da5f00610d
fix: reject None from security dependencies when annotation is non-optional
When a security scheme (OAuth2PasswordBearer, HTTPBearer, APIKeyHeader,
etc.) has auto_error=False, it returns None on missing or invalid
credentials. Previously, FastAPI injected this None into the endpoint
parameter regardless of its type annotation, causing either a 500 crash
(if the handler called methods on the value) or a silent auth bypass
(if the handler did a truthy check).
Now, when a security scheme dependency returns None and the endpoint
parameter is annotated as non-optional (e.g. `str` instead of
`str | None`), FastAPI returns a 422 validation error with a message
explaining the mismatch. Parameters annotated as optional continue to
receive None as before.
The check only applies to direct security scheme dependencies, not to
intermediate functions in dependency chains.
2 months ago
4fa826ce0a
📝 Update release notes
[skip ci]
2 months ago
c39415673e
⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 ( #15408 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
ae230ad2f9
📝 Update release notes
[skip ci]
2 months ago
d9eb39d1a1
⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 ( #15409 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Motov Yurii <[email protected] >
2 months ago
4f8b5d14d3
📝 Update release notes
[skip ci]
2 months ago
04958499e0
⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0 ( #15407 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
71f3c30108
📝 Update release notes
[skip ci]
2 months ago
ea230dc80b
⬆ Bump pytest-cov from 7.0.0 to 7.1.0 ( #15406 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
5f68b19002
📝 Update release notes
[skip ci]
2 months ago
7402e33375
⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0 ( #15405 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
750ef483f2
📝 Update release notes
[skip ci]
2 months ago
7c6b79eb3b
⬆ Bump mypy from 1.19.1 to 1.20.1 ( #15410 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
c38782e0e8
📝 Update release notes
[skip ci]
2 months ago
840e462667
⬆ Bump python-dotenv from 1.2.1 to 1.2.2 ( #15400 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
88021c3dc0
📝 Update release notes
[skip ci]
2 months ago
13eade2fd9
⬆ Bump starlette from 0.52.1 to 1.0.0 ( #15397 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
e0900abc6d
📝 Update release notes
[skip ci]
2 months ago
4e6d8dc600
⬆ Bump pygithub from 2.8.1 to 2.9.1 ( #15396 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
2bf3cdeb19
📝 Update release notes
[skip ci]
2 months ago
043fdce921
⬆ Bump pyjwt from 2.12.0 to 2.12.1 ( #15393 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
9d79b257ad
📝 Update release notes
[skip ci]
2 months ago
6fadc67d62
⬆ Bump zizmor from 1.23.1 to 1.24.1 ( #15394 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
a93b1db937
📝 Update release notes
[skip ci]
2 months ago
e5a86c3972
⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3 ( #15395 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
916edab526
📝 Update release notes
[skip ci]
2 months ago
355c12ce0e
⬆ Bump python-multipart from 0.0.22 to 0.0.26 ( #15360 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Motov Yurii <[email protected] >
2 months ago
4a29794efb
📝 Update release notes
[skip ci]
2 months ago
c6bf1a9702
⬆ Bump authlib from 1.6.9 to 1.6.11 ( #15373 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Motov Yurii <[email protected] >
2 months ago
19c7b4bc28
📝 Update release notes
[skip ci]
2 months ago
0d68ccc87c
⬆ Bump aiohttp from 3.13.3 to 3.13.4 ( #15282 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Motov Yurii <[email protected] >
2 months ago
fb5f830bf8
📝 Update release notes
[skip ci]
2 months ago
7ce742e2c1
⬆ Bump pygments from 2.19.2 to 2.20.0 ( #15263 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Motov Yurii <[email protected] >
2 months ago
28b18ced2d
📝 Update release notes
[skip ci]
2 months ago
2d625c0962
⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2 ( #15391 )
2 months ago
ecc9069b90
📝 Update release notes
[skip ci]
2 months ago
7d23cc8fe8
⬆ Bump pillow from 12.1.1 to 12.2.0 ( #15333 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Motov Yurii <[email protected] >
2 months ago
636998e53a
📝 Update release notes
[skip ci]
2 months ago
a8773aadf8
⬆ Bump pytest from 9.0.2 to 9.0.3 ( #15334 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
2378fbbc45
📝 Update release notes
[skip ci]
2 months ago
c874e067dc
⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1 ( #15374 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
bdd6c70760
📝 Update release notes
[skip ci]
2 months ago
a595e44d28
⬆ Bump actions/cache from 5.0.4 to 5.0.5 ( #15385 )
Signed-off-by: dependabot[bot] <[email protected] >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
2fa00db858
📝 Update release notes
[skip ci]
2 months ago
41df44a29c
🔧 Update sponsors: remove Zuplo ( #15369 )
2 months ago
6976b0d4e6
📝 Update release notes
[skip ci]
2 months ago
3808d8540f
🔧 Update sponsors: remove Speakeasy ( #15368 )
2 months ago
24db1286eb
📝 Update release notes
[skip ci]
2 months ago
3f4169be1a
🔒 ️ Add zizmor and fix audit findings ( #15316 )
2 months ago
708606c982
🔖 Release version 0.136.0
2 months ago
Ismail Pelaseyed
github-actions[bot]
dependabot[bot]
Motov Yurii
Sebastián Ramírez