Sourced from pydantic's releases.

v1.6.2 (2021-05-11)

Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, see security advisory CVE-2021-29510.

v1.6.1 (2020-07-15)

See Changelog.

Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

changes:

• fix validation and parsing of nested models with default_factory, #1710 by @​PrettyWood

v1.6 (2020-07-11)

See Changelog.

Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

changes:

• Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
• add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
• Document default regex anchoring semantics, #1648 by @​yurikhan
• Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain. Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
• Add conset(), analogous to conlist(), #1623 by @​patrickkwang
• make pydantic errors (un)pickable, #1616 by @​PrettyWood
• Allow custom encoding for dotenv files, #1615 by @​PrettyWood
• Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
• Update datetime parser to support negative timestamps, #1600 by @​mlbiche
• Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
• Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
• Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
• Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
• Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
• change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
• Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
• Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
• Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
• Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
• Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
• Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
• Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
• Avoid some side effects of default_factory by calling it only once if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
• Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
• Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
• include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
• Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and minimum are not included in the schema if they are equal to -math.inf and exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
• Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang

... (truncated)

Sourced from pydantic's changelog.

v1.6.2 (2021-05-11)

• Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, See security advisory CVE-2021-29510

v1.6.1 (2020-07-15)

• fix validation and parsing of nested models with default_factory, #1710 by @​PrettyWood

v1.6 (2020-07-11)

Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

• Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
• add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
• Document default regex anchoring semantics, #1648 by @​yurikhan
• Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain. Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
• Add conset(), analogous to conlist(), #1623 by @​patrickkwang
• make pydantic errors (un)pickable, #1616 by @​PrettyWood
• Allow custom encoding for dotenv files, #1615 by @​PrettyWood
• Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
• Update datetime parser to support negative timestamps, #1600 by @​mlbiche
• Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
• Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
• Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
• Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
• Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
• change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
• Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
• Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
• Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
• Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
• Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
• Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
• Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
• Avoid some side effects of default_factory by calling it only once if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
• Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
• Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
• include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
• Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and minimum are not included in the schema if they are equal to -math.inf and exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
• Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang
• Move const validator to post-validators so it validates the parsed value, #1410 by @​selimb
• Fix model validation to handle nested literals, e.g. Literal['foo', Literal['bar']], #1364 by @​DBCerigo
• Remove user_required = True from RedisDsn, neither user nor password are required, #1275 by @​samuelcolvin

... (truncated)

• acf7783 tweak history
• 829528c comment out broken tests
• cf9a417 hack tests into passing
• b37a922 fix formatting
• ac360c5 prepare for release
• bdde15b Merge pull request from GHSA-5jqp-qgf6-3pvh
• d2b0501 uprev
• e2fcab5 fix: validate and parse nested models properly with default_factory (#1712)
• ba56a67 Bump pytest-mock from 3.1.1 to 3.2.0 (#1719)
• f1f944f Update datamode_code_generator:typo in pip install (#1713)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from py's changelog.

1.10.0 (2020-12-12)

• Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)
• Update vendored apipkg: 1.4 => 1.5
• Update vendored iniconfig: 1.0.0 => 1.1.1

• e5ff378 Update CHANGELOG for 1.10.0
• 94cf44f Update vendored libs
• 5e8ded5 testing: comment out an assert which fails on Python 3.9 for now
• afdffcc Rename HOWTORELEASE.rst to RELEASING.rst
• 2de53a6 Merge pull request #266 from nicoddemus/gh-actions
• fa1b32e Merge pull request #264 from hugovk/patch-2
• 887d6b8 Skip test_samefile_symlink on pypy3 on Windows
• e94e670 Fix test_comments() in test_source
• fef9a32 Adapt test
• 4a694b0 Add GitHub Actions badge to README
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from uvicorn's releases.

Version 0.11.7

0.11.7

• SECURITY FIX: Prevent sending invalid HTTP header names and values.
• SECURITY FIX: Ensure path value is escaped before logging to the console.

Version 0.11.6

• Fix overriding the root logger.

Sourced from uvicorn's changelog.

0.11.7

• SECURITY FIX: Prevent sending invalid HTTP header names and values.
• SECURITY FIX: Ensure path value is escaped before logging to the console.

0.11.6

• Fix overriding the root logger.

• 178bee6 Version 0.11.7 (#726)
• a796e1d Corrected --proxy-headers client ip/host when using a unix socket (#636)
• 895807f Quote path component before logging (#724)
• 789e2f1 Disallow invalid header characters (#725)
• 81f2136 Brings back windows testing to CI (#685)
• f623916 Release version 0.11.6 (#705)
• 6757386 Removing iocp mentions from documentation (#692)
• 77468df Add --app-dir option for running uvicorn from any location (#619)
• 9b92925 Document default backlog setting (#682)
• 2dcbb13 Fix typo. (#676)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.