Merged
Conversation
![pullrequest[bot]](https://avatars.githubusercontent.com/in/3434?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Peter V reviewed all the included code changes and associated automation findings and determined that there were no immediately actionable security flaws. Note that they will continue to be notified of any new commits or comments and follow up as needed throughout the duration of this pull request's lifecycle.
Reviewed with ❤️ by PullRequest
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
cc3377b to
83045f8
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
83045f8 to
6d36dca
Compare
There was a problem hiding this comment.
HackerOne Code Security Review
🟢 Scan Complete: 53 Issue(s)
🟢 Validation Complete: Any Issues detected were validated by one of our engineers. None were determined to require immediate action.
Here's how the code changes were interpreted and info about the tools used for scanning.
📖 Summary of Changes
The changes primarily focus on Pydantic v3 compatibility and type handling improvements. The SDK version was updated to 2.3.2-rc1, with modifications to type hints using a new SequenceNotStr type. Numerous files were adjusted to support more flexible sequence type annotations, remove List imports, and update version-specific compatibility logic across the project's source code.
| File | Summary |
|---|---|
| .github/workflows/ci.yml | The changes include modifying the build job's runs-on configuration, adding conditional checks for GitHub OIDC token and tarball upload steps, and removing a specific repository condition from the build job's initial if statement. |
| .release-please-manifest.json | The version number in the JSON file has been updated from "2.3.1" to "2.3.2-rc1", indicating a potential release candidate version change. |
| .stats.yml | The OpenAPI specification URL and its hash have been updated, while the config hash remains unchanged and the number of configured endpoints is consistent. |
| CHANGELOG.md | The changelog update introduces improvements for Pydantic v3 compatibility, including type handling changes, client modifications, and internal utility updates. It adds features to improve future compatibility and addresses potential type-related issues. |
| README.md | The primary change is in the installation instructions, where pip install writer-sdk has been updated to pip install --pre writer-sdk, indicating support for pre-release versions of the SDK. |
| mypy.ini | The mypy configuration file has been completely removed, eliminating all type checking settings, exclusions, warnings, and strict type enforcement rules previously defined for the project. |
| pyproject.toml | The version was updated from 2.3.1 to 2.3.2-rc1. Additional changes include adding .git to pyright's exclude list and introducing a new mypy configuration section with detailed type checking settings. |
| requirements-dev.lock | The files are nearly identical, with the only noticeable difference being the reordering of the lines for "asttokens" and "async-timeout" in the new version. No substantive changes in package versions or dependencies are apparent. |
| requirements.lock | The lockfile shows a minor reordering of dependencies, with the lines for "jiter" and "multidict" swapped. No version changes or significant modifications are present in the file. |
| src/writerai/_base_client.py | The primary change in this file is the replacement of PYDANTIC_V2 with PYDANTIC_V1 in two locations related to private attribute initialization in BaseSyncPage and BaseAsyncPage classes. This suggests an adjustment to handle compatibility between different versions of the Pydantic library. |
| src/writerai/_client.py | Minor whitespace changes in the code, specifically in the _extract_sdk_env_headers() function where a space was added after the colon in a slice operation. The async header value in AsyncWriter was also updated to include the async library name. |
| src/writerai/_compat.py | The file has been updated to support Pydantic v3 compatibility. The main changes include renaming the version check variable from PYDANTIC_V2 to PYDANTIC_V1, adjusting import and type checking logic, and modifying version-specific method implementations to handle both v1 and v2/v3 scenarios. |
| src/writerai/_models.py | The primary changes involve swapping the order of Pydantic version checks from PYDANTIC_V2 to PYDANTIC_V1, and adjusting corresponding configuration and method implementations to match the new version-specific logic. |
| src/writerai/_types.py | The updated file adds several new type-related imports like SupportsIndex, overload, and introduces new type variables and protocols. The most notable changes include adding a new SequenceNotStr protocol and a covariant type variable _T_co. |
| src/writerai/_utils/init.py | Removed parse_date and parse_datetime from _utils import, added new import from _compat, added is_sequence_type to _typing imports, and added a new import from _datetime_parse for parse_date and parse_datetime functions. |
| src/writerai/_utils/_compat.py | A new file has been added with imports for type handling, including functions for parsing types, checking unions and literal types, and parsing dates and datetimes using imported helper functions from other modules. |
| src/writerai/_utils/_datetime_parse.py | A new file has been added containing datetime parsing utilities from Pydantic v1, with functions to parse datetime and date values from various input types, including numeric timestamps, strings with timezone support, and handling different input formats. |
| src/writerai/_utils/_transform.py | The changes include adding a new import for is_sequence in _utils, importing model_dump within functions instead of at the top level, and adding support for Sequence[T] type handling in both synchronous and asynchronous transformation methods. |
