chore: Release 2.17 (#4253)

provinzkraut · web-flow · commit 130914406220 · 2025-08-10T15:34:29.000+02:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -56,7 +56,7 @@ jobs:
       - name: Install uv
         uses: astral-sh/setup-uv@v6
         with:
-          version: "0.6.12"
+          version: "0.8.8"
           enable-cache: true
 
       - name: Install dependencies
diff --git a/docs/_static/favicon.png b/docs/_static/favicon.png
diff --git a/docs/_static/logo.svg b/docs/_static/logo.svg
@@ -0,0 +1,31 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="500" zoomAndPan="magnify" viewBox="0 0 375 374.999991" height="500"
+     preserveAspectRatio="xMidYMid meet" version="1.0">
+    <defs>
+        <clipPath id="9eb7762d41">
+            <path d="M 15.933594 105 L 328 105 L 328 259 L 15.933594 259 Z M 15.933594 105 " clip-rule="nonzero"/>
+        </clipPath>
+        <clipPath id="183d3cc178">
+            <path d="M 142 78.769531 L 359.433594 78.769531 L 359.433594 296.269531 L 142 296.269531 Z M 142 78.769531 "
+                  clip-rule="nonzero"/>
+        </clipPath>
+    </defs>
+    <g clip-path="url(#9eb7762d41)">
+        <path fill="#edb641"
+              d="M 147.625 240.3125 C 161.5 233.984375 173.554688 227.011719 183.425781 220.550781 C 202.304688 208.203125 226.4375 185.242188 227.761719 183.410156 L 218.917969 177.503906 L 211.257812 172.386719 L 235.503906 171.441406 L 243.296875 171.136719 L 245.414062 163.640625 L 252.007812 140.304688 L 260.402344 163.054688 L 263.097656 170.363281 L 270.890625 170.058594 L 295.136719 169.113281 L 276.078125 184.117188 L 269.953125 188.9375 L 272.652344 196.25 L 281.046875 218.996094 L 260.871094 205.523438 L 254.390625 201.195312 L 248.265625 206.015625 L 229.207031 221.023438 L 232.480469 209.425781 L 235.796875 197.691406 L 236.207031 196.234375 C 213.003906 213.585938 180.546875 230.304688 161.140625 236.488281 C 156.6875 237.90625 152.183594 239.179688 147.625 240.3125 Z M 101.992188 258.078125 C 136.382812 256.734375 177.355469 248 217.675781 222.363281 L 209.90625 249.867188 L 254.910156 214.4375 L 302.539062 246.246094 L 282.71875 192.539062 L 327.71875 157.109375 L 270.46875 159.34375 L 250.648438 105.636719 L 235.085938 160.726562 L 177.835938 162.964844 L 210.980469 185.097656 C 189.164062 204.921875 134.445312 247.195312 61.957031 250.03125 C 47.300781 250.601562 31.914062 249.558594 15.933594 246.394531 C 15.933594 246.394531 52.011719 260.035156 101.992188 258.078125 "
+              fill-opacity="1" fill-rule="nonzero"/>
+    </g>
+    <g clip-path="url(#183d3cc178)">
+        <path fill="#edb641"
+              d="M 250.789062 78.96875 C 190.78125 78.96875 142.140625 127.570312 142.140625 187.519531 C 142.140625 198.875 143.886719 209.816406 147.121094 220.101562 C 151.847656 217.75 156.363281 215.316406 160.660156 212.84375 C 158.394531 204.789062 157.183594 196.296875 157.183594 187.519531 C 157.183594 135.871094 199.089844 93.996094 250.789062 93.996094 C 302.484375 93.996094 344.390625 135.871094 344.390625 187.519531 C 344.390625 239.171875 302.484375 281.042969 250.789062 281.042969 C 222.75 281.042969 197.597656 268.722656 180.441406 249.210938 C 175.453125 251.152344 170.402344 252.917969 165.289062 254.511719 C 185.183594 279.816406 216.082031 296.070312 250.789062 296.070312 C 310.792969 296.070312 359.433594 247.472656 359.433594 187.519531 C 359.433594 127.570312 310.792969 78.96875 250.789062 78.96875 "
+              fill-opacity="1" fill-rule="nonzero"/>
+    </g>
+    <path fill="#edb641"
+          d="M 92.292969 173.023438 L 98.289062 191.460938 L 117.691406 191.460938 L 101.992188 202.855469 L 107.988281 221.292969 L 92.292969 209.898438 L 76.59375 221.292969 L 82.589844 202.855469 L 66.894531 191.460938 L 86.296875 191.460938 L 92.292969 173.023438 "
+          fill-opacity="1" fill-rule="nonzero"/>
+    <path fill="#edb641"
+          d="M 120.214844 112.25 L 125.390625 128.167969 L 142.140625 128.167969 L 128.589844 138 L 133.765625 153.917969 L 120.214844 144.082031 L 106.664062 153.917969 L 111.839844 138 L 98.289062 128.167969 L 115.039062 128.167969 L 120.214844 112.25 "
+          fill-opacity="1" fill-rule="nonzero"/>
+    <path fill="#edb641"
+          d="M 34.695312 209.136719 L 37.71875 218.421875 L 47.492188 218.421875 L 39.585938 224.160156 L 42.605469 233.449219 L 34.695312 227.707031 L 26.792969 233.449219 L 29.8125 224.160156 L 21.90625 218.421875 L 31.679688 218.421875 L 34.695312 209.136719 "
+          fill-opacity="1" fill-rule="nonzero"/>
+</svg>
diff --git a/docs/release-notes/changelog.rst b/docs/release-notes/changelog.rst
@@ -1,7 +1,83 @@
 :orphan:
 
-2.x Changelog
-=============
+Litestar 2 Changelog
+====================
+
+.. changelog:: 2.17.0
+    :date: 2025-08-09
+
+    .. change:: Fix CRLF injection vulnerability in exception logging
+        :type: bugfix
+
+        Fix a CRLF vulnerability in the exception logging where Litestar included the
+        raw request path in the logged exception, allowing potential attackers to inject
+        newlines into the log message.
+
+    .. change:: OpenAPI: Fix empty response body when using DTO and ``Response[T]`` annotation
+        :type: bugfix
+        :pr: 4158
+        :issue: 3888
+
+        Fix a bug that result in an empty response body in the OpenAPI schema when a
+        ``return_dto`` was defined on a handler with a generic ``Response`` annotation,
+        such as
+
+        .. code-block:: python
+
+            @get("/get_items", return_dto=ItemReadDTO)
+            async def get_items() -> Response[list[Item]]:
+                return Response(
+                    content=[
+                        Item(id=1, name="Item 1", secret="123"),
+                    ],
+                )
+
+
+    .. change:: OpenAPI: Ensure deterministic order of schema types
+        :type: bugfix
+        :pr: 4239
+        :issue: 3646
+
+        Fix a bug that would result in a non-deterministic ordering of ``Literal`` /
+        Enum type unions, such as ``Literal[*] | None``
+
+    .. change:: Ensure dependency cleanup of ``yield`` dependency happens in reverse order
+        :type: bugfix
+        :pr: 4246
+
+        Fix a regression in the DI system that would cause generator dependencies to
+        be cleaned up in the order they were entered, instead of the reverse order.
+
+    .. change:: OpenAPI: Add option to exclude parameter from schema
+        :type: feature
+        :pr: 4177
+
+        Add a new ``exclude_from_schema`` parameter to
+        :func:`~litestar.params.Parameter` that allows to exclude a specific parameter
+        from the OpenAPI schema.
+
+    .. change:: OpenAPI: Extend support for Pydantic's custom date(time) types
+        :type: feature
+        :pr: 4218
+        :issue: 4217
+
+        Add full OpenAPI schema support for Pydantic's custom date(time) types:
+
+        - ``PastDate``
+        - ``FutureDate``
+        - ``PastDatetime``
+        - ``FutureDatetime``
+        - ``AwareDatetime``
+        - ``NaiveDatetime``
+
+    .. change:: Make ``ReceiveRoutePlugin`` public
+        :type: feature
+        :pr: 4220
+
+        Make the previously internally used
+        :class:`litestar.plugins.ReceiveRoutePlugin` public.
+
+
 .. changelog:: 2.16.0
     :date: 2025-05-04
 
diff --git a/litestar/_openapi/schema_generation/examples.py b/litestar/_openapi/schema_generation/examples.py
@@ -41,7 +41,7 @@ def _normalize_example_value(value: Any) -> Any:
             # UnsetType not part of the Union
             pass
 
