Control: forwarded -1 https://github.com/pydantic/pydantic-core/pull/1585 Control: tag -1 fixed-upstream
On Thu, Mar 27, 2025 at 08:42:26AM +0000, Peter Green wrote:
I hope to update rust-idna soon to version 1.0.3 to fix CVE-2024-12224, the Debian build-dependencies for your package allow the new version but the Cargo dependency does not. After relaxing the cargo dependency, I ran into some test failures, I think these are just oversensitive tests, but any feedback would be appreciated. An example of one of the errors isE AssertionError: Regex pattern did not match. E Regex: 'Input\\ should\\ be\\ a\\ valid\\ URL,\\ invalid\\ domain\\ character\\ \\[type=url_parsing,' E Input: "1 validation error for url\n Input should be a valid URL, invalid international domain name [type=url_parsing, input_valu e='http://127.0.0.1%0d%0aConnection%3a%20keep-alive', input_type=str]\n For further information visit https://errors.pydantic.dev/latest/v/url_parsing";
This was fixed upstream in https://github.com/pydantic/pydantic-core/pull/1585. Since the new tests won't work with the old rust-url, unless you object, I think it would be simplest for us to just cherry-pick that at the same time as doing the rust-url update in unstable, and maybe have the new librust-url-dev declare Breaks on previous versions of python3-pydantic-core so that britney knows to migrate them together.
(Although this is in pydantic-core >= 2.30.0, I deliberately haven't upgraded to that yet because I'm waiting for a compatible pydantic release.)
-- Colin Watson (he/him) [cjwat...@debian.org]
