Skip to content

Bump the cargo group across 1 directory with 7 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the cargo group across 1 directory with 7 updates #1

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 1, 2025

Bumps the cargo group with 6 updates in the / directory:

Package From To
pyo3 0.20.0 0.21.2
openssl 0.10.61 0.10.72
ring 0.17.6 0.17.14
rustls 0.21.9 0.21.12
unsafe-libyaml 0.2.9 0.2.11
zerovec 0.10.1 0.10.4

Updates pyo3 from 0.20.0 to 0.21.2

Release notes

Sourced from pyo3's releases.

PyO3 0.21.2

This release contains some fixes to compile-time edge cases for the PyO3 0.21 series:

  • A missing deprecation warning for the GIL Ref constructor PySet::empty has now been added.
  • #[pymodule] functions will no longer trigger missing_docs lints on their generated code.
  • Incorrect implementations of __traverse__ in #[pymethods] will now emit a better error.
  • Extension modules on AIX will now link to libpython.

This release also fixes some compile errors for the experimental-async and experimental-declarative-modules features, and corrects some documentation typos.

Thank you to the following users for the improvements:

@​adamreichold @​blmarket @​davidhewitt @​Icxolu @​lfn3 @​messense @​wyfo

PyO3 0.21.1

This release is a set of touch-ups to PyO3 0.21 to fix cases found as adoption of PyO3 0.21.0 progressed.

The new PyBackedStr and PyBackedBytes types have had a large range of standard traits implemented, including Clone, PartialEq, Hash, PartialOrd, Display, Debug, Send and Sync.

The argument to a #[setter] function now accepts the full range of input types as any other function argument in a #[pymethods] block, and will now correctly handle a #[pyo3(from_py_with = "...")] annotation.

Some procedural macro output has been adjusted to reuse more code and make it easier to reach complete code coverage in projects using PyO3. The import_exception_bound! macro has been added to further assist with coverage during migration, by skipping generating code which is only needed to use the exception as a GIL Ref.

Finally, the experimental-async feature now correctly handles async fn in #[pymethods] which have a &self or &mut self receiver plus additional arguments.

Thank you to the following users for the improvements:

@​alex @​davidhewitt @​geo7 @​Icxolu @​reswqa @​rikushoney @​tisonkun

PyO3 0.21.0

This release introduces a substantial new direction for PyO3's API. The Bound<'py, T> smart pointer type has been added that replaces "GIL Refs" such as &'py PyAny and &'py PyList with smart-pointer forms Bound<'py, PyAny> and Bound<'py, PyList>. This new smart pointer brings ownership out of PyO3's internals and into user control. This has been done for sake of both performance and soundness.

The migration guide extensively details the intended transition to the new API. To allow users a more graceful upgrade path, PyO3 0.21 and 0.22 will maintain backwards compatibility support for the existing "GIL Refs" API.

As well as the Bound API, highlights of PyO3 0.21 include:

  • Support for compiling for GraalPy
  • Extended chrono / datetime conversions, including support for the abi3 feature and the chrono-tz crate
  • Simplifications to __next__ and __anext__ methods

... (truncated)

Changelog

Sourced from pyo3's changelog.

[0.21.2] - 2024-04-16

Changed

  • Deprecate the PySet::empty() gil-ref constructor. #4082

Fixed

  • Fix compile error for async fn in #[pymethods] with a &self receiver and more than one additional argument. #4035
  • Improve error message for wrong receiver type in __traverse__. #4045
  • Fix compile error when exporting a #[pyclass] living in a different Rust module using the experimental-declarative-modules feature. #4054
  • Fix missing_docs lint triggering on documented #[pymodule] functions. #4067
  • Fix undefined symbol errors for extension modules on AIX (by linking libpython). #4073

[0.21.1] - 2024-04-01

Added

  • Implement Send and Sync for PyBackedStr and PyBackedBytes. #4007
  • Implement Clone, Debug, PartialEq, Eq, PartialOrd, Ord and Hash implementation for PyBackedBytes and PyBackedStr, and Display for PyBackedStr. #4020
  • Add import_exception_bound! macro to import exception types without generating GIL Ref functionality for them. #4027

