Skip to content

Bump pydantic-settings from 2.12.0 to 2.14.2#29

Merged
vladd-bit merged 1 commit into
mainfrom
dependabot/pip/pydantic-settings-2.14.2
Jun 25, 2026
Merged

Bump pydantic-settings from 2.12.0 to 2.14.2#29
vladd-bit merged 1 commit into
mainfrom
dependabot/pip/pydantic-settings-2.14.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps pydantic-settings from 2.12.0 to 2.14.2.

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

v2.14.1

What's Changed

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

... (truncated)

Commits
  • d703bd7 Prepare release 2.14.2 (#890)
  • e95c30b Prepare release 2.14.1 (#859)
  • 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
  • 7bd0072 Bump the python-packages group with 2 updates (#856)
  • b03e573 Bump the github-actions group with 3 updates (#853)
  • eaa3b43 Bump the python-packages group with 5 updates (#854)
  • 9f95615 Bump the python-packages group with 4 updates (#850)
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 24, 2026
@dependabot
Bump pydantic-settings from 2.12.0 to 2.14.2
020aaea 
Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.12.0 to 2.14.2.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.12.0...v2.14.2)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pydantic-settings-2.14.2 branch from 6db5024 to 020aaea Compare June 25, 2026 15:32
@vladd-bit vladd-bit merged commit fd07db5 into main Jun 25, 2026
12 of 14 checks passed
@vladd-bit vladd-bit deleted the dependabot/pip/pydantic-settings-2.14.2 branch June 25, 2026 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vladd-bit