Bump the pip group across 1 directory with 15 updates

[dependabot]

Bumps the pip group with 15 updates in the / directory:

Package	From	To
black	19.10b0	24.3.0
certifi	2023.5.7	2023.7.22
fonttools	4.39.3	4.43.0
grpcio	1.54.2	1.54.3
idna	3.4	3.7
onnx	1.14.0	1.16.0
pillow	9.5.0	10.3.0
pydantic	1.10.7	1.10.13
pytorch-lightning	1.1.0	1.6.0
requests	2.30.0	2.31.0
scipy	1.8.1	1.11.1
torch	1.12.1+cu113	1.13.1
transformers	4.29.1	4.38.0
urllib3	1.26.15	1.26.18
werkzeug	2.3.4	2.3.8

Updates black from 19.10b0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• See full diff in compare view

Updates certifi from 2023.5.7 to 2023.7.22

Commits

• 8fb96ed 2023.07.22
• afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
• 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
• 44df761 Hash pin Actions and enable dependabot (#228)
• See full diff in compare view

Updates fonttools from 4.39.3 to 4.43.0

Release notes

Sourced from fonttools's releases.

4.43.0

• [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
• [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
• [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
• [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
• Added support for Python 3.12 (#3283).

4.42.1

• [t1Lib] Fixed several Type 1 issues (#3238, #3240).
• [otBase/packer] Allow sharing tables reached by different offset sizes (#3241, #3236, 457f11c2).
• [varLib/merger] Fix Cursive attachment merging error when all anchors are NULL (#3248, #3247).
• [ttLib] Fixed warning when calling addMultilingualName and ttFont parameter was not passed on to findMultilingualName (#3253).

4.42.0

• [varLib] Use sentinel value 0xFFFF to mark a glyph advance in hmtx/vmtx as non participating, allowing sparse masters to contain glyphs for variation purposes other than {H,V}VAR (#3235).
• [varLib/cff] Treat empty glyphs in non-default masters as missing, thus not participating in CFF2 delta computation, similarly to how varLib already treats them for gvar (#3234).
• Added varLib.avarPlanner script to deduce 'correct' avar v1 axis mappings based on glyph average weights (#3223).

4.41.1

• [subset] Fixed perf regression in v4.41.0 by making NameRecordVisitor only visit tables that do contain nameID references (#3213, #3214).
• [varLib.instancer] Support instancing fonts containing null ConditionSet offsets in FeatureVariationRecords (#3211, #3212).
• [statisticsPen] Report font glyph-average weight/width and font-wide slant.
• [fontBuilder] Fixed head.created date incorrectly set to 0 instead of the current timestamp, regression introduced in v4.40.0 (#3210).
• [varLib.merger] Support sparse CursivePos masters (#3209).

4.41.0

• [fontBuilder] Fixed bug in setupOS2 with default panose attribute incorrectly being set to a dict instead of a Panose object (#3201).
• [name] Added method to removeUnusedNameRecords in the user range (#3185).
• [varLib.instancer] Fixed issue with L4 instancing (moving default) (#3179).
• [cffLib] Use latin1 so we can roundtrip non-ASCII in {Full,Font,Family}Name (#3202).
• [designspaceLib] Mark as optional in docs (as it is in the code).
• [glyf-1] Fixed drawPoints() bug whereby last cubic segment becomes quadratic (#3189, #3190).
• [fontBuilder] Propagate the 'hidden' flag to the fvar Axis instance (#3184).
• [fontBuilder] Update setupAvar() to also support avar 2, fixing _add_avar() call site (#3183).
• Added new voltLib.voltToFea submodule (originally Tiro Typeworks' "Volto") for converting VOLT OpenType Layout sources to FEA format (#3164).

4.40.0

• Published native binary wheels to PyPI for all the python minor versions and platform and architectures currently supported that would benefit from this. They will include precompiled Cython-accelerated modules (e.g. cu2qu) without requiring to compile them from source. The pure-python wheel and source distribution will continue to be published as always (pip will automatically chose them when no binary wheel is available for the given platform, e.g. pypy). Use pip install --no-binary=fonttools fonttools to expliclity request pip to install from the pure-python source.
• [designspaceLib|varLib] Add initial support for specifying axis mappings and build avar2 table from those (#3123).
• [feaLib] Support variable ligature caret position (#3130).
• [varLib|glyf] Added option to --drop-implied-oncurves; test for impliable oncurve points either before or after rounding (#3146, #3147, #3155, #3156).
• [TTGlyphPointPen] Don't error with empty contours, simply ignore them (#3145).
• [sfnt] Fixed str vs bytes remnant of py3 transition in code dealing with de/compiling WOFF metadata (#3129).
• [instancer-solver] Fixed bug when moving default instance with sparse masters (#3139, #3140).
• [feaLib] Simplify variable scalars that don’t vary (#3132).
• [pens] Added filter pen that explicitly emits closing line when lastPt != movePt (#3100).
• [varStore] Improve optimize algorithm and better document the algorithm (#3124, #3127).
  Added quantization option (#3126).
• Added CI workflow config file for building native binary wheels (#3121).
• [fontBuilder] Added glyphDataFormat=0 option; raise error when glyphs contain cubic outlines but glyphDataFormat was not explicitly set to 1 (#3113, #3119).

... (truncated)

Changelog

Sourced from fonttools's changelog.

4.43.0 (released 2023-09-29)

• [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
• [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
• [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
• [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
• Added support for Python 3.12 (#3283).

4.42.1 (released 2023-08-20)

• [t1Lib] Fixed several Type 1 issues (#3238, #3240).
• [otBase/packer] Allow sharing tables reached by different offset sizes (#3241, #3236).
• [varLib/merger] Fix Cursive attachment merging error when all anchors are NULL (#3248, #3247).
• [ttLib] Fixed warning when calling addMultilingualName and ttFont parameter was not passed on to findMultilingualName (#3253).

4.42.0 (released 2023-08-02)

• [varLib] Use sentinel value 0xFFFF to mark a glyph advance in hmtx/vmtx as non participating, allowing sparse masters to contain glyphs for variation purposes other than {H,V}VAR (#3235).
• [varLib/cff] Treat empty glyphs in non-default masters as missing, thus not participating in CFF2 delta computation, similarly to how varLib already treats them for gvar (#3234).
• Added varLib.avarPlanner script to deduce 'correct' avar v1 axis mappings based on glyph average weights (#3223).

4.41.1 (released 2023-07-21)

• [subset] Fixed perf regression in v4.41.0 by making NameRecordVisitor only visit tables that do contain nameID references (#3213, #3214).
• [varLib.instancer] Support instancing fonts containing null ConditionSet offsets in FeatureVariationRecords (#3211, #3212).
• [statisticsPen] Report font glyph-average weight/width and font-wide slant.
• [fontBuilder] Fixed head.created date incorrectly set to 0 instead of the current timestamp, regression introduced in v4.40.0 (#3210).
• [varLib.merger] Support sparse CursivePos masters (#3209).

4.41.0 (released 2023-07-12)

... (truncated)

Commits

• 145460e Release 4.43.0
• 64f3fd8 Update changelog [skip ci]
• 7aea49e Merge pull request #3283 from hugovk/main
• 4470c44 Bump requirements.txt to support Python 3.12
• 0c87cba Bump scipy for Python 3.12 support
• eda6fa5 Add support for Python 3.12
• 0e033b0 Bump reportlab from 3.6.12 to 3.6.13 in /Doc
• 6012643 [iup] Work around cython bug
• b14268a [iup] Remove copy/pasta
• 0a3360e [varLib.avar] New module to compile avar from .designspace file
• Additional commits viewable in compare view

Updates grpcio from 1.54.2 to 1.54.3

Release notes

Sourced from grpcio's releases.

Release v1.54.3

This is release 1.54.3 (gracious) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by @​drfloob in grpc/grpc#33670

Commits

• 868412b [v1.54.x][Interop] Backport Python image update (#33865)
• b80ee02 [Backport] [dependency] Restrict cython to less than 3.X (#33771)
• c3fadd6 [v1.54][Build] Update Phusion baseimage (#33767) (#33835)
• 057ff9b [PSM Interop] Legacy tests: fix xDS test client build (v1.54.x backport) (#33...
• 7a053eb [PSM Interop] Legacy test builds always pull the driver from master (v1.54.x ...
• d084ddc [release] Bump release version 1.54.3 (#33708)
• b8fd152 Automated fix for refs/heads/v1.54.x (#33682)
• f44cddb [backport][iomgr][EventEngine] Improve server handling of file descriptor exh...
• da9ef34 [PSM interop] Don't fail url_map target if sub-target already failed (v1.54.x...
• 6894b4b [PSM interop] Don't fail target if sub-target already failed (#33222) (#33303)
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates onnx from 1.14.0 to 1.16.0

Release notes

Sourced from onnx's releases.

v1.16.0

ONNX v1.16.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

Key Updates

ai.onnx Opset 21

• Update to support int4 and uint4:
  • Cast, CastLike, Constant, ConstantOfShape, Identity, If, Loop, Reshape, Scan, Shape, Size
• Update to support float8e4m3fnuz, float8e5m2, float8e5m2fnuz, int4 and uint4:
  • Flatten, Pad, Squeeze, Transpose, Unsqueeze
• Support blocked quantization. Support int4, uint4, int16, and uint16:
  • DequantizeLinear, QuantizeLinear,
• Support bfloat16 and float16 scales. Support float8e4m3fn, float8e4m3fnuz, float8e5m2, float8e5m2fnuz quantized tensors:
  • QLinearMatMul,
• Add stash_type attribute and change input shape of scale and bias from (G) to (C) for GroupNormalization

ai.onnx.ml Opset 4

• Addeded new operator TreeEnsemble

IR Version 10

• Added support for UINT4, INT4 types
• GraphProto, FunctionProto, NodeProto, TensorProto added metadata_props field
• FunctionProto added value_info field
• FunctionProto and NodeProto added overload field to support overloaded functions.

Python Changes

• Support registering custom OpSchemas via Python interface
• Support Python3.12

Security Updates

• Fix path sanitization bypass leading to arbitrary read (CVE-2024-27318)
• Fix Out of bounds read due to lack of string termination in assert (CVE-2024-27319)

Deprecation notice

• Deprecated using C++14 to compile ONNX from source. Use C++17 instead #5612
• Deprecated TreeEnsembleClassifier and TreeEnsembleRegressor
• Remove FormalParameter properties that were depreciated in ONNX 1.14 by 5074

Bug fixes and infrastructure improvements

• Enable empty list of values as attribute (#5559)
• Add backward conversions from 18->17 for reduce ops (#5606)
• DFT-20 version converter (#5613)
• Fix version-converter to generate valid identifiers (#5628)
• Reserve removed proto fields (#5643)
• Cleanup shape inference implementation (#5596)
• Do not use LFS64 on non-glibc linux (#5669)
• Drop "one of" default attribute check in LabelEncoder (#5673)
• TreeEnsemble base values for the reference implementation (#5665)
• Parser/printer support external data format (#5688)
• [cmake] Place export target file in the correct directory (#5677)

... (truncated)

Commits

• 990217f Set version number for official release (#6033)
• 2159934 [Cherry-pick] Fix builds from source and pip tar.gz on s390x systems (#5986)
• f46a3f8 [Cherry-pick] Use CMAKE_PREFIX_PATH in finding libprotobuf (#5975) (#5997)
• c867683 [Cherry-pick]Fix SegFault bug in shape inference (#5995)
• e6ff7b9 [Cherry-pick] Fix unique_name (#5994)
• 34e00dd Set version in rel-1.16.0 to 1.16.0rc2 (#5987)
• 309a0b0 [Cherry-pick] Fix Check URLs errors in rel-1.16 (#5973)
• 69ec4b6 Set version in rel-1.16.0 to 1.16.0rc1 (#5969)
• ff60ddc Update top-k documentation (#5948)
• 833575e Prepare for rel-1.16.0 (#5959)
• Additional commits viewable in compare view

Updates pillow from 9.5.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates pydantic from 1.10.7 to 1.10.13

Release notes

Sourced from pydantic's releases.

