the parser.
|
||||||
parser = multipart.MultipartParser(boundary, callbacks)
|
parser = multipart.MultipartParser(boundary, callbacks) # type: ignore
|
||||||
try:
|
try:
|
||||||
# Feed the parser with data from the request.
|
# Feed the parser with data from the request.
|
||||||
async for chunk in self.stream:
|
async for chunk in self.stream:
|
||||||
|
@ -14,7 +14,7 @@ packaging
|
|||||||
pandas>=1.0,<3.0
|
pandas>=1.0,<3.0
|
||||||
pillow>=8.0,<12.0
|
pillow>=8.0,<12.0
|
||||||
pydantic>=2.0
|
pydantic>=2.0
|
||||||
python-multipart==0.0.12 # required for fastapi forms. pinning to avoid yanking issues with micropip.
|
python-multipart>=0.0.18 # required for fastapi forms.
|
||||||
pydub
|
pydub
|
||||||
pyyaml>=5.0,<7.0
|
pyyaml>=5.0,<7.0
|
||||||
ruff>=0.2.2; sys.platform != 'emscripten'
|
ruff>=0.2.2; sys.platform != 'emscripten'
|
||||||
|
Loading…
Reference in New Issue
Block a user