Update dependency pydantic to v1.8.2 [SECURITY]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pydantic	`==1.8.1` -> `==1.8.2`

GitHub Vulnerability Alerts

CVE-2021-29510

Impact

Passing either 'infinity', 'inf' or float('inf') (or their negatives) to datetime or date fields causes validation to run forever with 100% CPU usage (on one CPU). Patches

Pydantic is be patched with fixes available in the following versions:

v1.8.2
v1.7.4
v1.6.2

All these versions are available on pypi, and will be available on conda-forge soon.

See the changelog for details. Workarounds

If you absolutely can't upgrade, you can work around this risk using a validator to catch these values, brief demo:

from datetime import date from pydantic import BaseModel, validator

class DemoModel(BaseModel): date_of_birth: date

@&#8203;validator('date_of_birth', pre=True)
def skip_infinite_values(cls, v):
    try:
        seconds = float(v)
    except (ValueError, TypeError):
        return v
    else:
        if seconds == float('inf'):
            return date.max
        elif seconds == float('-inf'):
            return date.min
        else:
            return seconds

Note: this is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic.

If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic. References

This was fixed in commit 7e83fdd.

Release Notes

samuelcolvin/pydantic

### [`v1.8.2`](https://togithub.com/samuelcolvin/pydantic/blob/master/HISTORY.md#v182-2021-05-11) [Compare Source](https://togithub.com/samuelcolvin/pydantic/compare/v1.8.1...v1.8.2) !!! warning A security vulnerability, level "moderate" is fixed in v1.8.2. Please upgrade **ASAP**. See security advisory [CVE-2021-29510](https://togithub.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh) - **Security fix:** Fix `date` and `datetime` parsing so passing either `'infinity'` or `float('inf')` (or their negative values) does not cause an infinite loop, see security advisory [CVE-2021-29510](https://togithub.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh) - fix schema generation with Enum by generating a valid name, [#2575](https://togithub.com/samuelcolvin/pydantic/issues/2575) by [@PrettyWood](https://togithub.com/PrettyWood) - fix JSON schema generation with a `Literal` of an enum member, [#2536](https://togithub.com/samuelcolvin/pydantic/issues/2536) by [@PrettyWood](https://togithub.com/PrettyWood) - Fix bug with configurations declarations that are passed as keyword arguments during class creation, [#2532](https://togithub.com/samuelcolvin/pydantic/issues/2532) by [@uriyyo](https://togithub.com/uriyyo) - Allow passing `json_encoders` in class kwargs, [#2521](https://togithub.com/samuelcolvin/pydantic/issues/2521) by [@layday](https://togithub.com/layday) - support arbitrary types with custom `__eq__`, [#2483](https://togithub.com/samuelcolvin/pydantic/issues/2483) by [@PrettyWood](https://togithub.com/PrettyWood) - support `Annotated` in `validate_arguments` and in generic models with python 3.9, [#2483](https://togithub.com/samuelcolvin/pydantic/issues/2483) by [@PrettyWood](https://togithub.com/PrettyWood)

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Consensys / mythx-models