From 78cd463b5816751b714cd2c0e8ce26d14cfad25d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:02:46 -0800 Subject: [PATCH 1/2] Bump pyo3 from 0.22.5 to 0.23.3 (#151) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.22.5 to 0.23.3.
Release notes

Sourced from pyo3's releases.

PyO3 0.23.3

This release is a soundness fix for PyO3 0.23.0 through 0.23.2.

In PyO3 0.23.0 the PYO3_CONFIG_FILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single build, this leads to Python wheels being compiled against the wrong Python API version.

All users who distribute artefacts for multiple Python versions are encouraged to update and rebuild with PyO3 0.23.3. Affected wheels produced from PyO3 0.23.0 through 0.23.2 are highly unstable and will crash the Python interpreter in unpredictable ways.

Aside from this fix, PyO3 0.23.3 contains some fixes to link configuration for Python 3.13t on Windows.

Thank you to the following contributors for the improvements:

@​davidhewitt @​Icxolu @​kemingy

PyO3 0.23.2

This release fixes a build failure when attempting to compile for free-threaded Python when the abi3 or abi3-pyxx features are enabled. With this fix, the compile will now ignore (with a warning) the abi3 and abi3-pyxx flags (as is the case when compiling for PyPy, as neither support abi3).

This release also iterates upon the new IntoPyObject trait by adding an IntoPyObjectExt helper trait with some common convenience functions.

Finally, a compile failure related to ambiguous_associated_items lint errors inside generated #[pyclass] and #[derive(IntoPyObject)] output has been fixed.

Thank you to the following contributors for the improvements:

@​davidhewitt @​LilyFoote @​ngoldbaum

PyO3 0.23.1

This is a re-release of PyO3 0.23.0 with corrections to fix docs.rs builds.

Thanks @​yotamofek for the reports & fixes!

PyO3 0.23.0

This release is a significant iteration to both PyO3's internals and API with two major enhancements:

While both of these new features have undergone extensive design, it will be no surprise to find teething issues. All feedback is encouraged so that we can follow up with iterative improvements for these new features in future releases.

On top of the major additions, the removal of the "GIL Refs" API deprecated in PyO3 0.21 is now complete. A number of PyO3 APIs have had new simpler names introduced now that the PyO3 API is no longer in a migration phase (for example PyTuple::new_bound is now simplified to PyTuple::new).

Beyond that, PyO3 0.23 contains nearly 5 months of incremental improvements, bug fixes and smaller features that have been implemented while the major work of this release was ongoing.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​abrisco @​adamcavendish

... (truncated)

Changelog

Sourced from pyo3's changelog.

[0.23.3] - 2024-12-03

Packaging

Fixed

[0.23.2] - 2024-11-25

Added

Fixed

[0.23.1] - 2024-11-16

Re-release of 0.23.0 with fixes to docs.rs build.

[0.23.0] - 2024-11-15

Packaging

Added

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyo3&package-manager=cargo&previous-version=0.22.5&new-version=0.23.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 20 ++++++++++---------- Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39de5e4..9255493 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1379,9 +1379,9 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.22.5" +version = "0.23.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d922163ba1f79c04bc49073ba7b32fd5a8d3b76a87c955921234b8e77333c51" +checksum = "e484fd2c8b4cb67ab05a318f1fd6fa8f199fcc30819f08f07d200809dba26c15" dependencies = [ "anyhow", "cfg-if", @@ -1398,9 +1398,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.22.5" +version = "0.23.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc38c5feeb496c8321091edf3d63e9a6829eab4b863b4a6a65f26f3e9cc6b179" +checksum = "dc0e0469a84f208e20044b98965e1561028180219e35352a2afaf2b942beff3b" dependencies = [ "once_cell", "target-lexicon", @@ -1408,9 +1408,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.22.5" +version = "0.23.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94845622d88ae274d2729fcefc850e63d7a3ddff5e3ce11bd88486db9f1d357d" +checksum = "eb1547a7f9966f6f1a0f0227564a9945fe36b90da5a93b3933fc3dc03fae372d" dependencies = [ "libc", "pyo3-build-config", @@ -1418,9 +1418,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.22.5" +version = "0.23.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e655aad15e09b94ffdb3ce3d217acf652e26bbc37697ef012f5e5e348c716e5e" +checksum = "fdb6da8ec6fa5cedd1626c886fc8749bdcbb09424a86461eb8cdf096b7c33257" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -1430,9 +1430,9 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.22.5" +version = "0.23.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae1e3f09eecd94618f60a455a23def79f79eba4dc561a97324bf9ac8c6df30ce" +checksum = "38a385202ff5a92791168b1136afae5059d3ac118457bb7bc304c197c2d33e7d" dependencies = [ "heck 0.5.0", "proc-macro2", diff --git a/Cargo.toml b/Cargo.toml index 81ddfe8..659a774 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,7 @@ name = "sourmash_plugin_directsketch" crate-type = ["cdylib"] [dependencies] -pyo3 = { version = "0.22.5", features = ["extension-module", "anyhow"] } +pyo3 = { version = "0.23.3", features = ["extension-module", "anyhow"] } rayon = "1.10.0" serde = { version = "1.0.204", features = ["derive"] } sourmash = { version = "0.16.0"} From e499675beafd63373ac690fefcd41337da8f42aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 06:33:14 -0800 Subject: [PATCH 2/2] Bump tokio from 1.41.0 to 1.42.0 (#150) --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9255493..5ba4cdd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2061,9 +2061,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.41.0" +version = "1.42.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "145f3413504347a2be84393cc8a7d2fb4d863b375909ea59f2158261aa258bbb" +checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551" dependencies = [ "backtrace", "bytes", diff --git a/Cargo.toml b/Cargo.toml index 659a774..a3fca06 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ anyhow = "1.0.90" camino = "1.1.7" csv = "1.3.0" reqwest = { version = "0.12.8", features = ["json", "stream"] } -tokio = { version = "1.41.0", features = ["full"] } +tokio = { version = "1.42.0", features = ["full"] } tokio-util = "0.7.11" regex = "1.11.0" chrono = "0.4.32"