Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43 Pydantic Moderate Bug Fix Security Update 2025-312ac3e645

fedora
Calendar Grey November 10, 2025
Dist Fedora Esm H88
The Fedora 43 update addresses regressions in Pydantic and includes changes to the uv package for enhanced performance and security.
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

Summary

An extremely fast Python package installer and resolver, written in Rust.

Designed as a drop-in replacement for common pip and pip-tools workflows.

Highlights:

\u2022 \u2696\ufe0f Drop-in replacement for common pip, pip-tools, and virtualenv commands.

\u2022 \u26a1\ufe0f 10-100x faster than pip and pip-tools (pip-compile and pip-sync).

\u2022 \U0001f4be Disk-space efficient, with a global cache for dependency deduplication.

\u2022 \U0001f40d Installable via curl, pip, pipx, etc. uv is a static binary that can be

installed without Rust or Python.

\u2022 \U0001f9ea Tested at-scale against the top 10,000 PyPI packages.

\u2022 \U0001f5a5\ufe0f Support for macOS, Linux, and Windows.

\u2022 \U0001f9f0 Advanced features such as dependency version overrides and alternative

resolution strategies.

\u2022 \u2049\ufe0f Best-in-class error messages with a conflict-tracking resolver.

\u2022 \U0001f91d Support for a wide range of advanced pip features, including editable

installs, Git dependencies, direct URL dependencies, local dependencies,

constraints, source distributions, HTML and JSON indexes, and more.

Update Information:

Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types. This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any. https://github.com/pydantic/pydantic/releases/tag/v2.12.4 uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details. https://github.com/astral-sh/uv/releases/tag/0.9.6 ruff 0.14.3 https://github.com/astral-sh/ruff/releases/tag/0.14.3 Update rust-get-size2/rust-get-si...

Topics%20covered

Topics Covered

security advisory moderate fedora patch update python package installer

Change Log

* Sun Nov 2 2025 Benjamin A. Beasley - 0.9.7-2 - Allow spdx 0.12 * Fri Oct 31 2025 Benjamin A. Beasley - 0.9.7-1 - Update to 0.9.7 (close RHBZ#2408776) * Thu Oct 30 2025 Benjamin A. Beasley - 0.9.6-1 - Update to 0.9.6 (close RHBZ#2407283) * Sat Oct 25 2025 Benjamin A. Beasley - 0.9.5-6 - Remove a few more now-unnecessary test skips * Sat Oct 25 2025 Benjamin A. Beasley - 0.9.5-5 - Consolidate ppc64le/s390x skips for the same test * Sat Oct 25 2025 Benjamin A. Beasley - 0.9.5-4 - Remove python_list::python_list* test skips that no longer fail * Sat Oct 25 2025 Benjamin A. Beasley - 0.9.5-3 - Skip a test that is flaky on ppc64le

References


[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403244 [ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403245 [ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406419 [ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406420 [ 5 ] Bug #2411957 - python-cloudpickle-3.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411957 [ 6 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411978 [ 7 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411979 [ 8 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411980 [ 9 ] Bug #241198...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-312ac3e645' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: uv
Product: Fedora 43
Version: 0.9.7
Release: 2.fc43
URL: https://github.com/astral-sh/uv
Summary: An extremely fast Python package installer and resolver, written in Rust

Topics%20covered

Topics Covered

security advisory moderate fedora patch update python package installer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here