Breaking Changes
Default Behavior Changes
--checkoutput now uses POSIX-style paths - File paths in--checkdiagnostic output are now normalized withPath.as_posix()instead ofstr(path). On POSIX systems the output is unchanged, but on Windows the diff headers andMISSING:/EXTRA:lines now use forward slashes (models/foo.py) instead of backslashes (models\foo.py). Tooling or snapshot tests that parse--checkoutput on Windows may need updating. (#3287)
Security
- Fixed SSRF protection bypass via DNS rebinding during HTTP(S) schema fetching. (GHSA-vx7x-vcc2-c44g)
- Fixed leakage of scoped request headers such as
Authorization,Cookie, andProxy-Authorizationwhen a remote schema fetch follows a cross-origin redirect. (GHSA-r5vv-ff45-prp2) - Hardened HTTP(S) schema fetching against embedded IPv4 address forms that could bypass private-network checks. (#3319)
What's Changed
- Update CHANGELOG for 0.62.0 by @dcg-generated-docs[bot] in #3313
- Add generate prompt JSON output by @koxudaxi in #3285
- Strengthen test oracles by @koxudaxi in #3314
- Cover pragma targets by @koxudaxi in #3315
- Consolidate test infrastructure helpers by @koxudaxi in #3316
- Remove dead branches and import cleanups by @koxudaxi in #3318
- Block embedded IPv4 SSRF bypasses by @koxudaxi in #3319
- Add generation JSON output format by @koxudaxi in #3287
- Remove no-op overrides by @koxudaxi in #3320
- Initialize parser lazy state explicitly by @koxudaxi in #3321
- Break parser-model import cycles by @koxudaxi in #3322
- Document LLM option workflow by @koxudaxi in #3284
- Improve generate prompt guidance by @koxudaxi in #3286
- Add experimental agent skill by @koxudaxi in #3310
- Consolidate JSON Schema data formats by @koxudaxi in #3323
- Sync generated docs by @dcg-generated-docs[bot] in #3326
- Deduplicate model-layer helpers by @koxudaxi in #3327
- Deduplicate JSON Schema parser helpers by @koxudaxi in #3328
- Deduplicate parser base helpers by @koxudaxi in #3329
- Deduplicate parser converter helpers by @koxudaxi in #3330
- Use resolved converted source cache keys by @koxudaxi in #3332
- Add JSON Schema suite conformance by @koxudaxi in #3333
- Clarify payload adapter error by @koxudaxi in #3334
- Add OpenAI sponsor logo by @koxudaxi in #3338
- Add payload rejection oracle by @koxudaxi in #3335
- Expand payload backend validation by @koxudaxi in #3337
- Add payload round trip validation by @koxudaxi in #3339
- Add payload runtime matrix by @koxudaxi in #3340
- Expand payload backend matrix by @koxudaxi in #3341
- Fix Pydantic 2.0 fallbacks by @koxudaxi in #3343
- Refactor generate flow by @koxudaxi in #3344
Full Changelog: 0.62.0...0.63.0