Skip to content

chore(deps): Bump pyo3 from 0.24.0 to 0.24.1#708

Merged
github-actions[bot] merged 1 commit intodevelopfrom
dependabot/cargo/pyo3-0.24.1
Apr 7, 2025
Merged

chore(deps): Bump pyo3 from 0.24.0 to 0.24.1#708
github-actions[bot] merged 1 commit intodevelopfrom
dependabot/cargo/pyo3-0.24.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2025

Bumps pyo3 from 0.24.0 to 0.24.1.

Release notes

Sourced from pyo3's releases.

v0.24.1

This release is a security fix for the PyString::from_object method, which passed &str data to the Python C API without checking for a terminating nul byte. All historical PyO3 versions are affected, and we recommend you upgrade if you are using PyString::from_object. Thank you to @​vthib for the report and @​Dr-Emann for the fix. A RUSTSEC advisory will be published shortly.

Aside from the security fix, this release contains a number of other non-breaking additions:

  • An abi3-py313 feature to support compiling with the Python 3.13 stable ABI.
  • PyAnyMethods::getattr_opt to get optional attributes without paying the cost of a Python exception when the attribute in question does not exist.
  • Constructor for PyInt::new.
  • with_critical_section2 for locking two objects at the same time on the free-threaded build.
  • Fix for a PyO3 0.24.0 regression with Option<&str> and Option<&T> (where T: PyClass) function arguments no longer being permitted

There are also a few other small bug fixes for edge cases, mostly related to compile errors from PyO3's macro code.

Thank you to the following contributors for the improvements:

@​bschoenmaeckers @​davidhewitt @​Dr-Emann @​emmagordon @​epontan @​Icxolu @​IvanIsCoding @​jelmer @​jonaspleyer @​ngoldbaum @​Owen-CH-Leung @​Tpt @​Trolldemorted @​XuehaiPan

Changelog

Sourced from pyo3's changelog.

[0.24.1] - 2025-03-31

Added

  • Add abi3-py313 feature. #4969
  • Add PyAnyMethods::getattr_opt. #4978
  • Add PyInt::new constructor for all supported number types (i32, u32, i64, u64, isize, usize). #4984
  • Add pyo3::sync::with_critical_section2. #4992
  • Implement PyCallArgs for Borrowed<'_, 'py, PyTuple>, &Bound<'py, PyTuple>, and &Py<PyTuple>. #5013

Fixed

  • Fix is_type_of for native types not using same specialized check as is_type_of_bound. #4981
  • Fix Probe class naming issue with #[pymethods]. #4988
  • Fix compile failure with required #[pyfunction] arguments taking Option<&str> and Option<&T> (for #[pyclass] types). #5002
  • Fix PyString::from_object causing of bounds reads whith encoding and errors parameters which are not nul-terminated. #5008
  • Fix compile error when additional options follow after crate for #[pyfunction]. #5015
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Bump pyo3 from 0.24.0 to 0.24.1
957521d 
Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/v0.24.1/CHANGELOG.md)
- [Commits](PyO3/pyo3@v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: pyo3
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Apr 7, 2025
@github-actions github-actions bot enabled auto-merge (squash) April 7, 2025 15:57
@github-actions github-actions bot merged commit cf126f8 into develop Apr 7, 2025
38 checks passed
@dependabot dependabot bot deleted the dependabot/cargo/pyo3-0.24.1 branch April 7, 2025 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants