New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.10.2 is broken on some frozen dataclasses #4498
Comments
@samuelcolvin @PrettyWood Could you please yank the 1.10.2 release before this behavior will be fixed? |
??? This is not a reason to yank anything. |
any chance this is fixed by #4493? |
Nope...I'll take some time tonight to work on this |
Minor release bring up some issues which lead to unexpected failures, this is not a reason? This issue is not connected with pydantic/pydantic/dataclasses.py Line 200 in f341049
Dataclass from the example above is a builtin dataclass, but This leads to wrapping this dataclass with |
In my opinion yanking is only for mistaken releases (immediately), malicious releases (if someone got your access keys), or very serious security threats e.g. SQL injection or remote code execution. Yanking a release would break many peoples builds who have pinned to that version, it's reserved for the most serious scenarios. Also, V1.10.2 contains a number of fixes including partial mitigation of a dos risk, so I'm even less willing to yank it. |
@dolfinus if this issue is urgent for you, why not try to fix it and create a PR? @PrettyWood and I would be happy to review it. |
I see here 2 options:
|
Hi @dolfinus as far as I know, you're the only person for whom this is urgent. So best if you create a pull request. Otherwise you'll need to wait for @PrettyWood to have some time to fix it. But I would argue that this is not especially urgent since you can use v1.10 or v1.9.2, the error is not silent or security critical unless I'm missing something. If yanking v1.10.2 would be a satisfactory fix for you, so is pinning to v1.10.1. |
I've checked it a little bit. seems the Question to @PrettyWood: Does it make sense to limit the above check to when we have a custom validation function or |
+1 We are facing the same issue. Our workaround is ignoring 1.10.2 but it would be great to have it fixed in the next release. Thanks for all your work! |
Removing This is caused by wrapping dataclass with DataclassProxy, which should perform validation over a dataclass, but bypass all the attributes access and method calls to the dataclass. Wrapping this proxy with another I've tried to replace this proxy object just dataclass itsel with more complex logic in wrappers for So I stuck with this lump of magic and wrappers over wrappers inside pydantic's dataclass decorator |
👋 Hi there, PyPI maintainer here, just dropping in to point out that this isn't quite true -- yanking (as described in PEP 592) still leaves the release installable for anyone pinned to it, but for anyone attempting to install without pins would not get it -- effectively, it would no longer be automatically resolved as 'latest'. Deleting a release does have this effect, and should only be reserved for the cases mentioned. BTW, thanks for maintaining pydantic! We use it on PyPI (this issue is actually blocking our upgrade to the latest version: pypi/warehouse#12189 😉 ) |
Thanks for the hint, I'll try to get onto the next patch release this week. |
I'm on holiday starting tomorrow. My plan is to finally take some time to work on those issues. |
Thanks @PrettyWood, I'll be working on v1.10.3 tomorrow too. |
Closed via #4878 |
Initial Checks
Description
After upgrading to pydantic==1.10.2, my code which uses both frozen dataclasses and pydantic models started throwing exceptions:
See example below.
This is caused by #4484 and #4477
Example Code
Python, Pydantic & OS Version
Affected Components
.dict()
and.json()
construct()
, pickling, private attributes, ORM modeThe text was updated successfully, but these errors were encountered: