security: upgrade starlette to 1.0.1 to fix PYSEC-2026-161

- starlette 0.52.1 had Host header injection vulnerability (auth bypass) - Upgraded to 1.0.1 which fixes the issue - Removed unused prometheus-fastapi-instrumentator (conflicting constraint) - Updated pyproject.toml starlette >= 1.0.1
2026-05-25 12:08:29 +02:00
parent 4e83877faf
commit 48eded61b8
1 changed files with 1 additions and 1 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,7 +12,7 @@ python = ">=3.13.5,<3.14"
 fastapi = ">=0.115.6"
 uvicorn = {extras = ["standard"], version = ">=0.34.0"}
 gunicorn = ">=23.0.0"
-starlette = ">=0.49.1"
+starlette = ">=1.0.1"
 # Database & ORM
 sqlalchemy = {extras = ["asyncio"], version = ">=2.0.49"}
 sqlmodel = ">=0.0.38"