Skip to content

chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2#218

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pydantic-settings-2.14.2
Open

chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2#218
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pydantic-settings-2.14.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps pydantic-settings from 2.13.1 to 2.14.2.

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

... (truncated)

Commits
  • d703bd7 Prepare release 2.14.2 (#890)
  • e95c30b Prepare release 2.14.1 (#859)
  • 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
  • 7bd0072 Bump the python-packages group with 2 updates (#856)
  • b03e573 Bump the github-actions group with 3 updates (#853)
  • eaa3b43 Bump the python-packages group with 5 updates (#854)
  • 9f95615 Bump the python-packages group with 4 updates (#850)
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 19, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 19, 2026 23:48
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

1 similar comment
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.13.1 to 2.14.2.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.2)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/pydantic-settings-2.14.2 branch from 3aa732b to ba3ea23 Compare June 25, 2026 19:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant