Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pyo3 to 0.22.4 #61

Merged
merged 1 commit into from
Oct 16, 2024
Merged

Update pyo3 to 0.22.4 #61

merged 1 commit into from
Oct 16, 2024

Conversation

maartenflippo
Copy link
Contributor

@maartenflippo maartenflippo commented Oct 15, 2024
edited
Loading

= ID: RUSTSEC-2024-0378
= Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0378
= The family of functions to read "borrowed" values from Python weak
references
were fundamentally unsound, because the weak reference does itself
not have
ownership of the value. At any point the last strong reference
could
be cleared and the borrowed value would become dangling.

In PyO3 0.22.4 these functions have all been deprecated and patched
to leak a strong reference as a mitigation. PyO3 0.23 will remove these
functions entirely.
= Announcement: PyO3/pyo3#4590
= Solution: Upgrade to >=0.22.4 (try cargo update -p pyo3)
= pyo3 v0.22.2
└── pumpkin-py v0.1.0

@maartenflippo
Update pyo3 to 0.22.4
f513db2 
= ID: RUSTSEC-2024-0378
   = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0378
   = The family of functions to read "borrowed" values from Python weak
references
     were fundamentally unsound, because the weak reference does itself
not have
     ownership of the value. At any point the last strong reference
could
     be cleared and the borrowed value would become dangling.

     In PyO3 0.22.4 these functions have all been deprecated and patched
to leak a
     strong reference as a mitigation. PyO3 0.23 will remove these
functions entirely.
   = Announcement: PyO3/pyo3#4590
   = Solution: Upgrade to >=0.22.4 (try `cargo update -p pyo3`)
   = pyo3 v0.22.2
     └── pumpkin-py v0.1.0
ImkoMarijnissen
ImkoMarijnissen previously requested changes Oct 16, 2024
View reviewed changes
Copy link
Contributor

@ImkoMarijnissen ImkoMarijnissen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one quick question, shouldn't we also change the specified version in the Cargo.toml file?

@ImkoMarijnissen ImkoMarijnissen merged commit b7e6641 into main Oct 16, 2024
6 checks passed
@ImkoMarijnissen ImkoMarijnissen deleted the hotfix/upgrade-pyo3-0.22.4 branch October 16, 2024 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ImkoMarijnissen ImkoMarijnissen ImkoMarijnissen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maartenflippo @ImkoMarijnissen