Sync Repo-docs-audits-2026-07-09-dependency-audit from project files
@@ -1,4 +1,4 @@
|
|||||||
<!-- codex-wiki-sync:e4c82de96ff1812cee740957 -->
|
<!-- codex-wiki-sync:576ede02ac9fec1bc104f3eb -->
|
||||||
|
|
||||||
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/audits/2026-07-09-dependency-audit.md`.
|
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/audits/2026-07-09-dependency-audit.md`.
|
||||||
> Origin: `repository`.
|
> Origin: `repository`.
|
||||||
@@ -69,7 +69,10 @@ Notes:
|
|||||||
- `pip-audit` still reports private GovOPlaN packages as skipped because they
|
- `pip-audit` still reports private GovOPlaN packages as skipped because they
|
||||||
are not published on PyPI. That is expected for editable local development
|
are not published on PyPI. That is expected for editable local development
|
||||||
installs.
|
installs.
|
||||||
- FastAPI 0.139 emits deprecation warnings for `fastapi.testclient` importing
|
- `httpx2>=2.5,<3` is included in development requirements so Starlette's
|
||||||
Starlette's `TestClient` with `httpx`; this is not a vulnerability and does
|
`TestClient` uses the non-deprecated backend. `httpx==0.28.1` remains in dev
|
||||||
not fail current tests. Track separately if the test client should move to
|
requirements for tests that mock connector HTTP responses directly.
|
||||||
`httpx2`.
|
- Split-module API routers now use Starlette's renamed
|
||||||
|
`HTTP_422_UNPROCESSABLE_CONTENT` status constant. This preserves the 422
|
||||||
|
status code while avoiding the deprecated `HTTP_422_UNPROCESSABLE_ENTITY`
|
||||||
|
alias.
|
||||||
|
|||||||
Reference in New Issue
Block a user