Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump fastapi from 0.99.0 to 0.100.0 #210

Closed
wants to merge 3 commits into from
Closed

Bump fastapi from 0.99.0 to 0.100.0 #210

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 11, 2023
edited
Loading

Bumps fastapi from 0.99.0 to 0.100.0.

Release notes

Sourced from fastapi's releases.

0.100.0

✨ Support for Pydantic v2

Pydantic version 2 has the core re-written in Rust and includes a lot of improvements and features, for example:

  • Improved correctness in corner cases.
  • Safer types.
  • Better performance and less energy consumption.
  • Better extensibility.
  • etc.

...all this while keeping the same Python API. In most of the cases, for simple models, you can simply upgrade the Pydantic version and get all the benefits. 🚀

In some cases, for pure data validation and processing, you can get performance improvements of 20x or more. This means 2,000% or more. 🤯

When you use FastAPI, there's a lot more going on, processing the request and response, handling dependencies, executing your own code, and particularly, waiting for the network. But you will probably still get some nice performance improvements just from the upgrade.

The focus of this release is compatibility with Pydantic v1 and v2, to make sure your current apps keep working. Later there will be more focus on refactors, correctness, code improvements, and then performance improvements. Some third-party early beta testers that ran benchmarks on the beta releases of FastAPI reported improvements of 2x - 3x. Which is not bad for just doing pip install --upgrade fastapi pydantic. This was not an official benchmark and I didn't check it myself, but it's a good sign.

Migration

Check out the Pydantic migration guide.

For the things that need changes in your Pydantic models, the Pydantic team built bump-pydantic.

A command line tool that will process your code and update most of the things automatically for you. Make sure you have your code in git first, and review each of the changes to make sure everything is correct before committing the changes.

Pydantic v1

This version of FastAPI still supports Pydantic v1. And although Pydantic v1 will be deprecated at some point, ti will still be supported for a while.

This means that you can install the new Pydantic v2, and if something fails, you can install Pydantic v1 while you fix any problems you might have, but having the latest FastAPI.

There are tests for both Pydantic v1 and v2, and test coverage is kept at 100%.

Changes

  • There are new parameter fields supported by Pydantic Field() for:

    • Path()
    • Query()
    • Header()
    • Cookie()
    • Body()
    • Form()
    • File()

  • The new parameter fields are:

    • default_factory

... (truncated)

Commits
  • f8356d9 🔖 Release version 0.100.0
  • 179e409 📝 Update release notes
  • bb7e5b7 📝 Update release notes
  • 0976185 ✨ Add support for Pydantic v2 (#9816)
  • dd4e78c 🔖 Release version 0.99.1
  • 8a198fc 📝 Update release notes
  • 6bd4f53 📝 Update release notes
  • 07e1dea 🐛 Fix JSON Schema accepting bools as valid JSON Schemas, e.g. `additionalProp...
  • 0f105d9 📝 Update release notes
  • 4d83f98 📝 Update source examples to use new JSON Schema examples field (#9776)
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump fastapi from 0.99.0 to 0.100.0
9afb36f 
Bumps [fastapi](https://github.com/tiangolo/fastapi) from 0.99.0 to 0.100.0.
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.99.0...0.100.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 11, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 1, 2023

A newer version of fastapi exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@armanddidierjean armanddidierjean marked this pull request as draft August 17, 2023 18:45
@gitguardian
Copy link

gitguardian bot commented Oct 20, 2023

⚠️ GitGuardian has uncovered 4 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id Secret Commit Filename
7298663 RSA Private Key 30ca63b .env.test View secret
7298668 Generic High Entropy Secret 30ca63b .env.test View secret
7298675 Generic High Entropy Secret 30ca63b .env.test View secret
7298675 Generic High Entropy Secret 30ca63b .env.test View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@armanddidierjean
Copy link
Member

Closed in favor of #281

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 6, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/fastapi-0.100.0 branch November 6, 2023 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@armanddidierjean @AtomHare