Skip to content

build(deps): bump pydantic-settings from 2.13.1 to 2.14.2 in /src/backend-api#299

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/src/backend-api/pydantic-settings-2.14.2
Open

build(deps): bump pydantic-settings from 2.13.1 to 2.14.2 in /src/backend-api#299
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/src/backend-api/pydantic-settings-2.14.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps pydantic-settings from 2.13.1 to 2.14.2.

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

... (truncated)

Commits
  • d703bd7 Prepare release 2.14.2 (#890)
  • e95c30b Prepare release 2.14.1 (#859)
  • 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
  • 7bd0072 Bump the python-packages group with 2 updates (#856)
  • b03e573 Bump the github-actions group with 3 updates (#853)
  • eaa3b43 Bump the python-packages group with 5 updates (#854)
  • 9f95615 Bump the python-packages group with 4 updates (#850)
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 19, 2026
Copilot AI review requested due to automatic review settings June 19, 2026 23:52
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 19, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Coverage

Processor Coverage Report •
FileStmtsMissCoverMissing
TOTAL600984086% 
report-only-changed-files is enabled. No files were changed during this commit :)

Tests Skipped Failures Errors Time
834 0 💤 0 ❌ 0 🔥 14.255s ⏱️

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Coverage

Coverage Report •
FileStmtsMissCoverMissing
TOTAL309720893% 
report-only-changed-files is enabled. No files were changed during this commit :)

Tests Skipped Failures Errors Time
588 0 💤 0 ❌ 0 🔥 26.621s ⏱️

Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.13.1 to 2.14.2.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.2)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2 in /src/backend-api build(deps): bump pydantic-settings from 2.13.1 to 2.14.2 in /src/backend-api Jun 25, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/src/backend-api/pydantic-settings-2.14.2 branch from 9c86a58 to af06360 Compare June 25, 2026 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant