[Core] fix dependabot alert (#1986)

yaelibarg · web-flow · commit ceaec28c4334 · 2025-08-13T01:55:22.000-07:00
### **User description** # Description What - bump fastapi version to 0.116.0 to upgrade starlette Why - https://github.com/port-labs/ocean/security/dependabot/907 How - bump fastapi version ## Type of change Please leave one option from the following and delete the rest: - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] New Integration (non-breaking change which adds a new integration) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] Non-breaking change (fix of existing functionality that will not change current behavior) - [ ] Documentation (added/updated documentation) <h4> All tests should be run against the port production environment(using a testing org). </h4> ### Core testing checklist - [ ] Integration able to create all default resources from scratch - [ ] Resync finishes successfully - [ ] Resync able to create entities - [ ] Resync able to update entities - [ ] Resync able to detect and delete entities - [ ] Scheduled resync able to abort existing resync and start a new one - [ ] Tested with at least 2 integrations from scratch - [ ] Tested with Kafka and Polling event listeners - [ ] Tested deletion of entities that don't pass the selector ___ ### **PR Type** Bug fix ___ ### **Description** - Update FastAPI dependency to fix security vulnerability ___ ### Diagram Walkthrough ```mermaid flowchart LR A["pyproject.toml"] -- "update version" --> B["FastAPI ^0.116.0"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table> <tr> <td> <details> <summary><strong>pyproject.toml</strong><dd><code>Update FastAPI dependency version</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </dd></summary> <hr> pyproject.toml - Updated FastAPI dependency from ^0.115.3 to ^0.116.0 </details> </td> <td><a href="https://github.com/port-labs/ocean/pull/1986/files#diff-50c86b7ed8ac2cf95bd48334961bf0530cdc77b5a56f852c5c61b89d735fd711">+1/-1</a>&nbsp; &nbsp; &nbsp; </td> </tr> </table></td></tr></tr></tbody></table> </details> ___
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 <!-- towncrier release notes start -->
+## 0.27.5 (2024-08-13)
+
+
+### Improvements
+
+- Bump fastapi to version 0.116.0 - fix Starlette has possible denial-of-service vector when parsing large files in multipart forms (< 0.47.2)
+
 ## 0.27.4 (2025-08-12)
 ### Bug Fixes
 
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "port-ocean"
-version = "0.27.4"
+version = "0.27.5"
 description = "Port Ocean is a CLI tool for managing your Port projects."
 readme = "README.md"
 homepage = "https://app.getport.io"
@@ -44,7 +44,7 @@ pydantic = { version = "^1.10.8", extras = ["dotenv"] }
 loguru = "^0.7.0"
 pyyaml = "^6.0"
 werkzeug = ">=2.3.4,<4.0.0"
-fastapi = "^0.115.3"
+fastapi = "^0.116.0"
 uvicorn = "^0.34.3"
 confluent-kafka = "^2.10.1"
 httpx = "^0.28.1"
