chore(deps): update rust crate pyo3 to 0.29 [security]#181
Open
cachekit-renovate-bot[bot] wants to merge 1 commit into
Open
chore(deps): update rust crate pyo3 to 0.29 [security]#181cachekit-renovate-bot[bot] wants to merge 1 commit into
cachekit-renovate-bot[bot] wants to merge 1 commit into
Conversation
cachekit-renovate-bot
Bot
added
dependencies
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.25→0.29Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Out-of-bounds read in
nth/nth_backforPyListandPyTupleiteratorsRUSTSEC-2026-0176
More information
Details
PyO3 0.24.0 added optimized implementations of
Iterator::nthandDoubleEndedIterator::nth_backfor theBoundListIteratorandBoundTupleIteratortypes. These implementations computed the target indexusing unchecked
usizeaddition (index + n) before bounds-checking againstthe sequence length, then read the element via
get_item_unchecked.In
nthmethods, a sufficiently largen(combined with a non-zero internalindex) could cause the addition to overflow and wrap around, producing a small
"target index" that passed the bounds check and enabling reads at the front
of the
listortupleof elements previously yielded by the iterator.In
nth_backmethods, a sufficiently largencould cause underflow in asimilar fashion, however would instead allow reads of arbitrary memory past
the end of the
listortuplestorage.PyO3 0.29.0 has corrected these methods to use checked arithmetic at the
positions which could be at risk of overflow.
Severity
Unknown
References
This data is provided by OSV and the Rust Advisory Database (CC0 1.0).
Missing
Syncbound onPyCFunction::new_closureclosuresRUSTSEC-2026-0177
More information
Details
PyCFunction::new_closure(and the temporarynew_closure_boundcomplement inthe 0.21–0.22 series) required the supplied closure to be
Send + 'staticbutnot
Sync. The resultingPyCFunctionis a Python callable that can beinvoked from any Python thread, which means the closure may be called
concurrently from multiple threads, and needs a
Syncbound to preventpossible data races.
The problem exists under all Python versions but is particularly vulnerable under
the newer free-threaded Python variant, which do not have serial execution
imposed by the Global Interpreter Lock. Under releases protected by the GIL,
the ability to "detach" from the Python interpreter temporarily inside the closure
(e.g. by
Python::detach) makes it possible for interleaved and/or concurrentexecution of various portions of the closure.
PyO3 0.29.0 added a
Syncbound to close this thread-safety bug.Severity
Unknown
References
This data is provided by OSV and the Rust Advisory Database (CC0 1.0).
Release Notes
pyo3/pyo3 (pyo3)
v0.29.0Compare Source
Packaging
abi3tandabi3t-py315features. #5807pyo3-macros-backendno longer depends onpyo3-build-config. #5809hashbrownoptional dependency to include version 0.17. #5973pyo3-ffiis nowno_std. #6022Added
PyErr::set_tracebackto set the traceback of an exception object. #5349PyUnicodeDecodeError::new_err_from_utf8to create aPyErrfrom astr::Utf8Error. #5668experimental-inspect: implementINPUT_TYPEandOUTPUT_TYPEon optional third-party crate conversions. #5770experimental-inspect: include doc comments in generated stubs. #5782pyo3_build_config::PythonAbi,pyo3_build_config::PythonAbiKind,pyo3_build_config::PythonAbiBuilder,pyo3_build_config::InterpreterConfig::target_abi, andpyo3_build_config::InterpreterConfigBuilder::target_abi. #5807Borrowed::getas an equivalent toBound::getandPy::get. #5849PyFrame::new,PyTraceBack::new, andPyFrameMethods::line_number. #5857PyUntypedBuffer::objto retrieve the Python object owning the buffer. #5870PyCapsule::new_with_valueandPyCapsule::new_with_value_and_destructor. #5881PyErr::set_contextandPyErr::context. #5887pyo3-introspectionto generate stubs. #5904Python::version_str. #5921TryFrom<&Bound<T>>forPyRef<T>,PyRefMut<T>,PyClassGuard<T>andPyClassGuardMut<T>. #5922From<&Bound<T>>forBound<T>andPy<T>#5922PyDictMethods::set_defaultandPyDictMethods::set_default_refto allow atomically setting default values in a PyDict. #5955PyFrameMethods::outer|code|var|builtins|globals|locals. #5967Fromconversions forPyErrfromstd::time::TryFromFloatSecsError,std::time::SystemTimeError,std::path::StripPrefixError,std::env::JoinPathsError,std::char::ParseCharError, andstd::char::CharTryFromError. #6001pyo3_build_config::InterpreterConfigBuilder. #6034PyCapsule::import_pointer#6066PyClassGuardMapMut. #6073PyListMethods::get_item_unchecked,PyTupleMethods::get_item_unchecked, andPyTupleMethods::get_borrowed_item_uncheckedon abi3. #6075PyClassGuardMapSuper. #6104PyClassGuardandPyClassGuardMuttopyo3::prelude. #6112Debugimpls forPyClassGuardandPyClassGuardMut. #6112PyDateTime,PyDate,PyTime,PyDeltaandPyTzInfoon abi3 with python 3.12+. #6115PyFunctionavailable on abi3. #6117PyUnstable_Object_IsUniquelyReferenced,PyUnstable_Object_IsUniquelyReferencedTemporary,PyUnstable_EnableTryIncref, andPyUnstable_TryIncref. #5828ffi::PyErr_GetHandledExceptionandffi::PyErr_SetHandledException. #5887Py_HASH_SIPHASH13. #5891PyStructSequence_UnnamedFieldconstant on Python 3.9 and up (or 3.11 with abi3 features). #5892PyUnstable_InterpreterFrame_GetCode,PyUnstable_InterpreterFrame_GetLasti,PyUnstable_InterpreterFrame_GetLine, andPyUnstable_ExecutableKinds. #5932PyMarshal_WriteLongToFile,PyMarshal_WriteObjectToFile,PyMarshal_ReadLongFromFile,PyMarshal_ReadShortFromFile,PyMarshal_ReadObjectFromFile, andPyMarshal_ReadLastObjectFromFile. #5934PyObject_GetAIter,PyAIter_Check,PyMapping_HasKeyWithError,PyMapping_HasKeyStringWithError,PyMapping_GetOptionalItem,PyMapping_GetOptionalItemString,PySequence_ITEM,PySequence_Fast_GET_SIZE,PySequence_Fast_GET_ITEM, andPySequence_Fast_ITEMS. #5942compat::PyObject_HasAttrWithError. #5944PyDict_SetDefault,PyDict_SetDefaultRef,PyDict_ContainsString,PyDict_Pop,PyDict_PopString,PyDict_ClearWatcher,PyDict_Watch,PyDict_Unwatch, andPyFrozenDict_New. #5947PyDate_FromDate,PyDateTime_FromDateAndTime,PyDateTime_FromDateAndTimeAndFold,PyTime_FromTime,PyTime_FromTimeAndFold, andPyDelta_FromDSU. #5949PyDict_SetDefaultRefandcompat::PyDict_SetDefaultRef. #5955versions.