-    value = unwrap_annotation(annotation=value, random=ExampleFactory.__random__)
+    value = unwrap_annotation(annotation=value)
     if isinstance(value, (Decimal, float)):
         value = round(float(value), 2)
     if isinstance(value, Enum):
@@ -63,7 +63,6 @@ def _create_field_meta(field: FieldDefinition) -> FieldMeta:
         annotation=field.annotation,
         default=field.default if field.default is not Empty else Null,
         name=field.name,
-        random=ExampleFactory.__random__,
     )
 
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -64,7 +64,7 @@ maintainers = [
 name = "litestar"
 readme = "docs/PYPI_README.md"
 requires-python = ">=3.8,<4.0"
-version = "2.16.0"
+version = "2.17.0"
 
 [project.urls]
 Blog = "https://blog.litestar.dev"
@@ -103,7 +103,7 @@ pydantic = [
   "pydantic-extra-types!=2.9.0; python_version < \"3.9\"",
   "pydantic-extra-types; python_version >= \"3.9\"",
 ]
-redis = ["redis[hiredis]>=4.4.4"]
+redis = ["redis[hiredis]>=4.4.4,<5.3"]  # 5.3.0 introduced some issues with the channels plugin; need to investigate
 sqlalchemy = ["advanced-alchemy>=0.2.2"]
 standard = [
   "jinja2",
@@ -140,8 +140,7 @@ dev = [
   "aiosqlite",
   "asyncpg>=0.29.0",
   "psycopg[pool,binary]>=3.1.10,<3.2; python_version < \"3.13\"",
-  "psycopg[pool,c]; python_version >= \"3.13\" and sys_platform == 'linux'",
-  "psycopg[pool]; python_version >= \"3.13\" and sys_platform != 'linux'",
+  "psycopg[pool]<3.2.4; python_version >= \"3.13\"",  # Bug in 3.2.4: https://github.com/psycopg/psycopg/issues/1128
   "psycopg2-binary",
   "psutil>=5.9.8",
   "hypercorn>=0.16.0",
@@ -177,7 +176,7 @@ linting = [
 ]
 test = [
   "covdefaults",
-  "pytest",
+  "pytest==8.3.4",  # 8.4.1 causes some issues with asyncio for us; need to investigate
   "pytest-asyncio<=0.24.0; python_version < \"3.9\"",
   "pytest-asyncio>0.24.0; python_version >= \"3.9\"",
   "pytest-cov",
@@ -226,6 +225,7 @@ filterwarnings = [
   "ignore: Dropping max_length:litestar.exceptions.LitestarWarning:litestar.contrib.piccolo",
   "ignore: Python Debugger on exception enabled:litestar.exceptions.LitestarWarning:",
   "ignore: datetime.datetime.utcnow:DeprecationWarning:time_machine",
+  "ignore:Use of deprecated default '__check_model__':DeprecationWarning:polyfactory:",
 ]
 markers = [
   "sqlalchemy_integration: SQLAlchemy integration tests",
diff --git a/tests/e2e/test_logging/test_structlog_to_file.py b/tests/e2e/test_logging/test_structlog_to_file.py
@@ -29,27 +29,28 @@ def structlog_reset() -> Iterator[None]:
 def test_structlog_to_file(tmp_path: Path) -> None:
     log_file = tmp_path / "log.log"
 
-    logging_config = StructlogConfig(
-        structlog_logging_config=StructLoggingConfig(
-            logger_factory=structlog.WriteLoggerFactory(file=log_file.open("wt")),
-            processors=default_structlog_processors(
-                json_serializer=lambda v, **_: str(default_json_serializer(v), "utf-8")
+    with log_file.open("wt") as file_handle:
+        logging_config = StructlogConfig(
+            structlog_logging_config=StructLoggingConfig(
+                logger_factory=structlog.WriteLoggerFactory(file=file_handle),
+                processors=default_structlog_processors(
+                    json_serializer=lambda v, **_: str(default_json_serializer(v), "utf-8")
+                ),
             ),
-        ),
-    )
+        )
 