Changed

  • Emit deprecation warning for uses of GIL Refs as #[setter] function arguments. #3998
  • Add #[inline] hints on many Bound and Borrowed methods. #4024

Fixed

  • Handle #[pyo3(from_py_with = "")] in #[setter] methods #3995
  • Allow extraction of &Bound in #[setter] methods. #3998
  • Fix some uncovered code blocks emitted by #[pymodule], #[pyfunction] and #[pyclass] macros. #4009
  • Fix typo in the panic message when a class referenced in pyo3::import_exception! does not exist. #4012
  • Fix compile error when using an async #[pymethod] with a receiver and additional arguments. #4015

[0.21.0] - 2024-03-25

Added

  • Add support for GraalPy (24.0 and up). #3247
  • Add PyMemoryView type. #3514
  • Allow async fn in for #[pyfunction] and #[pymethods], with the experimental-async feature. #3540 #3588 #3599 #3931
  • Implement PyTypeInfo for PyEllipsis, PyNone and PyNotImplemented. #3577
  • Support #[pyclass] on enums that have non-unit variants. #3582
  • Support chrono feature with abi3 feature. #3664
  • FromPyObject, IntoPy<PyObject> and ToPyObject are implemented on std::duration::Duration #3670
  • Add PyString::to_cow. Add Py<PyString>::to_str, Py<PyString>::to_cow, and Py<PyString>::to_string_lossy, as ways to access Python string data safely beyond the GIL lifetime. #3677
  • Add Bound<T> and Borrowed<T> smart pointers as a new API for accessing Python objects. #3686
  • Add PyNativeType::as_borrowed to convert "GIL refs" to the new Bound smart pointer. #3692

... (truncated)

Commits
  • a646a82 release: 0.21.2
  • bd15f92 Deprecate the PySet::empty gil-ref constructor (#4082)
  • 4f7c706 Suppress non_local_definitions lint as we often want the non-local effects in...
  • 3f6faf0 Extend guide on interaction between method receivers and lifetime elision. (#...
  • 4e13c0e Link libpython for AIX target (#4073)
  • e501377 fix declarative-modules compile error (#4054)
  • fd18955 add #[doc(hidden)] to the Rust module created by #[pymodule] (#4067)
  • e174a04 Minor: Fix a typo in Contributing.md (#4066)
  • a8abe50 build(deps): bump peaceiris/actions-gh-pages from 3 to 4 (#4062)
  • 68d1973 Fix typo (#4052)
  • Additional commits viewable in compare view

Updates openssl from 0.10.61 to 0.10.72

Release notes

Sourced from openssl's releases.

openssl-v0.10.72

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.71...openssl-v0.10.72

openssl-v0.10.71

What's Changed

New Contributors

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.70...openssl-v0.10.71

openssl v0.10.70

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.69...openssl-v0.10.70

openssl v0.10.69

What's Changed

New Contributors

... (truncated)

Commits
  • 87085bd Merge pull request #2390 from alex/uaf-fix
  • d1a12e2 Fixed two UAFs and bumped versions for release
  • 7c7b2e6 Merge pull request #2389 from skmcgrail/aws-lc-follow-up
  • 34a477b Use --experimental with bindgen-cli with aws-lc build
  • d4bf071 Merge pull request #2386 from skmcgrail/aws-lc-follow-up
  • a86bf67 Remove comment
  • 705dbfb Fix test
  • e0df413 Skip final call for LibreSSL 4.1.0 for CCM mode
  • 2f1164b Enable additional capabilities for AWS-LC
  • dde9ffb Merge pull request #1805 from skmcgrail/aws-lc-support-final
  • Additional commits viewable in compare view

Updates ring from 0.17.6 to 0.17.14

Changelog

Sourced from ring's changelog.

Version 0.17.14 (2025-03-11)

Fixed a performance bug in the AVX2-based AES-GCM implementation added in ring 0.17.13. This will be another notable performance improvement for most newish x86-64 systems. The performance issue impacted not just AES-GCM.

Compatibility with GNU binutils 2.29 (used on Amazon Linux 2), and probably even earlier versions, was restored. It is expected that ring 0.17.14 will build on all the systems that 0.17.12 would build on.

Version 0.17.13 (2025-03-06)

Increased MSRV to 1.66.0 to avoid bugs in earlier versions so that we can safely use core::arch::x86_64::__cpuid and core::arch::x86::__cpuid from Rust in future releases.

AVX2-based VAES-CLMUL implementation. This will be a notable performance improvement for most newish x86-64 systems. This will likely raise the minimum binutils version supported for very old Linux distros.

Version 0.17.12 (2025-03-05)

Bug fix: briansmith/ring#2447 for denial of service (DoS).

  • Fixes a panic in ring::aead::quic::HeaderProtectionKey::new_mask() when integer overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

  • Fixes a panic on 64-bit targets in ring::aead::{AES_128_GCM, AES_256_GCM} when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

Commits

Updates rustls from 0.21.9 to 0.21.12

Commits
  • 3633152 Cargo: v0.21.11 -> v0.21.12
  • 0baaeba proj: MSRV 1.61 -> 1.63
  • 6fd691a tls13: fix clippy::unnecessary_lazy_evaluations finding
  • 6da5337 Test for illegal IP address in server name extension
  • 75f8857 Ignore server_name extension containing IP address
  • 7b8d1db Prepare 0.21.11
  • ebcb478 complete_io: bail out if progress is impossible
  • 20f35df Regression test for complete_io infinite loop bug
  • 2f2aae1 Don't specially handle unauthenticated close_notify alerts
  • e163587 Don't deny warnings from nightly clippy
  • Additional commits viewable in compare view

Updates unsafe-libyaml from 0.2.9 to 0.2.11

Release notes

Sourced from unsafe-libyaml's releases.

0.2.11

  • Fix quadratic parse time for YAML containing deeply nested flow collections (#26)

0.2.10

  • Fix write to improperly aligned pointer in 32-bit targets (#21)
Commits
  • a7b8d1f Release 0.2.11
  • 7c42792 Merge pull request #27 from dtolnay/simplekeys
  • eb7de7e Fix quadratic behavior in yaml_parser_fetch_more_tokens
  • 7440d58 Merge pull request #25 from jayvdb/typos
  • b3496ce fix typos
  • 63131f5 Explicitly disable unsafe_op_in_unsafe_fn lint
  • 61f3ab8 Release 0.2.10
  • d90d7ab Clean up some redundant casts
  • 7755559 Merge pull request #24 from dtolnay/mallocalign
  • b8a0863 Fix insufficient alignment of malloc's return value on 32-bit
  • Additional commits viewable in compare view

Updates zerovec from 0.10.1 to 0.10.4

Changelog

Sourced from zerovec's changelog.

Changelog

icu4x 2.1

  • Components
    • General
      • Update MSRV to 1.83 (unicode-org#7066)
      • Remove unused dependencies (unicode-org#6978)
    • icu_calendar
      • Collapse Dangi and Chinese into EastAsianTraditional, expose (unstable) customization trait (unicode-org#6938, unicode-org#7159)
      • Collapse Hijri calendar types, expose (unstable) Rules trait for customization (unicode-org#6935)
      • Add Easter holiday to Gregorian and Julian (unicode-org#6899)
      • Implement PartialOrd for Date unconditionally (unicode-org#7090)
      • Switch Chinese and Korean calendars to no longer being data-driven, hardcoding their data (unicode-org#6934, unicode-org#7008)
      • (unstable) Add Date::try_from_fields for flexibly building Temporal dates (unicode-org#6910, unicode-org#7116, unicode-org#7163)
      • (unstable) Implement date arithmetic according to Temporal specification (unicode-org#6992, unicode-org#7012)
      • Make extended_year have consistent behavior across calendars, matching specced behavior in CLDR and Temporal (unicode-org#6800, unicode-org#6937)
      • Remove era aliases for Persian (unicode-org#7124)
      • Fix und-SA-u-ca-islamic (unicode-org#6736)
      • Fix calendar preference resolution (unicode-org#7158)
      • Deprecate convenience constructors of lunisolar calendars (unicode-org#7143)
      • Avoid panics for large past/future dates in astronomical calendars (unicode-org#6876)
      • Improve some Gregorian calendar code (unicode-org#6870)
      • Optimise day_of_provided_year, date_from_provided_year_day for ISO/Gregorian (unicode-org#6883)
      • Add a lot more documentation on individual calendars (unicode-org#7016, unicode-org#7033, unicode-org#7036, unicode-org#7037, unicode-org#7047, unicode-org#7082, unicode-org#7151)
      • Compare Chinese calendar against Hong Kong observatory (unicode-org#6944)
      • Test Korean calendar against KASI (unicode-org#7041)
    • icu_casemap
      • General changes only
    • icu_collator
      • Add CollatorBorrowed::write_sort_key_to; to support generating sort keys (unicode-org#6537, unicode-org#6656, unicode-org#6708, unicode-org#7186)
      • Make merge separator compare less than U+0000 on the identical strength (unicode-org#6814, unicode-org#6823)
      • Add Latin1 comparisons to the collator (unicode-org#6674)
      • Avoid double-validating chars (unicode-org#6924)
    • icu_collections
      • Fix building without the alloc crate (unicode-org#6997)
      • Optimize CodePointTrie by hoisting fast path bound checks to constructor (unicode-org#6863)
      • Make trivial constructors for Char16Trie / Char16TrieIterator inline-eligible (unicode-org#6864)
    • icu_datetime
      • Add Preferences::from_locale_strict (unicode-org#6737)
      • Change short localized offset format to use +0 (unicode-org#6729)
      • Fix und-SA-u-ca-islamic (unicode-org#6736)
      • Use atTime patterns where available (unicode-org#7106)
      • Disambiguate inconsistent metazones (unicode-org#6755, unicode-org#7160)
      • Implement u and g fields (unicode-org#6930)
      • Use accurate ZoneNameTimestamps (unicode-org#6942)
      • Improve formatting for Etc/GMT+X zones (unicode-org#7055)
    • icu_decimal
      • General changes only
    • icu_experimental: 0.3.0 -> 0.4.0

... (truncated)

Commits

Updates zerovec-derive from 0.10.1 to 0.10.3

Changelog

Sourced from zerovec-derive's changelog.