V1.10.13 2023-09-27

What's Changed

• Update pip commands to install 1.10 by @​chbndrhnns in pydantic/pydantic#6930
• Make the v1 mypy plugin work with both v1 and v2 by @​dmontagu in pydantic/pydantic#6920
• [Backport] Add max length check to validate_email by @​hramezani in pydantic/pydantic#7673

Full Changelog: pydantic/pydantic@v1.10.12...v1.10.13

V1.10.12

What's Changed

• Deque's maxlen property dropped on V1 validation by @​maciekglowka in pydantic/pydantic#6586
• Prepare release 1.10.12 by @​hramezani in pydantic/pydantic#6825

New Contributors

• @​maciekglowka made their first contribution in pydantic/pydantic#6586

Full Changelog: pydantic/pydantic@v1.10.11...v1.10.12

V1.10.11

What's Changed

• Fix import of create_model in tools.py by @​SharathHuddar in pydantic/pydantic#6364
• Prepare for 1.10.11 by @​hramezani in pydantic/pydantic#6420

New Contributors

• @​SharathHuddar made their first contribution in pydantic/pydantic#6364

Full Changelog: pydantic/pydantic@v1.10.10...v1.10.11

V1.10.10

What's Changed

• Fix racy doctests by @​K900 in pydantic/pydantic#6103
• ✅ Update FastAPI test script by @​Kludex in pydantic/pydantic#6117
• add roadmap to annoucement by @​samuelcolvin in pydantic/pydantic#6120
• Fixed literal validator errors for unhashable values by @​markus1978 in pydantic/pydantic#6194
• Bug fix for forward refs in generics by @​mark-todd in pydantic/pydantic#6157
• Add Pydantic Json field support to settings management by @​hramezani in pydantic/pydantic#6250

New Contributors

• @​K900 made their first contribution in pydantic/pydantic#6103
• @​markus1978 made their first contribution in pydantic/pydantic#6194

Full Changelog: pydantic/pydantic@v1.10.9...v1.10.10

V1.10.9

What's Changed

• Add Pydantic classifier by @​hramezani in pydantic/pydantic#5847
• 📌 Use Cython < v3 by @​lig in pydantic/pydantic#5845
• [cherry-pick] Fix mypy plugin for 1.4.0 (#5927) by @​cdce8p in pydantic/pydantic#5928
• Add future and past date hypothesis strategies by @​bschoenmaeckers in pydantic/pydantic#5850

... (truncated)

Changelog

Sourced from pydantic's changelog.

v1.10.13 (2023-09-27)

• Fix: Add max length check to pydantic.validate_email, #7673 by @​hramezani
• Docs: Fix pip commands to install v1, #6930 by @​chbndrhnns

v1.10.12 (2023-07-24)

• Fixes the maxlen property being dropped on deque validation. Happened only if the deque item has been typed. Changes the _validate_sequence_like func, #6581 by @​maciekglowka

v1.10.11 (2023-07-04)

• Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, #6361 by @​SharathHuddar

v1.10.10 (2023-06-30)

• Add Pydantic Json field support to settings management, #6250 by @​hramezani
• Fixed literal validator errors for unhashable values, #6188 by @​markus1978
• Fixed bug with generics receiving forward refs, #6130 by @​mark-todd
• Update install method of FastAPI for internal tests in CI, #6117 by @​Kludex

v1.10.9 (2023-06-07)

• Fix trailing zeros not ignored in Decimal validation, #5968 by @​hramezani
• Fix mypy plugin for v1.4.0, #5928 by @​cdce8p
• Add future and past date hypothesis strategies, #5850 by @​bschoenmaeckers
• Discourage usage of Cython 3 with Pydantic 1.x, #5845 by @​lig

v1.10.8 (2023-05-23)

• Fix a bug in Literal usage with typing-extension==4.6.0, #5826 by @​hramezani
• This solves the (closed) issue #3849 where aliased fields that use discriminated union fail to validate when the data contains the non-aliased field name, #5736 by @​benwah
• Update email-validator dependency to >=2.0.0post2, #5627 by @​adriangb
• update AnyClassMethod for changes in python/typeshed#9771, #5505 by @​ITProKyle

Commits

• 8822578 Prepare release 1.10.13 (#7674)

[dependabot]

Superseded by #7.