• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

• Initialize libtiff buffer when saving #6699 [@​radarhere]
• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@​wiredfool]
• Inline fname2char to fix memory leak #6329 [@​nulano]
• Fix memory leaks related to text features #6330 [@​nulano]
• Use double quotes for version check on old CPython on Windows #6695 [@​hugovk]
• GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@​nulano]
• Remove backup implementation of Round for Windows platforms #6693 [@​cgohlke]
• Upload fribidi.dll to GitHub Actions #6532 [@​nulano]
• Fixed set_variation_by_name offset #6445 [@​radarhere]
• Windows build improvements #6562 [@​nulano]
• Fix malloc in _imagingft.c:font_setvaraxes #6690 [@​cgohlke]
• Only use ASCII characters in C source file #6691 [@​cgohlke]
• Release Python GIL when converting images using matrix operations #6418 [@​hmaarrfk]
• Added ExifTags enums #6630 [@​radarhere]
• Do not modify previous frame when calculating delta in PNG #6683 [@​radarhere]
• Added support for reading BMP images with RLE4 compression #6674 [@​npjg]
• Decode JPEG compressed BLP1 data in original mode #6678 [@​radarhere]
• pylint warnings #6659 [@​marksmayo]
• Added GPS TIFF tag info #6661 [@​radarhere]
• Added conversion between RGB/RGBA/RGBX and LAB #6647 [@​radarhere]
• Do not attempt normalization if mode is already normal #6644 [@​radarhere]
• Fixed seeking to an L frame in a GIF #6576 [@​radarhere]
• Consider all frames when selecting mode for PNG save_all #6610 [@​radarhere]
• Don't reassign crc on ChunkStream close #6627 [@​radarhere]
• Raise a warning if NumPy failed to raise an error during conversion #6594 [@​radarhere]
• Only read a maximum of 100 bytes at a time in IMT header #6623 [@​radarhere]
• Show all frames in ImageShow #6611 [@​radarhere]
• Allow FLI palette chunk to not be first #6626 [@​radarhere]
• If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@​radarhere]
• Round box position to integer when pasting embedded color #6517 [@​radarhere]
• Removed EXIF prefix when saving WebP #6582 [@​radarhere]
• Pad IM palette to 768 bytes when saving #6579 [@​radarhere]
• Added DDS BC6H reading #6449 [@​ShadelessFox]
• Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@​JayWiz]
• Raise an error when allocating translucent color to RGB palette #6654 [@​jsbueno]
• Moved mode check outside of loops #6650 [@​radarhere]
• Added reading of TIFF child images #6569 [@​radarhere]
• Improved ImageOps palette handling #6596 [@​PososikTeam]
• Defer parsing of palette into colors #6567 [@​radarhere]
• Apply transparency to P images in ImageTk.PhotoImage #6559 [@​radarhere]
• Use rounding in ImageOps contain() and pad() #6522 [@​bibinhashley]
• Fixed GIF remapping to palette with duplicate entries #6548 [@​radarhere]
• Allow remap_palette() to return an image with less than 256 palette entries #6543 [@​radarhere]
• Corrected BMP and TGA palette size when saving #6500 [@​radarhere]

... (truncated)

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

• Initialize libtiff buffer when saving #6699 [radarhere]

• Inline fname2char to fix memory leak #6329 [nulano]

• Fix memory leaks related to text features #6330 [nulano]

• Use double quotes for version check on old CPython on Windows #6695 [hugovk]

• Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

• Fixed set_variation_by_name offset #6445 [radarhere]

• Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

• Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

• Added ExifTags enums #6630 [radarhere]

• Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

• Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

• Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

• Added GPS TIFF tag info #6661 [radarhere]

• Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

• Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

• d594f4c Update CHANGES.rst [ci skip]
• 909dc64 9.3.0 version bump
• 1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer
• 2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec
• 744f455 Added release notes
• 0846bfa Add to release notes
• 799a6a0 Fix linting
• 00b25fd Hide UserWarning in logs
• 05b175e Tighter test case
• 13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD
• Additional commits viewable in compare view

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

• [bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

  References: #366

1.2.1

Released: Thu Jun 30 2022

bug

• [bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

  References: #360

misc

• [performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

  References: #361

1.2.0

Released: Thu Mar 10 2022

changed

• [changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

  References: #351

• [changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

• See full diff in compare view

Sourced from pyjwt's releases.

2.4.0

Security

• [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

What's Changed

• Add support for Python 3.10 by @​hugovk in jpadilla/pyjwt#699
• Don't use implicit optionals by @​rekyungmin in jpadilla/pyjwt#705
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#708
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#710
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#711
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#712
• documentation fix: show correct scope for decode_complete() by @​sseering in jpadilla/pyjwt#661
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#716
• Explicit check the key for ECAlgorithm by @​estin in jpadilla/pyjwt#713
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#720
• api_jwk: Add PyJWKSet.getitem by @​woodruffw in jpadilla/pyjwt#725
• Update usage.rst by @​guneybilen in jpadilla/pyjwt#727
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#728
• fix: Update copyright information by @​kkirsche in jpadilla/pyjwt#729
• Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @​dmahr1 in jpadilla/pyjwt#734
• Fixed typo in usage.rst by @​israelabraham in jpadilla/pyjwt#738
• Add detached payload support for JWS encoding and decoding by @​fviard in jpadilla/pyjwt#723
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#740
• Raise DeprecationWarning for jwt.decode(verify=...) by @​akx in jpadilla/pyjwt#742
• Don't mutate options dictionary in .decode_complete() by @​akx in jpadilla/pyjwt#743
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#748
• Replace various string interpolations with f-strings by @​akx in jpadilla/pyjwt#744
• Update CHANGELOG.rst by @​hipertracker in jpadilla/pyjwt#751

New Contributors

• @​hugovk made their first contribution in jpadilla/pyjwt#699
• @​rekyungmin made their first contribution in jpadilla/pyjwt#705
• @​sseering made their first contribution in jpadilla/pyjwt#661
• @​estin made their first contribution in jpadilla/pyjwt#713
• @​woodruffw made their first contribution in jpadilla/pyjwt#725
• @​guneybilen made their first contribution in jpadilla/pyjwt#727
• @​dmahr1 made their first contribution in jpadilla/pyjwt#734
• @​israelabraham made their first contribution in jpadilla/pyjwt#738
• @​fviard made their first contribution in jpadilla/pyjwt#723
• @​akx made their first contribution in jpadilla/pyjwt#742
• @​hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

2.3.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#700
• Add exception chaining by @​ehdgua01 in jpadilla/pyjwt#702
• Revert "Remove arbitrary kwargs." by @​auvipy in jpadilla/pyjwt#701

... (truncated)

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security

- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742

Fixed
~~~~~

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added
~~~~~

- Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
- Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

`v2.3.0 <https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Revert "Remove arbitrary kwargs." `[#701](https://github.com/jpadilla/pyjwt/issues/701) <https://github.com/jpadilla/pyjwt/pull/701>`__

Added
~~~~~

- Add exception chaining `[#702](https://github.com/jpadilla/pyjwt/issues/702) <https://github.com/jpadilla/pyjwt/pull/702>`__

`v2.2.0 <https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0>`__
-----------------------------------------------------------------------

</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li>
</ul>
</details>

<br />



[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=1.7.1&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/binderclip/code-snippets-python/network/alerts).



Bump ipython from 7.4.0 to 7.16.3

opened on 2022-01-21 19:04:00 by dependabot[bot]
Bumps ipython from 7.4.0 to 7.16.3.

Commits

d43c7c7 release 7.16.3
5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x
8df8971 back to dev
9f477b7 release 7.16.2
138f266 bring back release helper from master branch
5aa3634 Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...
bcae8e0 Backport PR #13335: What's new 7.16.2
8fcdcd3 Pin Jedi to <0.17.2.
2486838 release 7.16.1
20bdc6f fix conda build
Additional commits viewable in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/binderclip/code-snippets-python/network/alerts).



Bump pydantic from 0.22 to 1.6.2

opened on 2021-05-13 20:37:13 by dependabot[bot]
Bumps pydantic from 0.22 to 1.6.2.

Release notes
Sourced from pydantic's releases.

v1.6.2 (2021-05-11)
Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, see security advisory CVE-2021-29510.
v1.6.1 (2020-07-15)
See Changelog.
Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.
changes:

fix validation and parsing of nested models with default_factory, #1710 by @​PrettyWood

v1.6 (2020-07-11)
See Changelog.
Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.
changes:

Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
Document default regex anchoring semantics, #1648 by @​yurikhan
Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain.
Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never
stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
Add conset(), analogous to conlist(), #1623 by @​patrickkwang
make pydantic errors (un)pickable, #1616 by @​PrettyWood
Allow custom encoding for dotenv files, #1615 by @​PrettyWood
Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
Update datetime parser to support negative timestamps, #1600 by @​mlbiche
Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
Avoid some side effects of default_factory by calling it only once
if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and
minimum are not included in the schema if they are equal to -math.inf and
exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang



... (truncated)


Changelog
Sourced from pydantic's changelog.

v1.6.2 (2021-05-11)

Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf')
(or their negative values) does not cause an infinite loop,
See security advisory CVE-2021-29510

v1.6.1 (2020-07-15)

fix validation and parsing of nested models with default_factory, #1710 by @​PrettyWood

v1.6 (2020-07-11)
Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
Document default regex anchoring semantics, #1648 by @​yurikhan
Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain.
Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never
stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
Add conset(), analogous to conlist(), #1623 by @​patrickkwang
make pydantic errors (un)pickable, #1616 by @​PrettyWood
Allow custom encoding for dotenv files, #1615 by @​PrettyWood
Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
Update datetime parser to support negative timestamps, #1600 by @​mlbiche
Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
Avoid some side effects of default_factory by calling it only once
if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and
minimum are not included in the schema if they are equal to -math.inf and
exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang
Move const validator to post-validators so it validates the parsed value, #1410 by @​selimb
Fix model validation to handle nested literals, e.g. Literal['foo', Literal['bar']], #1364 by @​DBCerigo
Remove user_required = True from RedisDsn, neither user nor password are required, #1275 by @​samuelcolvin



... (truncated)


Commits

acf7783 tweak history
829528c comment out broken tests
cf9a417 hack tests into passing
b37a922 fix formatting
ac360c5 prepare for release
bdde15b Merge pull request from GHSA-5jqp-qgf6-3pvh
d2b0501 uprev
e2fcab5 fix: validate and parse nested models properly with default_factory (#1712)
ba56a67 Bump pytest-mock from 3.1.1 to 3.2.0 (#1719)
f1f944f Update datamode_code_generator:typo in pip install (#1713)
Additional commits viewable in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/binderclip/code-snippets-python/network/alerts).