cpython/bytearrayobject.h. #5966PyCellObjectand associated functions. #5978PyErr_WarnExplicitObject. #5979PyTracebackObject. #5980PyTuple_FromArrayon 3.15+. #5990and newer. #6014
PyLongimport / export API on Python 3.14+. #6016PyEval_SetProfileAllThreadsandPyEval_SetTraceAllThreads. #6038Py_UNICODE_TODECIMAL. #6041Changed
#[pyfunction]argument extraction error to usePyErr::add_noteinstead of replacingTypeErrorinstances. #5349Py<T>::get_refcntandPyAnyMethods::get_refcntin favor ofpyo3::ffi::Py_REFCNT(obj.as_ptr()). #5797PyEnvironmentError,PyIOError, andPyWindowsErrorto be type aliases ofPyOSError(as is the case in Python since 3.3). #5803pyo3_build_config::InterpreterConfig::from_interpreterto require an additionalstable_abi_versionargument. The old behavior is the same as passingNone. #5807PyList::newto no longer haveExactSizeIteratorbound. #5830experimental-inspect: emit#[classattribute]as plain Python class attributes and not functions annotated with@classattributeand@property. #5839experimental-inspect: useobjectas the input annotation type of magic methods that returnNonImplementedif the input value is not of the correct type. #5841pyo3-build-config/resolve-configfeature. #5862pyo3-ffito use raw-dylib for Windows linking. #5866generate-import-libfeature. #5866PyCapsule::new. #5889PyDate::from_timestampargument is now af64(the Python API expects a float and not an integer) #5896experimental-inspect: ChangePathBuf::extractinput type hint fromstr | os.PathLiketostr | os.PathLike[str]#5897PythonVersionInfo. #5921self. #5930PyAnyMethods::call,PyAnyMethods::call1andPyAnyMethods::call_method1for arguments passed as Rust tuples containing borrowed references to Python objects. #5941#[pyo3(signature = ...)]whenexperimental-inspectfeature is not enabled (they will be ignored). #5999pyo3-ffiwill now rebuild when the Python virtual environment changes in-place. #6008pyo3_build_config::InterpreterConfigfields; getter methods have been added as replacements. #6034_PyCode_GetExtra,_PyCode_SetExtra, and_PyEval_RequestCodeExtraIndexhave been updated toPyUnstable_Code_GetExtra,PyUnstable_Code_SetExtra, andPyUnstable_Eval_RequestCodeExtraIndex. #6038PyCapsule::importto return an error if the pointer is not properly aligned. #6066PyClassGuardMapto be only forPyClassGuard::mapand returnPyClassGuardMapMutfromPyClassGuardMut::map. #6073with_critical_section_mutex2closure to takeOption<EnteredCriticalSection>instead ofEnteredCriticalSectionas the second argument. #6098PyClassGuardMut::as_supernow returnsPyClassGuardMutSuper. #6104experimental-inspect: Generate relative imports instead of absolute ones (useful if the stubs are not describing a root package) #6097Removed
From<str::Utf8Error>,From<string::FromUtf16Error>, andFrom<char::DecodeUtf16Error>forPyErr. #5668Py_TRACE_REFSsupport (unsupported from Python 3.13). #5824experimental-inspect: Remove theTypeInfoenum and theFromPyObject::type_inputandIntoPyObject::type_outputfunctions. They are replaced by thePyStaticExprenum and theFromPyObject::INPUT_TYPEand theIntoPyObject::OUTPUT_TYPEassociated constants. #5893_PyStack_AsDict,_PyObject_CallNoArg,_PyObject_FastCall,_PyObject_FastCallTstate._PyObject_VectorcallTstate,_PyObject_MakeTpCall,_Py_CheckFunctionResult,_PyObject_CallFunction_SizeT,_PyObject_CallMethod_SizeT, and_PySequence_IterSearch. #5942PY_ITERSEARCH_COUNT,PY_ITERSEARCH_INDEX, andPY_ITERSEARCH_CONTAINS. #5942_PySet_NextEntry, and_PyLong_NumBits. #5946_PyFloat_CAST,_PyRun_SimpleFileObject,_PyRun_AnyFileObject,_PyRun_InteractiveLoopObject,_PyUnicode_CheckConsistency,_PyUnicode_COMPACT_DATA,_PyUnicode_NONCOMPACT_DATA,_PyUnicode_Ready, and_Py_HashBytes. #6036_PyEval_EvalFrameDefault. #6038_PyBytes_Resize. #6042_PyErr_BadInternalCall,_Py_GetAllocatedBlocks,_PyObject_GC_Malloc,_PyObject_GC_Calloc, and_PyLong_NumBits. #6053Defaultfor FFI definitionsPyHeapTypeObject,PyObjectArenaAllocator,PyHash_FuncDef, andPyType_Spec. #6093Fixed
add_libpython_rpath_link_argsemitting rpath link args on wasm targets which don't support rpath. #5447From<string::FromUtf8Error>andFrom<ffi::IntoStringError>forPyErrproducingTypeErrordue to broken internals. #5668PyMappingProxy::is_type_ofandPyWeakrefReference::is_type_ofnot accepting subclasses. #5883getattr_optnot treatingAttributeErrorsubclasses as missing attributes on Python < 3.13. #5985#[new]return types that contain named lifetimes. #5998'staticbound onPyCapsuledestructors. #6049PyFrame::builtinscould return a non-dict object. #6052#[pyclass]from a different pyclass'#[new]method. #6062PyClassGuardMapby splitting off the mutable variant. #6073experimental-inspectproc macros (to enable reproducible builds). #6076PyEval_RestoreThreadwhen the interpreter is shutting down on Python 3.13 and older (hang the thread instead of allowingpthread_exitto jump across Rust frames). #6085BoundListIteratorandBoundTupleIterator'snthandnth_backimplementations. #6086BoundListIteratorandBoundTupleIteratornot being exhausted whennthornth_backis called with N larger than the remaining count of items. #6086Syncbound on closure type inPyCFunction::new_closure. #6096PyClassGuardMut::as_superby moving intoPyClassGuardMutSuper. #6104PyTypeObject.tp_versions_usedon Python 3.13 and newer. #5917PyUnicode_Encode,PyUnicode_EncodeASCII,PyUnicode_EncodeCharmap,PyUnicode_EncodeDecimal,PyUnicode_EncodeLatin1,PyUnicode_EncodeRawUnicodeEscape,PyUnicode_EncodeUTF7,PyUnicode_EncodeUTF8,PyUnicode_EncodeUTF16,PyUnicode_EncodeUTF32,PyUnicode_EncodeUnicodeEscape,PyUnicode_TransformDecimalToASCII, andPyUnicode_TranslateCharmap. #6041PyUnicode_ClearFreeListno longer available on 3.9 and up. #6041PyErr_SetInterruptExmissingc_intreturn type. #6043PyBuffer_SizeFromFormaton Python 3.8 (was changed fromc_inttoPy_ssize_ton Python 3.9). #6090PyUnicode_Tailmatchon PyPy (isc_int, unlike CPython). #6090v0.28.3Compare Source
Fixed
#[pyclass(get_all)]on a type namedProbe. #5837_Py_NegativeRefcountwith Python < 3.12. #5847Python::attachortry_attachcould return beforesite.pyhad finished running. #5903PyBytesWriter::write_vectoredwith Python 3.15 prerelease versions. #5907.into_pyobject()implementation for C-like#[pyclass]enums. #5928v0.28.2Compare Source
Fixed
__qualname__not using python name #5815PyType_GetTypeDataSize(was incorrectly namedPyObject_GetTypeDataSize). #5819abi3feature on Python 3.12+ (newly enabled in PyO3 0.28.0). #5823v0.28.1Compare Source
Fixed
*args/**kwargssupport inexperimental-asyncfeature (regressed in 0.28.0). #5771clippy::declare_interior_mutable_constwarning inside#[pyclass]generated code on enums. #5772ambiguous_associated_itemscompilation error when derivingFromPyObjector using#[pyclass(from_py_object)]macro on enums withErrorvariant. #5784__qualname__for complex#[pyclass]enum variants to include the enum name. #5796std::sync::atomic::Orderingimport for targets without atomic64. #5808v0.28.0Compare Source
Fixed
__qualname__not using python name #5815PyType_GetTypeDataSize(was incorrectly namedPyObject_GetTypeDataSize). #5819abi3feature on Python 3.12+ (newly enabled in PyO3 0.28.0). #5823v0.27.2Compare Source
Changed
PyDicton GraalPy (unsupported for now, may crash at runtime). #5653Fixed
PyDictObjecton PyPy. #5653v0.27.1Compare Source
Fixed
clippy:declare_interior_mutable_constwarning from#[pyfunction]. #5538pyo3::types::PySendResultin public API. #5539v0.27.0Compare Source
Packaging
hashbrownoptional dependency to include version 0.16. #5428num-bigintdependency minimum version to 0.4.4. #5471Added
FromPyObjectOwnedas convenient trait bound forFromPyObjectwhen the data is not borrowed from Python. #4390Borrowed::extract, same asPyAnyMethods::extract, but does not restrict the lifetime by deref. #4390experimental-inspect: basic support for#[derive(IntoPyObject)](no struct fields support yet). #5365experimental-inspect: support#[pyo3(get, set)]and#[pyclass(get_all, set_all)]. #5370PyTypeCheck::classinfo_objectthat returns an object that can be used as parameter inisinstanceorissubclass. #5387PyTypeInfoondatetime.*types even when the limited API is enabled. #5388PyTypeInfoonPyIterator,PyMappingandPySequence. #5402PyTypeInfoonPyCodewhen using the stable ABI. #5403PyTypeInfoonPyWeakrefReferencewhen using the stable ABI. #5404pyo3::sync::RwLockExttrait, analogous topyo3::sync::MutexExtfor readwrite locks. #5435PyString::from_bytes. #5437AsRef<[u8]>forPyBytes. #5445CastErrorandCastIntoError. #5468PyCapsuleMethods::pointer_checkedandPyCapsuleMethods::is_valid_checked. #5474Borrowed::cast,Borrowed::cast_exactandBorrowed::cast_unchecked. #5475jiff::civil::ISOWeekDate. #5478&Cstr,CstringandCow<Cstr>. #5482#[pyclass(skip_from_py_object)]option, to opt-out of theFromPyObject: PyClass + Cloneblanket impl. #5488PyErr::add_note. #5489FromPyObjectimpl forCow<Path>&Cow<OsStr>. #5497#[pyclass(from_py_object)]pyclass option, to opt-in to the extraction of pyclasses by value (requiresClone). #5506Changed
FromPyObjecttrait for flexibility and performance: #4390FromPyObject, to allow borrowing data from Python objects (e.g.&strfrom Pythonstr).extract_boundwithextract, which takesBorrowed<'a, 'py, PyAny>.FromPyObjectimplementations forVec<u8>and[u8; N]frombytesandbytearray. #5244#[pyfn]attribute. #5384PyTypeCheck::NAME. #5387PyTypeCheck::NAMEin favour ofPyTypeCheck::classinfo_objectwhich provides the type information at runtime. #5387PyClassGuard(Mut)andPyRef(Mut)extraction now returns an opaque Rust error #5413PyTypeInfowith#[pymodule_use]. #5414Debugrepresentation ofPyBuffer<T>. #5442experimental-inspect: change the way introspection data is emitted in the binaries to avoid a pointer indirection and simplify parsing. #5450Py<T>::dropfor the case when attached to the Python interpreter. #5454DowncastErrorandDowncastIntoErrorwithCastErrorandCastIntoError. #5468GraalPy. #5471PyAnyMethods::downcastfunctions in favour ofBound::castfunctions. #5472PyTypeCheckanunsafe trait. #5473PyCapsuleMethods:pointer(),reference(), andis_valid(). #5474PyCapsuleMethods::reference. #5474PyCapsuleMethods::namenow returnsCapsuleNamewrapper instead of&CStr. #5474import_exception_boundin favour ofimport_exception. #5480PyList::get_item_unchecked,PyTuple::get_item_unchecked, andPyTuple::get_borrowed_item_uncheckedno longer check for null values at the provided index. #5494DateTime<Local>. #5507Removed
FromPyObjectBoundtrait. #4390Fixed
wasm32-wasip2. #5368OsStrconversion for non-utf8 strings on Windows. #5444cargo vendorcaused by gitignored build artifactemscripten/pybuilddir.txt. #5456PyMethodDefinstances inside#[pyfunction]macro generated code. #5459PyObjectObFlagsAndRefcnton 32-bit Python 3.14 (doesn't exist). #5499abi3interpreters on Windows using maturin's built-in sysconfig in combination with thegenerate-import-libfeature. #5503PyModule_ExecDefandPyModule_FromDefAndSpec2on PyPy. #5529v0.26.0Compare Source
Packaging
bytesdependency to add conversions forbytes::Bytes. #5252pyo3-introspectionto pair with theexperimental-inspectfeature. #5300PYO3_BUILD_EXTENSION_MODULEnow causes the same effect as theextension-modulefeature. Eventually we expect maturin and setuptools-rust to set this environment variable automatically. Users with their own build systems will need to do the same. #5343Added
#[pyo3(warn(message = "...", category = ...))]attribute for automatic warnings generation for#[pyfunction]and#[pymethods]. #4364PyMutex, available on Python 3.13 and newer. #4523PyMutex_IsLocked, available on Python 3.14 and newer. #4523PyString::from_encoded_object. #5017experimental-inspect: add basic input type annotations. #5089PyFrameObjectfrom CPython 3.13. #5154experimental-inspect: tag modules created using#[pymodule]or#[pymodule_init]functions as incomplete. #5207experimental-inspect: add basic return type support. #5208PyCode::compileandPyCodeMethods::runto create and execute code objects. #5217PyOnceLocktype for thread-safe single-initialization. #5223PyClassGuard(Mut)pyclass holders. In the future they will replacePyRef(Mut). #5233experimental-inspect: allow annotations in#[pyo3(signature)]signature attribute. #5241MutexExtfor parking_lot's/lock_apiReentrantMutex. #5258experimental-inspect: support class associated constants. #5272Bound::castfamily of functions superseding thePyAnyMethods::downcastfamily. #5289Py_VersionandPy_IsFinalizing. #5317experimental-inspect: add output type annotation for#[pyclass]. #5320experimental-inspect: support#[pyclass(eq, eq_int, ord, hash, str)]. #5338experimental-inspect: add basic support for#[derive(FromPyObject)](no struct fields support yet). #5339Python::try_attach. #5342Changed
Py_TPFLAGS_DISALLOW_INSTANTIATIONinstead of a__new__which always fails for a#[pyclass]without a#[new]on Python 3.10 and up. #4568PyModule::from_codenow defaultsfile_nameto<string>if empty. #4777PyString::from_objectin favour ofPyString::from_encoded_object. #5017abi3for a Python version newer than pyo3 supports, automatically fall back to an abi3 build for the latest supported version. #5144is_instance_oftrait bound fromPyTypeInfotoPyTypeCheck. #5146MutexExtreturn type to be an associated type. #5201PyCallArgsforPy::calland friends so they're equivalent to theirBoundcounterpart. #5206Python::with_giltoPython::attach. #5209Python::allow_threadstoPython::detach#5221GILOnceCelltype in favour ofPyOnceLock. #5223pyo3::prepare_freethreaded_pythontoPython::initialize. #5247PyMemoryErrorinto/fromio::ErrorKind::OutOfMemory. #5256GILProtected. #5285#[pyclass]docstring formatting from import time to compile time. #5286Python::attachwill now panic if the Python interpreter is in the process of shutting down. #5317PyTypeInfo::type_objectfor#[pyclass]types. #5324PyObjecttype alias forPy<PyAny>. #5325Python::with_gil_uncheckedtoPython::attach_unchecked. #5340Python::assume_gil_acquiredtoPython::assume_attached. #5354Removed
PyFrameObject. #5154EqandPartialEqimplementations onPyGetSetDefFFI definition. #5196_Py_IsCoreInitializedand_Py_InitializeMain. #5317Fixed
PyByteArray::to_vecon freethreaded build to replicate GIL-enabled "soundness". #4742bigdecimalinto Python. #5198PyBuffer<T>after the Python interpreter has been finalized. #5242experimental-inspect: better automated imports generation. #5251experimental-inspect: fix introspection of__richcmp__,__concat__,__repeat__,__inplace_concat__and__inplace_repeat__. #5273PyRef::into_super#5281Py_Exit(never returns, was()return value, now!). #5317experimental-inspect: fix handling of module members gated behind#[cfg(...)]attributes. #5318Configuration
📅 Schedule: (in timezone Australia/Sydney)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.