Bump pyo3 from 0.13.2 to 0.18.0 in /src/rust #94

dependabot · 2023-01-18T09:03:25Z

Bumps pyo3 from 0.13.2 to 0.18.0.

Release notes

PyO3 0.18.0

This release contains a number of new features for PyO3's macros which should make maintaining PyO3 projects easier.

#[pyfunction] and #[pymethods] have a new #[pyo3(signature = (...))] option which allows specifying the Python signature. This replaces the #[args] option already present for #[pymethods]; the new option is better-validated and offers a syntax much more intuitive to users familiar with writing pure-Python functions.

#[pyclass] has new get_all and set_all options for cases where all fields of a type should be readable or writable from Python.

The #[pyo3(text_signature = "...")] option is now autogenerated for all functions created with #[pyfunction] and #[pymethods]. It can still be applied manually when it is necessary to override the generated form.

As well as the macro API improvements, some other notable changes include:

PySet::new and PyFrozenSet::new now accept Rust iterators rather than requiring a slice.

Rust types have been added for all Python's built-in Warning types.

Non-zero integer types in std::num now have a conversion to/from Python int.

The deprecated #[pyproto] attribute is now removed.

There have been numerous other smaller improvements, changes and fixes. For full details see the CHANGELOG.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following users' commits are included in this release:

@a1phyr @adamreichold @AdilZouitine @alex @birkenfeld @CLOVIS-AI @ctb @dalcde @datapythonista @davidhewitt @dylanbstorey @flickpp @gnaaman-dn @haixuanTao @hauntsaninja @ijl @itamarst @jqnatividad @matthewlloyd @mejrs @messense @mrob95 @ongchi @Oppen @prehner @Psykopear @qbx2 @ryanrussell @saethlin

... (truncated)

Changelog

Sourced from pyo3's changelog.

[0.18.0] - 2023-01-17

Packaging

Relax indexmap optional depecency to allow >= 1.6, < 2. [port 1.3.1 changelog to master pyca/cryptography#2849](PyO3/pyo3#2849

Relax hashbrown optional dependency to allow >= 0.9, < 0.14. #2875

Update memoffset dependency to 0.8. #2875

Added

Add GILOnceCell::get_or_try_init for fallible GILOnceCell initialization. #2398

Add experimental feature experimental-inspect with type_input() and type_output() helpers to get the Python type of any Python-compatible object. #2490 #2882

The #[pyclass] macro can now take get_all and set_all to create getters and setters for every field. #2692

Add #[pyo3(signature = (...))] option for #[pyfunction] and #[pymethods]. #2702

pyo3-build-config: rebuild when PYO3_ENVIRONMENT_SIGNATURE environment variable value changes. #2727

Add conversions between non-zero int types in std::num and Python int. #2730

Add Py::downcast() as a companion to PyAny::downcast(), as well as downcast_unchecked() for both types. #2734

Add types for all built-in Warning classes as well as PyErr::warn_explicit. #2742

Add abi3-py311 feature. #2776

Add FFI definition _PyErr_ChainExceptions() for CPython. #2788

Add FFI definitions PyVectorcall_NARGS and PY_VECTORCALL_ARGUMENTS_OFFSET for PyPy 3.8 and up. #2811

Add PyList::get_item_unchecked for PyPy. #2827

Changed

PyO3's macros now emit a much nicer error message if function return values don't implement the required trait(s). #2664

Use a TypeError, rather than a ValueError, when refusing to treat a str as a Vec. #2685

Change PyCFunction::new_closure to take name and doc arguments. #2686

PyType::is_subclass, PyErr::is_instance and PyAny::is_instance now take &PyAny instead of &PyType arguments, so that they work with objects that pretend to be types using __subclasscheck__ and __instancecheck__. #2695

Deprecate #[args] attribute and passing "args" specification directly to #[pyfunction] in favor of the new #[pyo3(signature = (...))] option. #2702

Deprecate required arguments after Option<T> arguments to #[pyfunction] and #[pymethods] without also using #[pyo3(signature)] to specify whether the arguments should be required or have defaults. #2703

Change #[pyfunction] and #[pymethods] to use a common call "trampoline" to slightly reduce generated code size and compile times. #2705

PyAny::cast_as() and Py::cast_as() are now deprecated in favor of PyAny::downcast() and the new Py::downcast(). #2734

Relax lifetime bounds on PyAny::downcast(). #2734

Automatically generate __text_signature__ for all Python functions created using #[pyfunction] and #[pymethods]. #2784

Accept any iterator in PySet::new and PyFrozenSet::new. #2795

Mixing #[cfg(...)] and #[pyo3(...)] attributes on #[pyclass] struct fields will now work. #2796

Re-enable PyFunction on when building for abi3 or PyPy. #2838

Improve derive(FromPyObject) to use intern! when applicable for #[pyo3(item)]. #2838

Removed

Remove the deprecated pyproto feature, #[pyproto] macro, and all accompanying APIs. #2587

Remove all functionality deprecated in PyO3 0.16. #2843

Fixed

Disable PyModule::filename on PyPy. #2715

PyCodeObject is now once again defined with fields on Python 3.7. #2726

Raise a TypeError if #[new] pymethods with no arguments receive arguments when called from Python. #2749

... (truncated)

Commits

224a416 release: 0.18.0
ca1bbe3 add migration notes for PyO3 0.18
72c561c Merge #2882
713f51a Merge #2879
8026f35 Improve derive(FromPyObject) to apply intern! when applicable
20ca3be inspect: gate behind experimental-inspect feature
556b3cf Merge #2703
8f48d15 deprecate required arguments after option arguments without signature
ed0f338 Merge #2875
a7a9dae Add a changelog entry for [#2875](https://github.com/pyo3/pyo3/issues/2875)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.13.2 to 0.18.0. - [Release notes](https://github.com/pyo3/pyo3/releases) - [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md) - [Commits](PyO3/pyo3@v0.13.2...v0.18.0) --- updated-dependencies: - dependency-name: pyo3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

guardrails · 2023-01-18T09:04:18Z

⚠️ We detected 51 security issues in this pull request:

Mode: paranoid | Total findings: 51 | Considered vulnerability: 51

Insecure Processing of Data (1)

Docs

Details

💡

Title: Inherently dangerous strcpy family function, Severity: Medium

cryptography/src/_cffi_src/openssl/src/osrandom_engine.c

Line 532 in cc875e3

strcpy((char *)p, name);

More info on how to fix Insecure Processing of Data in C/C++.

Hard-Coded Secrets (50)

Docs

Details

💡

Title: Twilio API Key, Severity: Medium

cryptography/vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.txt

Line 4 in cc875e3

    
           G = AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFAAB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7C17669101999024AF4D027275AC1348BB8A762D0521BC98AE247150422EA1ED409939D54DA7460CDB5F6C6B250717CBEF180EB34118E98D119529A45D6F834566E3025E316A330EFBB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC017981BC087F2A7065B384B890D3191F2BFA

💡

Title: Twilio API Key, Severity: Medium

cryptography/vectors/cryptography_vectors/asymmetric/DSA/FIPS_186-2/KeyPair.rsp

Line 21 in cc875e3

X = AC5862F9B6CD0B2E68B8784199A9883A94C10079

💡

Title: Twilio API Key, Severity: Medium

cryptography/vectors/cryptography_vectors/asymmetric/DH/RFC5114.txt

Line 21 in cc875e3

    
           G = AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFAAB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7C17669101999024AF4D027275AC1348BB8A762D0521BC98AE247150422EA1ED409939D54DA7460CDB5F6C6B250717CBEF180EB34118E98D119529A45D6F834566E3025E316A330EFBB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC017981BC087F2A7065B384B890D3191F2BFA

💡