-    logger = structlog.get_logger()
+        logger = structlog.get_logger()
 
-    @get("/")
-    def handler() -> str:
-        logger.info("handled", hello="world")
-        return "hello"
+        @get("/")
+        def handler() -> str:
+            logger.info("handled", hello="world")
+            return "hello"
 
-    app = Litestar(route_handlers=[handler], plugins=[StructlogPlugin(config=logging_config)], debug=True)
+        app = Litestar(route_handlers=[handler], plugins=[StructlogPlugin(config=logging_config)], debug=True)
 
-    with TestClient(app) as client:
-        resp = client.get("/")
-        assert resp.text == "hello"
+        with TestClient(app) as client:
+            resp = client.get("/")
+            assert resp.text == "hello"
 
     logged_data = [json.loads(line) for line in log_file.read_text().splitlines()]
     assert logged_data == [
diff --git a/tests/unit/test_cli/test_cli.py b/tests/unit/test_cli/test_cli.py
@@ -1,23 +1,11 @@
-import importlib
-import sys
 from typing import TYPE_CHECKING
-from unittest.mock import MagicMock
 
 import pytest
 
-from tests.unit.test_cli import CREATE_APP_FILE_CONTENT
-from tests.unit.test_cli.conftest import CreateAppFileFixture
-
-try:
-    from rich_click import group
-except ImportError:
-    from click import group  # type:ignore[no-redef]
-
-import litestar.cli._utils
-import litestar.cli.main
-from litestar import Litestar
 from litestar.cli._utils import _format_is_enabled
 from litestar.cli.main import litestar_group as cli_command
+from tests.unit.test_cli import CREATE_APP_FILE_CONTENT
+from tests.unit.test_cli.conftest import CreateAppFileFixture
 
 if TYPE_CHECKING:
     from pathlib import Path
@@ -64,34 +52,6 @@ def test_info_command_with_app_dir(
     mock.assert_called_once()
 
 
-@pytest.mark.xdist_group("cli_autodiscovery")
-def test_register_commands_from_entrypoint(mocker: "MockerFixture", runner: "CliRunner", app_file: "Path") -> None:
-    mock_command_callback = MagicMock()
-
-    @group()
-    def custom_group() -> None:
-        pass
-
-    @custom_group.command()
-    def custom_command(app: Litestar) -> None:
-        mock_command_callback()
-
-    mock_entry_point = MagicMock()
-    mock_entry_point.load = lambda: custom_group
-    if sys.version_info < (3, 10):
-        mocker.patch("importlib_metadata.entry_points", return_value=[mock_entry_point])
-    else:
-        mocker.patch("importlib.metadata.entry_points", return_value=[mock_entry_point])
-
-    importlib.reload(litestar.cli._utils)
-    cli_command = importlib.reload(litestar.cli.main).litestar_group
-
-    result = runner.invoke(cli_command, f"--app={app_file.stem}:app custom-group custom-command")
-
-    assert result.exit_code == 0
-    mock_command_callback.assert_called_once()
-
-
 @pytest.mark.xdist_group("cli_autodiscovery")
 @pytest.mark.parametrize("invalid_app", ["invalid", "info_with_app_dir"])
 def test_incorrect_app_argument(
diff --git a/tests/unit/test_connection/test_request.py b/tests/unit/test_connection/test_request.py
@@ -240,11 +240,8 @@ async def handler(request: Request) -> bytes:
         response = client.post("/")
         assert response.json() == {"body": ""}
 
-        response = client.post("/", json={"a": "123"})
-        assert response.json() == {"body": '{"a":"123"}'}
-
-        response = client.post("/", content="abc")
-        assert response.json() == {"body": "abc"}
+        response = client.post("/", content="foo")
+        assert response.json() == {"body": "foo"}
 
 
 def test_request_stream() -> None:
@@ -259,9 +256,6 @@ async def handler(request: Request) -> bytes:
         response = client.post("/")
         assert response.json() == {"body": ""}
 
-        response = client.post("/", json={"a": "123"})
-        assert response.json() == {"body": '{"a":"123"}'}
-
         response = client.post("/", content="abc")
         assert response.json() == {"body": "abc"}
 
diff --git a/uv.lock b/uv.lock
