From 9db2d30695d36021301f46ed647af17b8d7d1cb554a779f54d3fe8b3c26da04f Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Tue, 9 Sep 2025 08:43:30 +0000 Subject: [PATCH] - Update to 8.6.1 * Patched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization). 8.6.0 * Added Colored View thanks to @mauvilsa * Added support for applying deltas to NamedTuple thanks to @paulsc * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A * Added python property serialization to json * Added ip address serialization * Switched to UV from pip * Added Claude.md * Added uuid hashing thanks to @akshat62 * Added ignore_uuid_types flag to DeepDiff to avoid type reports when comparing UUID and string. * Added comprehensive type hints across the codebase (multiple commits for better type safety) * Added support for memoryview serialization * Added support for bytes serialization (non-UTF8 compatible) * Fixed bug where group_by with numbers would leak type info into group path reports * Fixed bug in _get_clean_to_keys_mapping without explicit significant digits * Added support for python dict key serialization * Enhanced support for IP address serialization with safe module imports * Added development tooling improvements (pyright config, .envrc example) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-deepdiff?expand=0&rev=39 --- deepdiff-8.5.0-gh.tar.gz | 3 --- deepdiff-8.6.1-gh.tar.gz | 3 +++ python-deepdiff.changes | 35 +++++++++++++++++++++++++++++++++++ python-deepdiff.spec | 7 ++++--- 4 files changed, 42 insertions(+), 6 deletions(-) delete mode 100644 deepdiff-8.5.0-gh.tar.gz create mode 100644 deepdiff-8.6.1-gh.tar.gz diff --git a/deepdiff-8.5.0-gh.tar.gz b/deepdiff-8.5.0-gh.tar.gz deleted file mode 100644 index 34d279b..0000000 --- a/deepdiff-8.5.0-gh.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9df31fbe2d3318c54b849fad1244af9367eabbb33d01a514de1290f1b9c4f8c9 -size 537215 diff --git a/deepdiff-8.6.1-gh.tar.gz b/deepdiff-8.6.1-gh.tar.gz new file mode 100644 index 0000000..e333076 --- /dev/null +++ b/deepdiff-8.6.1-gh.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3c538a4966b18c5c006498363403d6e0626fdb5a9ab5825e38bdc715be00c74f +size 633489 diff --git a/python-deepdiff.changes b/python-deepdiff.changes index 5af7e33..ba02f04 100644 --- a/python-deepdiff.changes +++ b/python-deepdiff.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue Sep 9 08:33:52 UTC 2025 - Daniel Garcia + +- Update to 8.6.1 + * Patched security vulnerability in the Delta class which was + vulnerable to class pollution via its constructor, and when + combined with a gadget available in DeltaDiff itself, it could + lead to Denial of Service and Remote Code Execution (via insecure + Pickle deserialization). +8.6.0 + * Added Colored View thanks to @mauvilsa + * Added support for applying deltas to NamedTuple thanks to @paulsc + * Fixed test_delta.py with Python 3.14 thanks to @Romain-Geissler-1A + * Added python property serialization to json + * Added ip address serialization + * Switched to UV from pip + * Added Claude.md + * Added uuid hashing thanks to @akshat62 + * Added ignore_uuid_types flag to DeepDiff to avoid type reports + when comparing UUID and string. + * Added comprehensive type hints across the codebase (multiple + commits for better type safety) + * Added support for memoryview serialization + * Added support for bytes serialization (non-UTF8 compatible) + * Fixed bug where group_by with numbers would leak type info into + group path reports + * Fixed bug in _get_clean_to_keys_mapping without explicit + significant digits + * Added support for python dict key serialization + * Enhanced support for IP address serialization with safe module + imports + * Added development tooling improvements (pyright config, .envrc + example) + * Updated documentation and development instructions + ------------------------------------------------------------------- Mon Jun 2 11:57:35 UTC 2025 - John Paul Adrian Glaubitz diff --git a/python-deepdiff.spec b/python-deepdiff.spec index ff3cbb0..fd66017 100644 --- a/python-deepdiff.spec +++ b/python-deepdiff.spec @@ -1,7 +1,7 @@ # # spec file for package python-deepdiff # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-deepdiff -Version: 8.5.0 +Version: 8.6.1 Release: 0 Summary: Deep Difference and Search of any Python object/data License: MIT @@ -78,7 +78,8 @@ sed -i '1{/env python/d}' deepdiff/deephash.py deepdiff/diff.py deepdiff/search. donttest="(TestCommands and (csv or group_by)) or (test_load_path_content and csv) or (test_polars)" # failure on Python 3.13 https://github.com/seperman/deepdiff/issues/474 donttest+=" or (TestCommands and test_diff_command and t1_corrupt)" -%pytest -k "not ($donttest)" +# test_hash.py depends on uuid6 and this package doesn't exists in Factory +%pytest -k "not ($donttest)" --ignore tests/test_hash.py %post %python_install_alternative deep