Python: Update pydantic requirement from !=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.13,>=2.0 to >=2.0,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.14 in /python#13864
Conversation
Updates the requirements on [pydantic](https://github.com/pydantic/pydantic) to permit the latest version. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.0...v2.13.0) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.13.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
github-actions
bot
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Automated Code Review
Reviewers: 4 | Confidence: 94%
✓ Correctness
This diff relaxes the upper bound of the pydantic dependency from <2.13 to <2.14, allowing pydantic 2.13.x to be installed. The change is minimal and low-risk. The codebase uses standard pydantic v2 APIs (ConfigDict, BaseModel, Field, etc.) with no version-specific workarounds that would break under pydantic 2.13.x. The excluded versions (2.10.0–2.10.3) and lower bound (>=2.0) remain unchanged. The lock file currently pins pydantic at 2.11.10 and is not updated in this diff, which is expected — it would be regenerated separately.
✓ Security Reliability
This is a minimal, low-risk change that raises the upper-bound constraint on pydantic from <2.13 to <2.14, allowing the project to accept pydantic 2.13.x releases. The existing lower bound (>=2.0) and excluded bugy versions (2.10.0–2.10.3) are preserved. No security or reliability issues identified.
✓ Test Coverage
This PR bumps the pydantic upper version bound from <2.13 to <2.14, allowing pydantic 2.13.x to be used. The change is minimal and low-risk. There are no dedicated pydantic version compatibility tests in the repository; instead, pydantic models are exercised extensively throughout the existing unit and integration test suites (serialization, schema building, function decorators, agents, connectors, etc.), which serve as the de facto compatibility regression suite. While it would be ideal to have a CI matrix that explicitly tests against pydantic 2.13.x to catch any behavioral changes in the new minor version, the existing test coverage is broad enough that running the full test suite with pydantic 2.13.x installed would provide reasonable confidence. No blocking issues found.
✓ Design Approach
The change simply relaxes the pydantic upper-bound constraint from
<2.13to<2.14, allowing the 2.13.x release series. The existing exclusion list for known-bad 2.10.x releases is preserved. There are no design concerns: expanding a version ceiling is the correct mechanism to unblock a new compatible release, and the pattern of using explicit exclusions for regression-inducing releases is sound.
Suggestions
- Consider adding a CI matrix entry (or nox/tox environment) that explicitly installs the newest allowed pydantic version (currently 2.13.x) to ensure the test suite passes against it before merging. This would catch any subtle incompatibilities introduced in pydantic minor releases rather than relying solely on the default resolved version.
Automated review by dependabot[bot]'s agents
Updates the requirements on pydantic to permit the latest version.
Release notes
Sourced from pydantic's releases.
Changelog
Sourced from pydantic's changelog.
... (truncated)
Commits
46bf4faFix Pydantic release workflow (#13067)1b359edPrepare release v2.13.0 (#13065)b1bf194Fix model equality when using runtimeextraconfiguration (#13062)17a35e3Update jiter to v0.14.0 (#13064)feea402Usesimulationmode in Codspeed CI (#13063)671c9b0Add basic benchmarks for model equality (#13061)d17d71eBump cryptography from 46.0.6 to 46.0.7 (#13056)919d61a👥 Update Pydantic People (#13059)e7cf5dcFix people workflow (#13047)2a806adAdd regression test forMISSINGsentinel serialization with subclasses (#13...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)