Skip to content

build(deps): bump pydantic-settings from 2.14.0 to 2.14.2 in /src/processor#300

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/src/processor/pydantic-settings-2.14.2
Open

build(deps): bump pydantic-settings from 2.14.0 to 2.14.2 in /src/processor#300
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/src/processor/pydantic-settings-2.14.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps pydantic-settings from 2.14.0 to 2.14.2.

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 19, 2026
@dependabot dependabot Bot requested a review from Avijit-Microsoft as a code owner June 19, 2026 23:58
Copilot AI review requested due to automatic review settings June 19, 2026 23:58

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Coverage

Coverage Report •
FileStmtsMissCoverMissing
TOTAL309720893% 
report-only-changed-files is enabled. No files were changed during this commit :)

Tests Skipped Failures Errors Time
588 0 💤 0 ❌ 0 🔥 27.146s ⏱️

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Coverage

Processor Coverage Report •
FileStmtsMissCoverMissing
TOTAL600984086% 
report-only-changed-files is enabled. No files were changed during this commit :)

Tests Skipped Failures Errors Time
834 0 💤 0 ❌ 0 🔥 16.976s ⏱️

Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.14.0 to 2.14.2.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.14.0...v2.14.2)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump pydantic-settings from 2.14.0 to 2.14.2 in /src/processor build(deps): bump pydantic-settings from 2.14.0 to 2.14.2 in /src/processor Jun 25, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/src/processor/pydantic-settings-2.14.2 branch from 1ec45ee to 2096b4f Compare June 25, 2026 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant