Sourced from pydantic-settings's releases.
v2.14.2
What's Changed
This is a security patch release.
- Prevent
NestedSecretsSettingsSourcefrom following symlinks outsidesecrets_dirby@hramezaniin pydantic/pydantic-settings#889- Prepare release 2.14.2 by
@hramezaniin pydantic/pydantic-settings#890Security
Fixes GHSA-4xgf-cpjx-pc3j:
NestedSecretsSettingsSourcewithsecrets_nested_subdir=Truecould follow a symbolic link insidesecrets_dirpointing outside it, reading out-of-tree files into settings values and bypassing thesecrets_dir_max_sizecap. Affected versions:>= 2.12.0, < 2.14.2.Full Changelog: https://github.com/pydantic/pydantic-settings/compare/v2.14.1...v2.14.2
v2.14.1
What's Changed
- Bump the python-packages group with 4 updates by
@dependabot[bot] in pydantic/pydantic-settings#850- Bump the python-packages group with 5 updates by
@dependabot[bot] in pydantic/pydantic-settings#854- Bump the github-actions group with 3 updates by
@dependabot[bot] in pydantic/pydantic-settings#853- Bump the python-packages group with 2 updates by
@dependabot[bot] in pydantic/pydantic-settings#856- Fix field named
clsconflicting with classmethod parameter by@hramezaniin pydantic/pydantic-settings#858- Prepare release 2.14.1 by
@hramezaniin pydantic/pydantic-settings#859Full Changelog: https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1
d703bd7
Prepare release 2.14.2 (#890)e95c30b
Prepare release 2.14.1 (#859)0c87345
Fix field named cls conflicting with classmethod parameter
(#858)7bd0072
Bump the python-packages group with 2 updates (#856)b03e573
Bump the github-actions group with 3 updates (#853)eaa3b43
Bump the python-packages group with 5 updates (#854)9f95615
Bump the python-packages group with 4 updates (#850)