You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A new CVE was published (link), in which Pydantic versions below 1.10.13 have a denial of service vulnerability.
Switching to that version causes this:
The conflict is caused by:
The user requested pydantic>=1.10.13
ormar 0.12.2 depends on pydantic!=1.7, !=1.7.1, !=1.7.2, !=1.7.3, !=1.8, !=1.8.1, <1.10.9 and >=1.6.1
I think Ormar 0.12.2 will work just fine with Pydantic 1.10.13, and it's a minor version bump and I think Ormar has an automated test suite anyway. We should release a new Ormar minor version, probably 0.12.3, which allows Pydantic 1.10.13 because not everyone can switch to Ormar 2.0.0 right now.
@collerek I think this is urgent since it's a security issue in one of Ormar's dependencies itself.
The text was updated successfully, but these errors were encountered:
A new CVE was published (link), in which Pydantic versions below 1.10.13 have a denial of service vulnerability.
Switching to that version causes this:
I think Ormar 0.12.2 will work just fine with Pydantic 1.10.13, and it's a minor version bump and I think Ormar has an automated test suite anyway. We should release a new Ormar minor version, probably 0.12.3, which allows Pydantic 1.10.13 because not everyone can switch to Ormar 2.0.0 right now.
@collerek I think this is urgent since it's a security issue in one of Ormar's dependencies itself.
The text was updated successfully, but these errors were encountered: