From 9db2d30695d36021301f46ed647af17b8d7d1cb554a779f54d3fe8b3c26da04f Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Tue, 9 Sep 2025 08:43:30 +0000 Subject: [PATCH 1/4] - Update to 8.6.1 * Patched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization). 8.6.0 * Added Colored View thanks to @mauvilsa * Added support for applying deltas to NamedTuple thanks to @paulsc * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A * Added python property serialization to json * Added ip address serialization * Switched to UV from pip * Added Claude.md * Added uuid hashing thanks to @akshat62 * Added ignore_uuid_types flag to DeepDiff to avoid type reports when comparing UUID and string. * Added comprehensive type hints across the codebase (multiple commits for better type safety) * Added support for memoryview serialization * Added support for bytes serialization (non-UTF8 compatible) * Fixed bug where group_by with numbers would leak type info into group path reports * Fixed bug in _get_clean_to_keys_mapping without explicit significant digits * Added support for python dict key serialization * Enhanced support for IP address serialization with safe module imports * Added development tooling improvements (pyright config, .envrc example) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-deepdiff?expand=0&rev=39 --- deepdiff-8.5.0-gh.tar.gz | 3 --- deepdiff-8.6.1-gh.tar.gz | 3 +++ python-deepdiff.changes | 35 +++++++++++++++++++++++++++++++++++ python-deepdiff.spec | 7 ++++--- 4 files changed, 42 insertions(+), 6 deletions(-) delete mode 100644 deepdiff-8.5.0-gh.tar.gz create mode 100644 deepdiff-8.6.1-gh.tar.gz diff --git a/deepdiff-8.5.0-gh.tar.gz b/deepdiff-8.5.0-gh.tar.gz deleted file mode 100644 index 34d279b..0000000 --- a/deepdiff-8.5.0-gh.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9df31fbe2d3318c54b849fad1244af9367eabbb33d01a514de1290f1b9c4f8c9 -size 537215 diff --git a/deepdiff-8.6.1-gh.tar.gz b/deepdiff-8.6.1-gh.tar.gz new file mode 100644 index 0000000..e333076 --- /dev/null +++ b/deepdiff-8.6.1-gh.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3c538a4966b18c5c006498363403d6e0626fdb5a9ab5825e38bdc715be00c74f +size 633489 diff --git a/python-deepdiff.changes b/python-deepdiff.changes index 5af7e33..ba02f04 100644 --- a/python-deepdiff.changes +++ b/python-deepdiff.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue Sep 9 08:33:52 UTC 2025 - Daniel Garcia + +- Update to 8.6.1 + * Patched security vulnerability in the Delta class which was + vulnerable to class pollution via its constructor, and when + combined with a gadget available in DeltaDiff itself, it could + lead to Denial of Service and Remote Code Execution (via insecure + Pickle deserialization). +8.6.0 + * Added Colored View thanks to @mauvilsa + * Added support for applying deltas to NamedTuple thanks to @paulsc + * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A + * Added python property serialization to json + * Added ip address serialization + * Switched to UV from pip + * Added Claude.md + * Added uuid hashing thanks to @akshat62 + * Added ignore_uuid_types flag to DeepDiff to avoid type reports + when comparing UUID and string. + * Added comprehensive type hints across the codebase (multiple + commits for better type safety) + * Added support for memoryview serialization + * Added support for bytes serialization (non-UTF8 compatible) + * Fixed bug where group_by with numbers would leak type info into + group path reports + * Fixed bug in _get_clean_to_keys_mapping without explicit + significant digits + * Added support for python dict key serialization + * Enhanced support for IP address serialization with safe module + imports + * Added development tooling improvements (pyright config, .envrc + example) + * Updated documentation and development instructions + ------------------------------------------------------------------- Mon Jun 2 11:57:35 UTC 2025 - John Paul Adrian Glaubitz diff --git a/python-deepdiff.spec b/python-deepdiff.spec index ff3cbb0..fd66017 100644 --- a/python-deepdiff.spec +++ b/python-deepdiff.spec @@ -1,7 +1,7 @@ # # spec file for