Sync Repo-docs-audits-2026-07-09-dependency-audit from project files
@@ -1,4 +1,4 @@
|
||||
<!-- codex-wiki-sync:e4c82de96ff1812cee740957 -->
|
||||
<!-- codex-wiki-sync:576ede02ac9fec1bc104f3eb -->
|
||||
|
||||
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/audits/2026-07-09-dependency-audit.md`.
|
||||
> Origin: `repository`.
|
||||
@@ -69,7 +69,10 @@ Notes:
|
||||
- `pip-audit` still reports private GovOPlaN packages as skipped because they
|
||||
are not published on PyPI. That is expected for editable local development
|
||||
installs.
|
||||
- FastAPI 0.139 emits deprecation warnings for `fastapi.testclient` importing
|
||||
Starlette's `TestClient` with `httpx`; this is not a vulnerability and does
|
||||
not fail current tests. Track separately if the test client should move to
|
||||
`httpx2`.
|
||||
- `httpx2>=2.5,<3` is included in development requirements so Starlette's
|
||||
`TestClient` uses the non-deprecated backend. `httpx==0.28.1` remains in dev
|
||||
requirements for tests that mock connector HTTP responses directly.
|
||||
- Split-module API routers now use Starlette's renamed
|
||||
`HTTP_422_UNPROCESSABLE_CONTENT` status constant. This preserves the 422
|
||||
status code while avoiding the deprecated `HTTP_422_UNPROCESSABLE_ENTITY`
|
||||
alias.
|
||||
|
||||
Reference in New Issue
Block a user