Avatar for the fastapi user
fastapi
fastapi
BlogDocsChangelog

Performance History

Latest Results

fix: raise ValueError in format_sse_event instead of stripping invalid chars Replace silent .replace() sanitization in format_sse_event() with explicit ValueError raises for \n, \r, and \0 in the event and id fields. Previously, format_sse_event() would strip those characters, creating a behavioral inconsistency with ServerSentEvent's AfterValidator which raises on the same input. As YuriiMotov pointed out: data allows newlines by SSE spec design (each line becomes a separate data: frame), but event and id are single-token fields where a newline is always a protocol violation. Silent stripping masks bugs at the call site; raising surfaces them where they belong. Both code paths now fail identically for the same invalid input. Tests updated from strip-behavior assertions to ValueError assertions, plus two new null-byte tests covering format_sse_event() directly for event and id.
subhashdasyam:fix/sse-newline-injection
3 hours ago
fix: raise ValueError in format_sse_event instead of stripping invalid chars Replace silent .replace() sanitization in format_sse_event() with explicit ValueError raises for \n, \r, and \0 in the event and id fields. Previously, format_sse_event() would strip those characters, creating a behavioral inconsistency with ServerSentEvent's AfterValidator which raises on the same input. As YuriiMotov pointed out: data allows newlines by SSE spec design (each line becomes a separate data: frame), but event and id are single-token fields where a newline is always a protocol violation. Silent stripping masks bugs at the call site; raising surfaces them where they belong. Both code paths now fail identically for the same invalid input. Tests updated from strip-behavior assertions to ValueError assertions, plus two new null-byte tests covering format_sse_event() directly for event and id. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
subhashdasyam:fix/sse-newline-injection
3 hours ago
🎨 Auto format
fitratgulmamadov:fix/issue-13175-duplicate-operation-id
5 hours ago
Add test for unique operationId generation in multi-method routes
fitratgulmamadov:fix/issue-13175-duplicate-operation-id
5 hours ago
Fix duplicate operationId for multi-method routes When a route is registered with multiple HTTP methods via add_api_route(..., methods=["POST", "DELETE"]), generate_unique_id() only uses the first method from the set, causing all methods to share the same unique_id and producing duplicate operationIds in the OpenAPI schema along with a UserWarning. Fix by detecting multi-method routes in get_openapi_operation_metadata and building a per-method operationId using the current method parameter (already available in the function), following the same pattern as generate_unique_id. Fixes #13175
fitratgulmamadov:fix/issue-13175-duplicate-operation-id
9 hours ago
🎨 Auto format
hnshah:refactor/move-imports-to-type-checking
11 hours ago
refactor: Move type-only imports into TYPE_CHECKING blocks Move imports that are only used for type annotations into TYPE_CHECKING blocks to prevent unnecessary runtime imports and potential circular import issues. Changes: - fastapi/openapi/utils.py: Response - tests/test_dependency_contextmanager.py: StreamingResponse - tests/test_route_scope.py: APIRoute Detected via: ruff check . --select TC002
hnshah:refactor/move-imports-to-type-checking
11 hours ago
👷 Add ty check to `lint.sh` (#15136)
master
14 hours ago

Latest Branches

CodSpeed Performance Gauge
0%
fix: reject newline characters in SSE event and id fields#15187
3 hours ago
9e51a7d
subhashdasyam:fix/sse-newline-injection
CodSpeed Performance Gauge
0%
Fix duplicate operationId for routes with multiple HTTP methods#15215
5 hours ago
937fcdf
fitratgulmamadov:fix/issue-13175-duplicate-operation-id
CodSpeed Performance Gauge
0%
refactor: Move type-only imports into TYPE_CHECKING blocks#15212
11 hours ago
006e62e
hnshah:refactor/move-imports-to-type-checking
© 2026 CodSpeed Technology
Home Terms Privacy Docs