package python-deepdiff # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-deepdiff -Version: 8.5.0 +Version: 8.6.1 Release: 0 Summary: Deep Difference and Search of any Python object/data License: MIT @@ -78,7 +78,8 @@ sed -i '1{/env python/d}' deepdiff/deephash.py deepdiff/diff.py deepdiff/search. donttest="(TestCommands and (csv or group_by)) or (test_load_path_content and csv) or (test_polars)" # failure on Python 3.13 https://github.com/seperman/deepdiff/issues/474 donttest+=" or (TestCommands and test_diff_command and t1_corrupt)" -%pytest -k "not ($donttest)" +# test_hash.py depends on uuid6 and this package doesn't exists in Factory +%pytest -k "not ($donttest)" --ignore tests/test_hash.py %post %python_install_alternative deep From 1802fa5a8eb87b7c4c875890158879c478a5da3507c1352dbc6ec9638942d447 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Tue, 9 Sep 2025 08:47:59 +0000 Subject: [PATCH 2/4] Accepting request 1303303 from home:glaubitz:branches:devel:languages:python - Update to 8.6.1 * Patched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization). (bsc#1249347, CVE-2025-58367) - from version 8.6.0 * Added Colored View thanks to @mauvilsa * Added support for applying deltas to NamedTuple thanks to @paulsc * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A * Added python property serialization to json * Added ip address serialization * Switched to UV from pip * Added Claude.md * Added uuid hashing thanks to @akshat62 * Added ignore_uuid_types flag to DeepDiff to avoid type reports when comparing UUID and string. * Added comprehensive type hints across the codebase (multiple commits for better type safety) * Added support for memoryview serialization * Added support for bytes serialization (non-UTF8 compatible) * Fixed bug where group_by with numbers would leak type info into group path reports * Fixed bug in _get_clean_to_keys_mapping without explicit significant digits * Added support for python dict key serialization * Enhanced support for IP address serialization with safe module imports * Added development tooling improvements (pyright config, .envrc example) * Updated documentation and development instructions - Update BuildRequires from pyproject.toml OBS-URL: https://build.opensuse.org/request/show/1303303 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-deepdiff?expand=0&rev=40 --- python-deepdiff.changes | 30 ++++++++++++++++++++++++++++++ python-deepdiff.spec | 1 + 2 files changed, 31 insertions(+) diff --git a/python-deepdiff.changes b/python-deepdiff.changes index ba02f04..13db5d3 100644 --- a/python-deepdiff.changes +++ b/python-deepdiff.changes @@ -33,6 +33,36 @@ Tue Sep 9 08:33:52 UTC 2025 - Daniel Garcia example) * Updated documentation and development instructions +------------------------------------------------------------------- +Tue Sep 9 07:26:58 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 8.6.1 + * Patched security vulnerability in the Delta class which was vulnerable + to class pollution via its constructor, and when combined with a gadget + available in DeltaDiff itself, it could lead to Denial of Service and + Remote Code Execution (via insecure Pickle deserialization). + (bsc#1249347, CVE-2025-58367) +- from version 8.6.0 + * Added Colored View thanks to @mauvilsa + * Added support for applying deltas to NamedTuple thanks to @paulsc + * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A + * Added python property serialization to json + * Added ip address serialization + * Switched to UV from pip + * Added Claude.md + * Added uuid hashing thanks to @akshat62 + * Added ignore_uuid_types flag to DeepDiff to avoid type reports when comparing UUID and string. + * Added comprehensive type hints across the codebase (multiple commits for better type safety) + * Added support for memoryview serialization + * Added support for bytes serialization (non-UTF8 compatible) + * Fixed bug where group_by with numbers would leak type info into group path reports + * Fixed bug in _get_clean_to_keys_mapping without explicit significant digits + * Added support for python dict key serialization + * Enhanced support for IP address serialization with safe module imports + * Added development tooling improvements (pyright config, .envrc example) + * Updated documentation and development instructions +- Update BuildRequires from pyproject.toml + ------------------------------------------------------------------- Mon Jun 2 11:57:35 UTC 2025 - John Paul Adrian Glaubitz diff --git a/python-deepdiff.spec b/python-deepdiff.spec index fd66017..5861ad0 100644 --- a/python-deepdiff.spec +++ b/python-deepdiff.spec @@ -40,6 +40,7 @@ BuildRequires: %{python_module python-dateutil} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module tomli-w} BuildRequires: %{python_module toml} +BuildRequires: %{python_module uuid6} BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros From 9c22e9c788bdcf8c8f44ae739ec3c0133427c1f955ba2e120546607d1882270d Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Tue, 9 Sep 2025 08:48:56 +0000 Subject: [PATCH 3/4] - Update to 8.6.1 (bsc#1249347, CVE-2025-58367): OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-deepdiff?expand=0&rev=41 --- python-deepdiff.changes | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/python-deepdiff.changes b/python-deepdiff.changes index 13db5d3..f13b9d6 100644 --- a/python-deepdiff.changes +++ b/python-deepdiff.changes @@ -1,42 +1,7 @@ -------------------------------------------------------------------- -Tue Sep 9 08:33:52 UTC 2025 - Daniel Garcia - -- Update to 8.6.1 - * Patched security vulnerability in the Delta class which was - vulnerable to class pollution via its constructor, and when - combined with a gadget available in DeltaDiff itself, it could - lead to Denial of Service and Remote Code Execution (via insecure - Pickle deserialization). -8.6.0 - * Added Colored View thanks to @mauvilsa - * Added support for applying deltas to NamedTuple thanks to @paulsc - * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A - * Added python property serialization to json - * Added ip address serialization - * Switched to UV from pip - * Added Claude.md - * Added uuid hashing thanks to @akshat62 - * Added ignore_uuid_types flag to DeepDiff to avoid type reports - when comparing UUID and string. - * Added comprehensive type hints across the codebase (multiple - commits for better type safety) - * Added support for memoryview serialization - * Added support for bytes serialization (non-UTF8 compatible) - * Fixed bug where group_by with numbers would leak type info into - group path reports - * Fixed bug in _get_clean_to_keys_mapping without explicit - significant digits - * Added support for python dict key serialization - * Enhanced support for IP address serialization with safe module - imports - * Added development tooling improvements (pyright config, .envrc - example) - * Updated documentation and development instructions - ------------------------------------------------------------------- Tue Sep 9 07:26:58 UTC 2025 - John Paul Adrian Glaubitz -- Update to 8.6.1 +- Update to 8.6.1 (bsc#1249347, CVE-2025-58367): * Patched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and From f97595633ef207bb2b896f9cc56d52ebba6d77021203d3ec6ab7adf251358926 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Tue, 9 Sep 2025 08:50:44 +0000 Subject: [PATCH 4/4] Run all tests now that uuid6 package exists OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-deepdiff?expand=0&rev=42 --- python-deepdiff.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/python-deepdiff.spec b/python-deepdiff.spec index 5861ad0..a27f290 100644 --- a/python-deepdiff.spec +++ b/python-deepdiff.spec @@ -79,8 +79,7 @@ sed -i '1{/env python/d}' deepdiff/deephash.py deepdiff/diff.py deepdiff/search. donttest="(TestCommands and (csv or group_by)) or (test_load_path_content and csv) or (test_polars)" # failure on Python 3.13 https://github.com/seperman/deepdiff/issues/474 donttest+=" or (TestCommands and test_diff_command and t1_corrupt)" -# test_hash.py depends on uuid6 and this package doesn't exists in Factory -%pytest -k "not ($donttest)" --ignore tests/test_hash.py +%pytest -k "not ($donttest)" %post %python_install_alternative deep