From 8a4ac0e7d707971f75e2d2ffc8018802cbb8eff3 Mon Sep 17 00:00:00 2001
From: Robert Tuck <robert.tuck@diamond.ac.uk>
Date: Thu, 28 May 2026 10:43:42 +0100
Subject: [PATCH 1/2] Pin starlette to >=1.1.0 to avoid CVE-2026-48710

---
 pyproject.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index 844e2087b..18c13a1a6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,6 +5,9 @@ build-backend = "setuptools.build_meta"
 [tool.uv]
 # Restrict lockfile to a sane subset of platforms
 environments = ["sys_platform == 'linux' and platform_machine == 'x86_64'"]
+constraint-dependencies = [
+    "starlette>=1.1.0"
+]
 
 [project]
 name = "mx-bluesky"

From d80e0674a92431f2c02e2f6add5d893d0f8c7621 Mon Sep 17 00:00:00 2001
From: Robert Tuck <robert.tuck@diamond.ac.uk>
Date: Thu, 28 May 2026 10:49:22 +0100
Subject: [PATCH 2/2] Update uv.lock

---
 uv.lock | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/uv.lock b/uv.lock
index eba2a67c4..79e05c7d6 100644
--- a/uv.lock
+++ b/uv.lock
@@ -12,6 +12,9 @@ supported-markers = [
     "platform_machine == 'x86_64' and sys_platform == 'linux'",
 ]
 
+[manifest]
+constraints = [{ name = "starlette", specifier = ">=1.1.0" }]
+
 [[package]]
 name = "accessible-pygments"
 version = "0.0.5"
@@ -807,8 +810,8 @@ wheels = [
 
 [[package]]
 name = "dls-dodal"
-version = "2.4.1.dev6+g171a1a4ad"
-source = { git = "https://github.com/DiamondLightSource/dodal.git?rev=main#171a1a4adbdfa63fedd3eaf4520548b2afb985ac" }
+version = "2.4.1.dev7+g50b24b2c3"
+source = { git = "https://github.com/DiamondLightSource/dodal.git?rev=main#50b24b2c370e7214b97d25e03e4eaaf55517a7e1" }
 dependencies = [
     { name = "aiofiles", marker = "platform_machine == 'x86_64' and sys_platform == 'linux'" },
     { name = "aiohttp", marker = "platform_machine == 'x86_64' and sys_platform == 'linux'" },
@@ -4039,15 +4042,15 @@ wheels = [
 
 [[package]]
 name = "starlette"
-version = "1.0.0"
+version = "1.1.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "anyio", marker = "platform_machine == 'x86_64' and sys_platform == 'linux'" },
     { name = "typing-extensions", marker = "python_full_version < '3.13' and platform_machine == 'x86_64' and sys_platform == 'linux'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/81/69/17425771797c36cded50b7fe44e850315d039f28b15901ab44839e70b593/starlette-1.0.0.tar.gz", hash = "sha256:6a4beaf1f81bb472fd19ea9b918b50dc3a77a6f2e190a12954b25e6ed5eea149", size = 2655289, upload-time = "2026-03-22T18:29:46.779Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/95/66/4d20cdf39a8d6a51e663b7038e3b828ff211d3891a43a713fe7e4643f3a8/starlette-1.1.0.tar.gz", hash = "sha256:e83c7fe0ddecd8719c5b840080325aec0260acec86e9832899e377b91d65e90f", size = 2660060, upload-time = "2026-05-23T16:55:41.376Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/0b/c9/584bc9651441b4ba60cc4d557d8a547b5aff901af35bda3a4ee30c819b82/starlette-1.0.0-py3-none-any.whl", hash = "sha256:d3ec55e0bb321692d275455ddfd3df75fff145d009685eb40dc91fc66b03d38b", size = 72651, upload-time = "2026-03-22T18:29:45.111Z" },
+    { url = "https://files.pythonhosted.org/packages/93/79/920b8e0a8b20f793e8d64855095cb8febabf6175b8550b6f7a547d813891/starlette-1.1.0-py3-none-any.whl", hash = "sha256:7f0dfd38e428aad5cb6f9f667f0ca1d2d8ca3f3385dccac8305f79ec98458382", size = 72899, upload-time = "2026-05-23T16:55:39.201Z" },
 ]
 
 [[package]]