Skip to content

Commit e06b122

Browse files
chore(deps): update rust crate pyo3 to v0.28.2 [security] (#387)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pyo3](https://redirect.github.com/pyo3/pyo3) | dependencies | patch | `0.28.0` → `0.28.2` | ### GitHub Vulnerability Alerts #### [GHSA-47qc-857f-7w7f](https://redirect.github.com/PyO3/pyo3/pull/5807#issuecomment-3913251784) PyO3 0.28.1 added support for `#[pyclass(extends=PyList)] struct NativeSub` (and other native types) when targeting Python 3.12 and up with the `abi3` feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of `NativeSub` contained within Python objects, amounting to memory corruption. PyO3 0.28.2 fixed the issue by using the type of (e.g.) `NativeSub` correctly. --- ### Release Notes <details> <summary>pyo3/pyo3 (pyo3)</summary> ### [`v0.28.2`](https://redirect.github.com/pyo3/pyo3/blob/HEAD/CHANGELOG.md#0282---2026-02-18) [Compare Source](https://redirect.github.com/pyo3/pyo3/compare/v0.28.1...v0.28.2) ##### Fixed - Fix complex enum `__qualname__` not using python name [#&#8203;5815](https://redirect.github.com/PyO3/pyo3/pull/5815) - Fix FFI definition `PyType_GetTypeDataSize` (was incorrectly named `PyObject_GetTypeDataSize`). [#&#8203;5819](https://redirect.github.com/PyO3/pyo3/pull/5819) - Fix memory corruption when subclassing native types with `abi3` feature on Python 3.12+ (newly enabled in PyO3 0.28.0). [#&#8203;5823](https://redirect.github.com/PyO3/pyo3/pull/5823) ### [`v0.28.1`](https://redirect.github.com/pyo3/pyo3/blob/HEAD/CHANGELOG.md#0281---2026-02-14) [Compare Source](https://redirect.github.com/pyo3/pyo3/compare/v0.28.0...v0.28.1) ##### Fixed - Fix `*args` / `**kwargs` support in` experimental-async` feature (regressed in 0.28.0). [#&#8203;5771](https://redirect.github.com/PyO3/pyo3/pull/5771) - Fix `clippy::declare_interior_mutable_const` warning inside `#[pyclass]` generated code on enums. [#&#8203;5772](https://redirect.github.com/PyO3/pyo3/pull/5772) - Fix `ambiguous_associated_items` compilation error when deriving `FromPyObject` or using `#[pyclass(from_py_object)]` macro on enums with `Error` variant. [#&#8203;5784](https://redirect.github.com/PyO3/pyo3/pull/5784) - Fix `__qualname__` for complex `#[pyclass]` enum variants to include the enum name. [#&#8203;5796](https://redirect.github.com/PyO3/pyo3/pull/5796) - Fix missing `std::sync::atomic::Ordering` import for targets without atomic64. [#&#8203;5808](https://redirect.github.com/PyO3/pyo3/pull/5808) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/apify/impit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNi41IiwidXBkYXRlZEluVmVyIjoiNDMuMjYuNSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jindřich Bär <jindrichbar@gmail.com>
1 parent d8dae10 commit e06b122

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

Cargo.lock

Lines changed: 10 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)