Jsonschema

Latest version: v4.23.0

Safety actively analyzes 681866 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 25

4.18.2

=======

* Fix an additional regression with the deprecated ``jsonschema.RefResolver`` and pointer resolution.

4.18.1

=======

* Fix a regression with ``jsonschema.RefResolver`` based resolution when used in combination with a custom validation dialect (via ``jsonschema.validators.create``).

4.18.0

=======

This release majorly rehauls the way in which JSON Schema reference resolution is configured.
It does so in a way that *should* be backwards compatible, preserving old behavior whilst emitting deprecation warnings.

* ``jsonschema.RefResolver`` is now deprecated in favor of the new `referencing library <https://github.com/python-jsonschema/referencing/>`_.
``referencing`` will begin in beta, but already is more compliant than the existing ``$ref`` support.
This change is a culmination of a meaningful chunk of work to make ``$ref`` resolution more flexible and more correct.
Backwards compatibility *should* be preserved for existing code which uses ``RefResolver``, though doing so is again now deprecated, and all such use cases should be doable using the new APIs.
Please file issues on the ``referencing`` tracker if there is functionality missing from it, or here on the ``jsonschema`` issue tracker if you have issues with existing code not functioning the same, or with figuring out how to change it to use ``referencing``.
In particular, this referencing change includes a change concerning *automatic* retrieval of remote references (retrieving ``http://foo/bar`` automatically within a schema).
This behavior has always been a potential security risk and counter to the recommendations of the JSON Schema specifications; it has survived this long essentially only for backwards compatibility reasons, and now explicitly produces warnings.
The ``referencing`` library itself will *not* automatically retrieve references if you interact directly with it, so the deprecated behavior is only triggered if you fully rely on the default ``$ref`` resolution behavior and also include remote references in your schema, which will still be retrieved during the deprecation period (after which they will become an error).
* Support for Python 3.7 has been dropped, as it is nearing end-of-life.
This should not be a "visible" change in the sense that ``requires-python`` has been updated, so users using 3.7 should still receive ``v4.17.3`` when installing the library.
* On draft 2019-09, ``unevaluatedItems`` now properly does *not* consider items to be evaluated by an ``additionalItems`` schema if ``items`` is missing from the schema, as the specification says in this case that ``additionalItems`` must be completely ignored.
* Fix the ``date`` format checker on Python 3.11 (when format assertion behavior is enabled), where it was too liberal (1076).
* Speed up validation of ``unevaluatedProperties`` (1075).

Deprecations
------------

* ``jsonschema.RefResolver`` -- see above for details on the replacement
* ``jsonschema.RefResolutionError`` -- see above for details on the replacement
* relying on automatic resolution of remote references -- see above for details on the replacement
* importing ``jsonschema.ErrorTree`` -- instead import it via ``jsonschema.exceptions.ErrorTree``
* importing ``jsonschema.FormatError`` -- instead import it via ``jsonschema.exceptions.FormatError``

4.17.3

=======

* Fix instantiating validators with cached refs to boolean schemas
rather than objects (1018).

4.17.2

=======

* Empty strings are not valid relative JSON Pointers (aren't valid under the
RJP format).
* Durations without (trailing) units are not valid durations (aren't
valid under the duration format). This involves changing the dependency
used for validating durations (from ``isoduration`` to ``isodate``).

4.17.1

=======

* The error message when using ``unevaluatedProperties`` with a non-trivial
schema value (i.e. something other than ``false``) has been improved (996).

Page 3 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.