Changelog

icu4x 2.1

  • Components
    • General
      • Update MSRV to 1.83 (unicode-org#7066)
      • Remove unused dependencies (unicode-org#6978)
    • icu_calendar
      • Collapse Dangi and Chinese into EastAsianTraditional, expose (unstable) customization trait (unicode-org#6938, unicode-org#7159)
      • Collapse Hijri calendar types, expose (unstable) Rules trait for customization (unicode-org#6935)
      • Add Easter holiday to Gregorian and Julian (unicode-org#6899)
      • Implement PartialOrd for Date unconditionally (unicode-org#7090)
      • Switch Chinese and Korean calendars to no longer being data-driven, hardcoding their data (unicode-org#6934, unicode-org#7008)
      • (unstable) Add Date::try_from_fields for flexibly building Temporal dates (unicode-org#6910, unicode-org#7116, unicode-org#7163)
      • (unstable) Implement date arithmetic according to Temporal specification (unicode-org#6992, unicode-org#7012)
      • Make extended_year have consistent behavior across calendars, matching specced behavior in CLDR and Temporal (unicode-org#6800, unicode-org#6937)
      • Remove era aliases for Persian (unicode-org#7124)
      • Fix und-SA-u-ca-islamic (unicode-org#6736)
      • Fix calendar preference resolution (unicode-org#7158)
      • Deprecate convenience constructors of lunisolar calendars (unicode-org#7143)
      • Avoid panics for large past/future dates in astronomical calendars (unicode-org#6876)
      • Improve some Gregorian calendar code (unicode-org#6870)
      • Optimise day_of_provided_year, date_from_provided_year_day for ISO/Gregorian (unicode-org#6883)
      • Add a lot more documentation on individual calendars (unicode-org#7016, unicode-org#7033, unicode-org#7036, unicode-org#7037, unicode-org#7047, unicode-org#7082, unicode-org#7151)
      • Compare Chinese calendar against Hong Kong observatory (unicode-org#6944)
      • Test Korean calendar against KASI (unicode-org#7041)
    • icu_casemap
      • General changes only
    • icu_collator
      • Add CollatorBorrowed::write_sort_key_to; to support generating sort keys (unicode-org#6537, unicode-org#6656, unicode-org#6708, unicode-org#7186)
      • Make merge separator compare less than U+0000 on the identical strength (unicode-org#6814, unicode-org#6823)
      • Add Latin1 comparisons to the collator (unicode-org#6674)
      • Avoid double-validating chars (unicode-org#6924)
    • icu_collections
      • Fix building without the alloc crate (unicode-org#6997)
      • Optimize CodePointTrie by hoisting fast path bound checks to constructor (unicode-org#6863)
      • Make trivial constructors for Char16Trie / Char16TrieIterator inline-eligible (unicode-org#6864)
    • icu_datetime
      • Add Preferences::from_locale_strict (unicode-org#6737)
      • Change short localized offset format to use +0 (unicode-org#6729)
      • Fix und-SA-u-ca-islamic (unicode-org#6736)
      • Use atTime patterns where available (unicode-org#7106)
      • Disambiguate inconsistent metazones (unicode-org#6755, unicode-org#7160)
      • Implement u and g fields (unicode-org#6930)
      • Use accurate ZoneNameTimestamps (unicode-org#6942)
      • Improve formatting for Etc/GMT+X zones (unicode-org#7055)
    • icu_decimal
      • General changes only
    • icu_experimental: 0.3.0 -> 0.4.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the cargo group across 1 directory with 7 updates
01f966c 
Bumps the cargo group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pyo3](https://github.com/pyo3/pyo3) | `0.20.0` | `0.21.2` |
| [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.61` | `0.10.72` |
| [ring](https://github.com/briansmith/ring) | `0.17.6` | `0.17.14` |
| [rustls](https://github.com/rustls/rustls) | `0.21.9` | `0.21.12` |
| [unsafe-libyaml](https://github.com/dtolnay/unsafe-libyaml) | `0.2.9` | `0.2.11` |
| [zerovec](https://github.com/unicode-org/icu4x) | `0.10.1` | `0.10.4` |



Updates `pyo3` from 0.20.0 to 0.21.2
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
- [Commits](PyO3/pyo3@v0.20.0...v0.21.2)

Updates `openssl` from 0.10.61 to 0.10.72
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.61...openssl-v0.10.72)

Updates `ring` from 0.17.6 to 0.17.14
- [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md)
- [Commits](https://github.com/briansmith/ring/commits)

Updates `rustls` from 0.21.9 to 0.21.12
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.21.9...v/0.21.12)

Updates `unsafe-libyaml` from 0.2.9 to 0.2.11
- [Release notes](https://github.com/dtolnay/unsafe-libyaml/releases)
- [Commits](dtolnay/unsafe-libyaml@0.2.9...0.2.11)

Updates `zerovec` from 0.10.1 to 0.10.4
- [Release notes](https://github.com/unicode-org/icu4x/releases)
- [Changelog](https://github.com/unicode-org/icu4x/blob/main/CHANGELOG.md)
- [Commits](https://github.com/unicode-org/icu4x/commits/ind/zerovec@0.10.4)

Updates `zerovec-derive` from 0.10.1 to 0.10.3
- [Release notes](https://github.com/unicode-org/icu4x/releases)
- [Changelog](https://github.com/unicode-org/icu4x/blob/main/CHANGELOG.md)
- [Commits](https://github.com/unicode-org/icu4x/commits/ind/zerovec-derive@0.10.3)

---
updated-dependencies:
- dependency-name: pyo3
  dependency-version: 0.21.2
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.72
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: ring
  dependency-version: 0.17.14
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: rustls
  dependency-version: 0.21.12
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: unsafe-libyaml
  dependency-version: 0.2.11
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: zerovec
  dependency-version: 0.10.4
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: zerovec-derive
  dependency-version: 0.10.3
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant