Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pyo3 to 0.22.4 #61

Merged
merged 1 commit into from
Oct 16, 2024
Merged

Update pyo3 to 0.22.4 #61

merged 1 commit into from
Oct 16, 2024

Commits on Oct 15, 2024

  1. Update pyo3 to 0.22.4 

    = ID: RUSTSEC-2024-0378
   = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0378
   = The family of functions to read "borrowed" values from Python weak
references
     were fundamentally unsound, because the weak reference does itself
not have
     ownership of the value. At any point the last strong reference
could
     be cleared and the borrowed value would become dangling.

     In PyO3 0.22.4 these functions have all been deprecated and patched
to leak a
     strong reference as a mitigation. PyO3 0.23 will remove these
functions entirely.
   = Announcement: PyO3/pyo3#4590
   = Solution: Upgrade to >=0.22.4 (try `cargo update -p pyo3`)
   = pyo3 v0.22.2
     └── pumpkin-py v0.1.0
    @maartenflippo
    maartenflippo committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    f513db2 View commit details
    Browse the repository at this point in the history