Regular expression denial of service in Pydantic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
Release Notes
pydantic/pydantic (pydantic)
### [`v1.10.13`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11013-2023-09-27)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.12...v1.10.13)
- Fix: Add max length check to `pydantic.validate_email`, [#7673](https://redirect.github.com/pydantic/pydantic/issues/7673) by [@hramezani](https://redirect.github.com/hramezani)
- Docs: Fix pip commands to install v1, [#6930](https://redirect.github.com/pydantic/pydantic/issues/6930) by [@chbndrhnns](https://redirect.github.com/chbndrhnns)
### [`v1.10.12`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11012-2023-07-24)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.11...v1.10.12)
- Fixes the `maxlen` property being dropped on `deque` validation. Happened only if the deque item has been typed. Changes the `_validate_sequence_like` func, [#6581](https://redirect.github.com/pydantic/pydantic/pull/6581) by [@maciekglowka](https://redirect.github.com/maciekglowka)
### [`v1.10.11`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11011-2023-07-04)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.10...v1.10.11)
- Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, [#6361](https://redirect.github.com/pydantic/pydantic/pull/6361) by [@SharathHuddar](https://redirect.github.com/SharathHuddar)
### [`v1.10.10`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11010-2023-06-30)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.9...v1.10.10)
- Add Pydantic `Json` field support to settings management, [#6250](https://redirect.github.com/pydantic/pydantic/pull/6250) by [@hramezani](https://redirect.github.com/hramezani)
- Fixed literal validator errors for unhashable values, [#6188](https://redirect.github.com/pydantic/pydantic/pull/6188) by [@markus1978](https://redirect.github.com/markus1978)
- Fixed bug with generics receiving forward refs, [#6130](https://redirect.github.com/pydantic/pydantic/pull/6130) by [@mark-todd](https://redirect.github.com/mark-todd)
- Update install method of FastAPI for internal tests in CI, [#6117](https://redirect.github.com/pydantic/pydantic/pull/6117) by [@Kludex](https://redirect.github.com/Kludex)
### [`v1.10.9`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1109-2023-06-07)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.8...v1.10.9)
- Fix trailing zeros not ignored in Decimal validation, [#5968](https://redirect.github.com/pydantic/pydantic/pull/5968) by [@hramezani](https://redirect.github.com/hramezani)
- Fix mypy plugin for v1.4.0, [#5928](https://redirect.github.com/pydantic/pydantic/pull/5928) by [@cdce8p](https://redirect.github.com/cdce8p)
- Add future and past date hypothesis strategies, [#5850](https://redirect.github.com/pydantic/pydantic/pull/5850) by [@bschoenmaeckers](https://redirect.github.com/bschoenmaeckers)
- Discourage usage of Cython 3 with Pydantic 1.x, [#5845](https://redirect.github.com/pydantic/pydantic/pull/5845) by [@lig](https://redirect.github.com/lig)
### [`v1.10.8`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1108-2023-05-23)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.7...v1.10.8)
- Fix a bug in `Literal` usage with `typing-extension==4.6.0`, [#5826](https://redirect.github.com/pydantic/pydantic/pull/5826) by [@hramezani](https://redirect.github.com/hramezani)
- This solves the (closed) issue [#3849](https://redirect.github.com/pydantic/pydantic/pull/3849) where aliased fields that use discriminated union fail to validate when the data contains the non-aliased field name, [#5736](https://redirect.github.com/pydantic/pydantic/pull/5736) by [@benwah](https://redirect.github.com/benwah)
- Update email-validator dependency to >=2.0.0post2, [#5627](https://redirect.github.com/pydantic/pydantic/pull/5627) by [@adriangb](https://redirect.github.com/adriangb)
- update `AnyClassMethod` for changes in [python/typeshed#9771](https://redirect.github.com/python/typeshed/issues/9771), [#5505](https://redirect.github.com/pydantic/pydantic/pull/5505) by [@ITProKyle](https://redirect.github.com/ITProKyle)
### [`v1.10.7`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1107-2023-03-22)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.6...v1.10.7)
- Fix creating schema from model using `ConstrainedStr` with `regex` as dict key, [#5223](https://redirect.github.com/pydantic/pydantic/pull/5223) by [@matejetz](https://redirect.github.com/matejetz)
- Address bug in mypy plugin caused by explicit_package_bases=True, [#5191](https://redirect.github.com/pydantic/pydantic/pull/5191) by [@dmontagu](https://redirect.github.com/dmontagu)
- Add implicit defaults in the mypy plugin for Field with no default argument, [#5190](https://redirect.github.com/pydantic/pydantic/pull/5190) by [@dmontagu](https://redirect.github.com/dmontagu)
- Fix schema generated for Enum values used as Literals in discriminated unions, [#5188](https://redirect.github.com/pydantic/pydantic/pull/5188) by [@javibookline](https://redirect.github.com/javibookline)
- Fix mypy failures caused by the pydantic mypy plugin when users define `from_orm` in their own classes, [#5187](https://redirect.github.com/pydantic/pydantic/pull/5187) by [@dmontagu](https://redirect.github.com/dmontagu)
- Fix `InitVar` usage with pydantic dataclasses, mypy version `1.1.1` and the custom mypy plugin, [#5162](https://redirect.github.com/pydantic/pydantic/pull/5162) by [@cdce8p](https://redirect.github.com/cdce8p)
### [`v1.10.6`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1106-2023-03-08)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.5...v1.10.6)
- Implement logic to support creating validators from non standard callables by using defaults to identify them and unwrapping `functools.partial` and `functools.partialmethod` when checking the signature, [#5126](https://redirect.github.com/pydantic/pydantic/pull/5126) by [@JensHeinrich](https://redirect.github.com/JensHeinrich)
- Fix mypy plugin for v1.1.1, and fix `dataclass_transform` decorator for pydantic dataclasses, [#5111](https://redirect.github.com/pydantic/pydantic/pull/5111) by [@cdce8p](https://redirect.github.com/cdce8p)
- Raise `ValidationError`, not `ConfigError`, when a discriminator value is unhashable, [#4773](https://redirect.github.com/pydantic/pydantic/pull/4773) by [@kurtmckee](https://redirect.github.com/kurtmckee)
### [`v1.10.5`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1105-2023-02-15)
[Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.4...v1.10.5)
- Fix broken parametrized bases handling with `GenericModel`s with complex sets of models, [#5052](https://redirect.github.com/pydantic/pydantic/pull/5052) by [@MarkusSintonen](https://redirect.github.com/MarkusSintonen)
- Invalidate mypy cache if plugin config changes, [#5007](https://redirect.github.com/pydantic/pydantic/pull/5007) by [@cdce8p](https://redirect.github.com/cdce8p)
- Fix `RecursionError` when deep-copying dataclass types wrapped by pydantic, [#4949](https://redirect.github.com/pydantic/pydantic/pull/4949) by [@mbillingr](https://redirect.github.com/mbillingr)
- Fix `X | Y` union syntax breaking `GenericModel`, [#4146](https://redirect.github.com/pydantic/pydantic/pull/4146) by [@thenx](https://redirect.github.com/thenx)
- Switch coverage badge to show coverage for this branch/release, [#5060](https://redirect.github.com/pydantic/pydantic/pull/5060) by [@samuelcolvin](https://redirect.github.com/samuelcolvin)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
==1.10.4->==1.10.13==1.10.2->==1.10.13GitHub Vulnerability Alerts
CVE-2024-3772
Regular expression denial of service in Pydantic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
Release Notes
pydantic/pydantic (pydantic)
### [`v1.10.13`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11013-2023-09-27) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.12...v1.10.13) - Fix: Add max length check to `pydantic.validate_email`, [#7673](https://redirect.github.com/pydantic/pydantic/issues/7673) by [@hramezani](https://redirect.github.com/hramezani) - Docs: Fix pip commands to install v1, [#6930](https://redirect.github.com/pydantic/pydantic/issues/6930) by [@chbndrhnns](https://redirect.github.com/chbndrhnns) ### [`v1.10.12`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11012-2023-07-24) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.11...v1.10.12) - Fixes the `maxlen` property being dropped on `deque` validation. Happened only if the deque item has been typed. Changes the `_validate_sequence_like` func, [#6581](https://redirect.github.com/pydantic/pydantic/pull/6581) by [@maciekglowka](https://redirect.github.com/maciekglowka) ### [`v1.10.11`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11011-2023-07-04) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.10...v1.10.11) - Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, [#6361](https://redirect.github.com/pydantic/pydantic/pull/6361) by [@SharathHuddar](https://redirect.github.com/SharathHuddar) ### [`v1.10.10`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v11010-2023-06-30) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.9...v1.10.10) - Add Pydantic `Json` field support to settings management, [#6250](https://redirect.github.com/pydantic/pydantic/pull/6250) by [@hramezani](https://redirect.github.com/hramezani) - Fixed literal validator errors for unhashable values, [#6188](https://redirect.github.com/pydantic/pydantic/pull/6188) by [@markus1978](https://redirect.github.com/markus1978) - Fixed bug with generics receiving forward refs, [#6130](https://redirect.github.com/pydantic/pydantic/pull/6130) by [@mark-todd](https://redirect.github.com/mark-todd) - Update install method of FastAPI for internal tests in CI, [#6117](https://redirect.github.com/pydantic/pydantic/pull/6117) by [@Kludex](https://redirect.github.com/Kludex) ### [`v1.10.9`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1109-2023-06-07) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.8...v1.10.9) - Fix trailing zeros not ignored in Decimal validation, [#5968](https://redirect.github.com/pydantic/pydantic/pull/5968) by [@hramezani](https://redirect.github.com/hramezani) - Fix mypy plugin for v1.4.0, [#5928](https://redirect.github.com/pydantic/pydantic/pull/5928) by [@cdce8p](https://redirect.github.com/cdce8p) - Add future and past date hypothesis strategies, [#5850](https://redirect.github.com/pydantic/pydantic/pull/5850) by [@bschoenmaeckers](https://redirect.github.com/bschoenmaeckers) - Discourage usage of Cython 3 with Pydantic 1.x, [#5845](https://redirect.github.com/pydantic/pydantic/pull/5845) by [@lig](https://redirect.github.com/lig) ### [`v1.10.8`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1108-2023-05-23) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.7...v1.10.8) - Fix a bug in `Literal` usage with `typing-extension==4.6.0`, [#5826](https://redirect.github.com/pydantic/pydantic/pull/5826) by [@hramezani](https://redirect.github.com/hramezani) - This solves the (closed) issue [#3849](https://redirect.github.com/pydantic/pydantic/pull/3849) where aliased fields that use discriminated union fail to validate when the data contains the non-aliased field name, [#5736](https://redirect.github.com/pydantic/pydantic/pull/5736) by [@benwah](https://redirect.github.com/benwah) - Update email-validator dependency to >=2.0.0post2, [#5627](https://redirect.github.com/pydantic/pydantic/pull/5627) by [@adriangb](https://redirect.github.com/adriangb) - update `AnyClassMethod` for changes in [python/typeshed#9771](https://redirect.github.com/python/typeshed/issues/9771), [#5505](https://redirect.github.com/pydantic/pydantic/pull/5505) by [@ITProKyle](https://redirect.github.com/ITProKyle) ### [`v1.10.7`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1107-2023-03-22) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.6...v1.10.7) - Fix creating schema from model using `ConstrainedStr` with `regex` as dict key, [#5223](https://redirect.github.com/pydantic/pydantic/pull/5223) by [@matejetz](https://redirect.github.com/matejetz) - Address bug in mypy plugin caused by explicit_package_bases=True, [#5191](https://redirect.github.com/pydantic/pydantic/pull/5191) by [@dmontagu](https://redirect.github.com/dmontagu) - Add implicit defaults in the mypy plugin for Field with no default argument, [#5190](https://redirect.github.com/pydantic/pydantic/pull/5190) by [@dmontagu](https://redirect.github.com/dmontagu) - Fix schema generated for Enum values used as Literals in discriminated unions, [#5188](https://redirect.github.com/pydantic/pydantic/pull/5188) by [@javibookline](https://redirect.github.com/javibookline) - Fix mypy failures caused by the pydantic mypy plugin when users define `from_orm` in their own classes, [#5187](https://redirect.github.com/pydantic/pydantic/pull/5187) by [@dmontagu](https://redirect.github.com/dmontagu) - Fix `InitVar` usage with pydantic dataclasses, mypy version `1.1.1` and the custom mypy plugin, [#5162](https://redirect.github.com/pydantic/pydantic/pull/5162) by [@cdce8p](https://redirect.github.com/cdce8p) ### [`v1.10.6`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1106-2023-03-08) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.5...v1.10.6) - Implement logic to support creating validators from non standard callables by using defaults to identify them and unwrapping `functools.partial` and `functools.partialmethod` when checking the signature, [#5126](https://redirect.github.com/pydantic/pydantic/pull/5126) by [@JensHeinrich](https://redirect.github.com/JensHeinrich) - Fix mypy plugin for v1.1.1, and fix `dataclass_transform` decorator for pydantic dataclasses, [#5111](https://redirect.github.com/pydantic/pydantic/pull/5111) by [@cdce8p](https://redirect.github.com/cdce8p) - Raise `ValidationError`, not `ConfigError`, when a discriminator value is unhashable, [#4773](https://redirect.github.com/pydantic/pydantic/pull/4773) by [@kurtmckee](https://redirect.github.com/kurtmckee) ### [`v1.10.5`](https://redirect.github.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v1105-2023-02-15) [Compare Source](https://redirect.github.com/pydantic/pydantic/compare/v1.10.4...v1.10.5) - Fix broken parametrized bases handling with `GenericModel`s with complex sets of models, [#5052](https://redirect.github.com/pydantic/pydantic/pull/5052) by [@MarkusSintonen](https://redirect.github.com/MarkusSintonen) - Invalidate mypy cache if plugin config changes, [#5007](https://redirect.github.com/pydantic/pydantic/pull/5007) by [@cdce8p](https://redirect.github.com/cdce8p) - Fix `RecursionError` when deep-copying dataclass types wrapped by pydantic, [#4949](https://redirect.github.com/pydantic/pydantic/pull/4949) by [@mbillingr](https://redirect.github.com/mbillingr) - Fix `X | Y` union syntax breaking `GenericModel`, [#4146](https://redirect.github.com/pydantic/pydantic/pull/4146) by [@thenx](https://redirect.github.com/thenx) - Switch coverage badge to show coverage for this branch/release, [#5060](https://redirect.github.com/pydantic/pydantic/pull/5060) by [@samuelcolvin](https://redirect.github.com/samuelcolvin)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.