| src/writerai/_utils/_typing.py | A new function is_sequence_type was added, and the import for is_union was changed from .._compat to ._compat. The new function checks if a type is a Sequence type from various typing modules. |
| src/writerai/_utils/_utils.py | Removed import of parse_date and parse_datetime from .._compat module, which were not used in the rest of the code. |
| src/writerai/_version.py | Version updated from 2.3.1 to 2.3.2-rc1, indicating a release candidate version increment. |
| src/writerai/lib/_parsing/_completions.py | The changes include replacing PYDANTIC_V2 with PYDANTIC_V1 and modifying the error handling for non-BaseModel types, now raising an error for Pydantic v1 instead of v2. The logic for parsing dataclass-like types has been slightly adjusted. |
| src/writerai/lib/_pydantic.py | The changes involve replacing PYDANTIC_V2 with PYDANTIC_V1 in the import and adjusting the type adapter condition to check for not PYDANTIC_V1 instead of PYDANTIC_V2, and updating the error message accordingly. |
| src/writerai/resources/applications/graphs.py | The file was updated to replace List[str] with SequenceNotStr[str] for the graph_ids parameter in both synchronous and asynchronous update methods, and removed the import of List from the typing module. |
| src/writerai/resources/chat.py | The file has been updated to replace Union[List[str], str] with Union[SequenceNotStr[str], str] in method signatures, indicating a change in type hinting for the stop parameter across multiple method overloads. |
| src/writerai/resources/completions.py | The main change is replacing Union[List[str], str] with Union[SequenceNotStr[str], str] for the stop parameter type hint, which suggests a more precise type specification for sequence handling. |
| src/writerai/resources/files.py | The file has been updated to change the type hint for file_ids from List[str] to SequenceNotStr[str] in both the sync and async retry methods, and removed an import for List from the typing module. |
| src/writerai/resources/graphs.py | The changes include adding a new optional parameter query_config to the question method, modifying type hints for graph_ids to use SequenceNotStr[str], and updating the method's body to include the new query_config parameter in the request body. |
| src/writerai/resources/tools/tools.py | The file has been updated to replace List[str] with SequenceNotStr[str] for exclude_domains and include_domains parameters in the web_search method for both synchronous and asynchronous tool resources. |
| src/writerai/types/application_generate_content_params.py | The changes include removing the List import, adding an import from _types, and modifying the Input class's value type from List[str] to SequenceNotStr[str], which provides a more flexible type annotation for input values. |
| src/writerai/types/application_list_response.py | A new attribute upload_types was added to the InputOptionsApplicationInputFileOptions class, specifying allowed upload types for file inputs as a list of literals "url" and "file_id". |
| src/writerai/types/application_retrieve_response.py | A new field upload_types was added to the InputOptionsApplicationInputFileOptions class, introducing a list of allowed upload types for file inputs. |
| src/writerai/types/applications/graph_update_params.py | The file changes include removing the List import, adding an import for SequenceNotStr from _types, and replacing the type hint for graph_ids from List[str] to SequenceNotStr[str]. |
| src/writerai/types/applications/job_create_params.py | The changes include removing the List import, adding an import from _types for SequenceNotStr, and modifying the value type annotation from List[str] to SequenceNotStr[str] in the Input class definition. |
| src/writerai/types/chat_chat_params.py | The file was updated to import SequenceNotStr from _types, modify the stop parameter type hint, and remove the List import. The changes appear to be minor type-related adjustments to the type hints and imports. |
| src/writerai/types/completion_create_params.py | The file changes include removing the List import, adding an import from _types for SequenceNotStr, and replacing List[str] with Union[SequenceNotStr[str], str] in the stop parameter type annotation. |
| src/writerai/types/file_retry_params.py | The changes include removing the List import, adding an import for SequenceNotStr from _types, and replacing the file_ids type from List[str] to SequenceNotStr[str]. |
| src/writerai/types/graph_question_params.py | The file was updated to include a new QueryConfig class with detailed configuration options for Knowledge Graph queries. The import statements were modified, graph_ids type was changed to SequenceNotStr, and a new optional query_config parameter was added to the base parameters class. |
| src/writerai/types/graph_update_params.py | The changes include removing the explicit List import, adding an import from _types for SequenceNotStr, and replacing the exclude_urls type from List[str] to SequenceNotStr[str], which allows for more flexible sequence types while preventing string inputs. |
| src/writerai/types/question.py | The updated file introduces new classes ReferencesFile, ReferencesWeb, and References, adds more detailed docstrings, and includes a new optional references field in the Question class with expanded source tracking capabilities. |
| src/writerai/types/shared/graph_data.py | The changes involve updating docstrings for the Subquery class, providing more descriptive explanations for the answer, query, and sources attributes, with no structural modifications to the code. |
| src/writerai/types/shared/source.py | The file's docstrings for file_id and snippet attributes have been updated with more detailed and precise descriptions, providing clearer context about their purpose and meaning. |
| src/writerai/types/shared/tool_param.py | A new class GraphToolFunctionQueryConfig was added to the file, introducing detailed configuration options for Knowledge Graph queries, including parameters like grounding level, inline citations, keyword threshold, and search weights. |
| src/writerai/types/shared_params/graph_data.py | The changes involve updating docstrings for the Subquery class, providing more descriptive explanations for the answer, query, and sources attributes, with slightly more context about their purpose and origin. |
| src/writerai/types/shared_params/source.py | The changes involve updating the docstrings for file_id and snippet in the Source class, providing more detailed and precise descriptions of their purposes and context. |
| src/writerai/types/shared_params/tool_param.py | The file was updated to include a new GraphToolFunctionQueryConfig class with detailed configuration options for Knowledge Graph queries, and modified some type hints to use SequenceNotStr. The changes primarily add more granular control and configuration parameters for graph-based tool interactions. |
| src/writerai/types/tool_web_search_params.py | The file changes include removing the List import, adding a new import from _types for SequenceNotStr, and replacing List type hints for exclude_domains and include_domains with SequenceNotStr[str]. |
ℹ️ Issues Detected
NOTE: These may not require action!
Below are unvalidated results from the Analysis Tools that ran during the latest scan for transparency. We investigate each of these for accuracy and relevance before surfacing them as a potential problem.
How will I know if something is a problem?
When validation completes, any concerns that warrant attention prior to merge will be posted as inline comments. These will show up in 2 ways:
- Expert review (most cases): Issues will be posted by experts who manually reviewed and validated them. These are real HackerOne engineers (not bots) reviewing through an integrated IDE-like tool. You can communicate with them like any other reviewer. They'll stay assigned and get notified with commit & comment updates.
- Automatically: In cases where our validation checks have highest confidence the problem is legitimate and urgent. These will include a description of contextual reasoning why & actionable next steps.
| File & Line | Issue |
|---|---|
tests/test_models.py Line 532 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 584 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 435 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 687 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 531 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 936 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 580 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 680 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 302 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 557 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 776 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 770 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 301 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_transform.py Line 193 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_transform.py Line 194 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_transform.py Line 305 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 622 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 298 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 581 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 681 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
src/writerai/_utils/_datetime_parse.py Line 126 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 294 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 833 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 299 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
tests/test_models.py Line 623 |
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. |
🧰 Analysis tools
- [ ✅ ] HackerOne AI Code Analysis
- [ ✅ ] HackerOne AI Code Validation
- [ ✅ ] semgrep
- [ ✅ ] rubocop
- [ ✅ ] bandit
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
6d36dca to
89f17e3
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
89f17e3 to
233ad66
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
233ad66 to
3558e9c
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
3558e9c to
d1a87b3
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
d1a87b3 to
c1e72ca
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
c1e72ca to
13e28ec
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
13e28ec to
355e1ac
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
355e1ac to
27a4476
Compare
`nest_asyncio` is archived and broken on some platforms so it's not worth keeping in our test suite.
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
2 times, most recently
from
e46a2e0 to
89fce95
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
89fce95 to
5c2b85e
Compare
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
5c2b85e to
851a44c
Compare
Contributor
Author
Release version edited manuallyThe Pull Request version has been manually set to If you instead want to use the version number |
stainless-app
bot
force-pushed
the
release-please--branches--main--changes--next
branch
from
851a44c to
8b39332
Compare
Contributor
Author
|
🤖 Release is at https://github.com/writer/writer-python/releases/tag/v2.3.2-rc1 🌻 |
stainless-app
bot
added
autorelease: pre-release
autorelease: tagged
and removed
autorelease: pending
labels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated Release PR
2.3.2-rc1 (2025-09-11)
Full Changelog: v2.3.1...v2.3.2-rc1
Features
Bug Fixes
Chores
pyproject.tomlfile (2518950)get_platformtest (f1ddbb2)Documentation
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions