chore(deps): bump pydantic from 2.12.5 to 2.13.4#6024
Conversation
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.5 to 2.13.4. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.12.5...v2.13.4) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.13.4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
rtibblesbot
left a comment
There was a problem hiding this comment.
Routine minor bump, changelog is clean, and CI is green.
Package: pydantic 2.12.5 → 2.13.4 (production, requirements.in)
Semver risk: Minor (spans patch releases 2.13.0–2.13.4)
Breaking changes: None — v2.13.0 release notes describe the changes as non-breaking per pydantic's versioning policy.
Security fixes: None (v2.13.0 bumps jiter to 0.14.0 for a musl-Linux segfault fix — robustness, not a CVE).
Other notable changes:
- Narrow bug fixes across 2.13.1–2.13.4 (
ValidationInfoundermodel_validate_json(),RootModelmetadata, private-attr factories) pydantic-corebumped 2.41.5 → 2.46.4 alongside
See inline note on the unrelated [grpc] extras change in requirements.txt.
@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly
How was this generated?
Ran a dependency-update review pipeline over the version bump:
- Classified the bump by semver (patch / minor / major) and dependency type (production vs. development)
- Extracted the changelog and release notes across the version range
- Assessed compatibility with this project's usage and whether any code changes are required
- Treated CI as the primary safety net
- Scaled the review depth to the update's risk
- Chose the verdict from semver risk, changelog findings, and CI status
| exceptiongroup==1.3.1 | ||
| # via celery | ||
| google-api-core[grpc]==2.30.0 | ||
| google-api-core==2.30.0 |
There was a problem hiding this comment.
suggestion: [grpc] extra dropped from this pin (and from googleapis-common-protos at line 137). Unrelated to the pydantic bump.
- Pinned versions of both packages are unchanged
grpcio/grpcio-statusstill resolve viagrpc-google-iam-v1- Likely a
uv pip compileresolver-annotation quirk, not a manual edit - Worth a quick sanity check that grpc-based transports still work as expected
rtibbles
left a comment
There was a problem hiding this comment.
No concerns from changelog - pydantic usage has good test coverage.
Bumps pydantic from 2.12.5 to 2.13.4.
Release notes
Sourced from pydantic's releases.
... (truncated)
Changelog
Sourced from pydantic's changelog.
... (truncated)
Commits
cf67d4bFix lintingf0d8a21Prepare release v2.13.45e3fe1dCheck for pydantic tag pattern in CI7f9edccDocument tagging conventionsb46a0c9Adaptpydantic-corelinker flags on macOS50629c8Update to PyPy 7.3.228522ebbPreserveRootModelcore metadataa37f3afAdaptMISSINGsentinel test to work with unreleasedtyping_extensionsver...909259aRemove Logfire example in documentation2c4174cBump libc from 0.2.155 to 0.2.185Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)