dependabot[bot] opened a new pull request, #38953: URL: https://github.com/apache/beam/pull/38953
Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.27.2 to 0.29.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pyo3/pyo3/releases";>pyo3's releases</a>.</em></p> <blockquote> <h2>PyO3 0.29.0</h2> <p>This release is a relatively large release with improvements across many areas of PyO3's API.</p> <h3>Build and packaging changes</h3> <p>This release brings full support for Python 3.15 beta. We encourage downstream projects to begin testing and distributing Python 3.15 beta wheels so that the ecosystem can prepare for the 3.15 final release later in the year.</p> <p>Alongside Python 3.15 support comes support for its new "abi3t" stable ABI which supports both free-threaded and gil-enabled Python builds. For projects distributing stable ABI wheels, we recommend distributing (for each OS/architecture) an abi3 wheel built for your minimum supported Python version, a 3.14t version-specific wheel for free-threaded Python 3.14, and an abi3t wheel to support Python 3.15 (and future versions).</p> <p>Support for Python 3.7 has been dropped. Support for Python 3.13t, the first experimental free-threaded release of CPython, has also been dropped. 3.14t (and soon 3.15t) is more stable, performant, and the starting point for CPython's own declaration of "support" for the free-threaded build.</p> <p>The PyO3 build process (via the <code>pyo3-build-config</code> crate) has been adjusted to reduce the cost of rebuilds when the environment used to detect the Python interpreter changes; <code>pyo3-build-config</code> and <code>pyo3-macros</code> will no longer be rebuilt in such cases (although <code>pyo3-ffi</code> and crates downstream of it still will be rebuilt). As a consequence the <code>pyo3_build_config</code> APIs now require crates to have a direct dependency on <code>pyo3</code> or <code>pyo3-ffi</code>. We hope to continue to reduce rebuild frequency and cost in a future PyO3 release.</p> <h3>Security updates</h3> <p>With the recent boom in AI-assisted security scanning, PyO3 has inevitably had several correctness issues exposed by AI-assisted scanning.</p> <p>In particular, PyO3 0.29 fixes two security vulnerabilities we will be releasing to the RustSec Advisory Database imminently:</p> <ul> <li>Missing <code>Sync</code> bound on <code>PyCFunction::new_closure</code> closures</li> <li>Possible out of bounds read in <code>BoundTupleIterator::nth_back</code> and <code>BoundListIterator::nth_back</code></li> </ul> <p>Any code using the above APIs is advised to update as soon as possible.</p> <p>This release also contains several other minor breaking changes to close soundness holes uncovered by AI-assisted scanning. Our assessment as maintainers was that, excluding the two vulnerability cases listed above, these correctness issues would likely have crashed immediately upon user testing rather than leading to attacker-exploitable pathways. We nevertheless wanted to see them closed without the usual deprecation cycle. These cases are noted in the <a href="https://pyo3.rs/v0.29.0/migration.html";>migration guide</a>.</p> <h3>Other major themes in this release</h3> <p>New in this release is a CLI in <code>pyo3-introspection</code> to generate type stubs along with the <code>experimental-inspect</code> feature. Downstream, <code>maturin</code> has also gained support to generate type stubs using the feature. The feature is reaching a point where substantial amount of type stubs can be generated automatically. We would like to encourage users to begin using this feature and helping us find what functionality is missing, with a hope we can declare its API stable given sufficient feedback.</p> <p>A substantial amount of effort has been invested in <code>pyo3-ffi</code> as part of the process of extending it with 3.15's new APIs. There have been many missing APIs from older Python versions added. There have also been a number of fixes to incorrect definitions (these are breaking changes, but also necessary for correctness); we hope there will be far fewer such cases in the future due to more comprehensive checking added to PyO3's CI. Finally, many private CPython APIs (those with <code>_Py</code> underscore-named prefix) have been removed from <code>pyo3-ffi</code>'s public API.</p> <h3>In closing</h3> <p>There are also many other incremental improvements, bug fixes and smaller features; full detail can be found in the <a href="https://pyo3.rs/v0.29.0/changelog.html";>CHANGELOG</a>.</p> <p>Please consult the <a href="https://pyo3.rs/v0.29.0/migration.html";>migration guide</a> for help upgrading.</p> <p>Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:</p> <p><a href="https://github.com/Alc-Alc";><code>@Alc-Alc</code></a> <a href="https://github.com/alex";><code>@alex</code></a> <a href="https://github.com/anuraaga";><code>@anuraaga</code></a> <a href="https://github.com/BD103";><code>@BD103</code></a> <a href="https://github.com/bschoenmaeckers";><code>@bschoenmaeckers</code></a> <a href="https://github.com/Cheukting";><code>@Cheukting</code></a> <a href="https://github.com/chirizxc";><code>@chirizxc</code></a> <a href="https://github.com/ChristopherRabotin";><code>@ChristopherRabotin</code></a> <a href="https://github.com/clin1234";><code>@clin1234</code></a> <a href="https://github.com/codeguru42";><code>@codeguru42</code></a> <a href="https://github.com/davidhewitt";><code>@davidhewitt</code></a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md";>pyo3's changelog</a>.</em></p> <blockquote> <h2>[0.29.0] - 2026-06-11</h2> <h3>Packaging</h3> <ul> <li>Support the new PEP 803 abi3t ABI with new <code>abi3t</code> and <code>abi3t-py315</code> features. <a href="https://redirect.github.com/PyO3/pyo3/pull/5807";>#5807</a></li> <li><code>pyo3-macros-backend</code> no longer depends on <code>pyo3-build-config</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5809";>#5809</a></li> <li>Drop support for Python 3.13t (3.14t and above continue to be supported; CPython declared free-threading supported starting with Python 3.14). <a href="https://redirect.github.com/PyO3/pyo3/pull/5865";>#5865</a></li> <li>Drop support for Python 3.7. <a href="https://redirect.github.com/PyO3/pyo3/pull/5912";>#5912</a></li> <li>Extend range of supported versions of <code>hashbrown</code> optional dependency to include version 0.17. <a href="https://redirect.github.com/PyO3/pyo3/pull/5973";>#5973</a></li> <li>Support Python 3.15.0b1. <a href="https://redirect.github.com/PyO3/pyo3/pull/6014";>#6014</a></li> <li><code>pyo3-ffi</code> is now <code>no_std</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6022";>#6022</a></li> </ul> <h3>Added</h3> <ul> <li>Add <code>PyErr::set_traceback</code> to set the traceback of an exception object. <a href="https://redirect.github.com/PyO3/pyo3/pull/5349";>#5349</a></li> <li>Add <code>PyUnicodeDecodeError::new_err_from_utf8</code> to create a <code>PyErr</code> from a <code>str::Utf8Error</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5668";>#5668</a></li> <li><code>experimental-inspect</code>: implement <code>INPUT_TYPE</code> and <code>OUTPUT_TYPE</code> on optional third-party crate conversions. <a href="https://redirect.github.com/PyO3/pyo3/pull/5770";>#5770</a></li> <li><code>experimental-inspect</code>: include doc comments in generated stubs. <a href="https://redirect.github.com/PyO3/pyo3/pull/5782";>#5782</a></li> <li>Add <code>pyo3_build_config::PythonAbi</code>, <code>pyo3_build_config::PythonAbiKind</code>, <code>pyo3_build_config::PythonAbiBuilder</code>, <code>pyo3_build_config::InterpreterConfig::target_abi</code>, and <code>pyo3_build_config::InterpreterConfigBuilder::target_abi</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5807";>#5807</a></li> <li>Add <code>Borrowed::get</code> as an equivalent to <code>Bound::get</code> and <code>Py::get</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5849";>#5849</a></li> <li>Add <code>PyFrame::new</code>, <code>PyTraceBack::new</code>, and <code>PyFrameMethods::line_number</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5857";>#5857</a></li> <li>Add <code>PyUntypedBuffer::obj</code> to retrieve the Python object owning the buffer. <a href="https://redirect.github.com/PyO3/pyo3/pull/5870";>#5870</a></li> <li>Add <code>PyCapsule::new_with_value</code> and <code>PyCapsule::new_with_value_and_destructor</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5881";>#5881</a></li> <li>Add <code>PyErr::set_context</code> and <code>PyErr::context</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5887";>#5887</a></li> <li>Add a small CLI to <code>pyo3-introspection</code> to generate stubs. <a href="https://redirect.github.com/PyO3/pyo3/pull/5904";>#5904</a></li> <li>Add <code>Python::version_str</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5921";>#5921</a></li> <li>Add <code>TryFrom<&Bound<T>></code> for <code>PyRef<T></code>, <code>PyRefMut<T></code>, <code>PyClassGuard<T></code> and <code>PyClassGuardMut<T></code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5922";>#5922</a></li> <li>Add <code>From<&Bound<T>></code> for <code>Bound<T></code> and <code>Py<T></code> <a href="https://redirect.github.com/PyO3/pyo3/pull/5922";>#5922</a></li> <li>Add <code>PyDictMethods::set_default</code> and <code>PyDictMethods::set_default_ref</code> to allow atomically setting default values in a PyDict. <a href="https://redirect.github.com/PyO3/pyo3/pull/5955";>#5955</a></li> <li>add <code>PyFrameMethods::outer|code|var|builtins|globals|locals</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5967";>#5967</a></li> <li>Add <code>From</code> conversions for <code>PyErr</code> from <code>std::time::TryFromFloatSecsError</code>, <code>std::time::SystemTimeError</code>, <code>std::path::StripPrefixError</code>, <code>std::env::JoinPathsError</code>, <code>std::char::ParseCharError</code>, and <code>std::char::CharTryFromError</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6001";>#6001</a></li> <li>Add <code>pyo3_build_config::InterpreterConfigBuilder</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6034";>#6034</a></li> <li>Add <code>PyCapsule::import_pointer</code> <a href="https://redirect.github.com/PyO3/pyo3/pull/6066";>#6066</a></li> <li>Add <code>PyClassGuardMapMut</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6073";>#6073</a></li> <li>Expose <code>PyListMethods::get_item_unchecked</code>, <code>PyTupleMethods::get_item_unchecked</code>, and <code>PyTupleMethods::get_borrowed_item_unchecked</code> on abi3. <a href="https://redirect.github.com/PyO3/pyo3/pull/6075";>#6075</a></li> <li>Add <code>PyClassGuardMapSuper</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6104";>#6104</a></li> <li>Add <code>PyClassGuard</code> and <code>PyClassGuardMut</code> to <code>pyo3::prelude</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6112";>#6112</a></li> <li>Add <code>Debug</code> impls for <code>PyClassGuard</code> and <code>PyClassGuardMut</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/6112";>#6112</a></li> <li>Enable extending <code>PyDateTime</code>, <code>PyDate</code>, <code>PyTime</code>, <code>PyDelta</code> and <code>PyTzInfo</code> on abi3 with python 3.12+. <a href="https://redirect.github.com/PyO3/pyo3/pull/6115";>#6115</a></li> <li>Expose <code>PyFunction</code> available on abi3. <a href="https://redirect.github.com/PyO3/pyo3/pull/6117";>#6117</a></li> <li>FFI definitions: <ul> <li>Added FFI definitions <code>PyUnstable_Object_IsUniquelyReferenced</code>, <code>PyUnstable_Object_IsUniquelyReferencedTemporary</code>, <code>PyUnstable_EnableTryIncref</code>, and <code>PyUnstable_TryIncref</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5828";>#5828</a></li> <li>Add FFI definitions <code>ffi::PyErr_GetHandledException</code> and <code>ffi::PyErr_SetHandledException</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5887";>#5887</a></li> <li>Add FFI definition <code>Py_HASH_SIPHASH13</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5891";>#5891</a></li> <li>Add FFI definition <code>PyStructSequence_UnnamedField</code> constant on Python 3.9 and up (or 3.11 with abi3 features). <a href="https://redirect.github.com/PyO3/pyo3/pull/5892";>#5892</a></li> <li>Add FFI definitions <code>PyUnstable_InterpreterFrame_GetCode</code>, <code>PyUnstable_InterpreterFrame_GetLasti</code>, <code>PyUnstable_InterpreterFrame_GetLine</code>, and <code>PyUnstable_ExecutableKinds</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5932";>#5932</a></li> <li>Add FFI definitions <code>PyMarshal_WriteLongToFile</code>, <code>PyMarshal_WriteObjectToFile</code>, <code>PyMarshal_ReadLongFromFile</code>, <code>PyMarshal_ReadShortFromFile</code>, <code>PyMarshal_ReadObjectFromFile</code>, and <code>PyMarshal_ReadLastObjectFromFile</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5934";>#5934</a></li> <li>Add FFI definitions <code>PyObject_GetAIter</code>, <code>PyAIter_Check</code>, <code>PyMapping_HasKeyWithError</code>, <code>PyMapping_HasKeyStringWithError</code>, <code>PyMapping_GetOptionalItem</code>, <code>PyMapping_GetOptionalItemString</code>, <code>PySequence_ITEM</code>, <code>PySequence_Fast_GET_SIZE</code>, <code>PySequence_Fast_GET_ITEM</code>, and <code>PySequence_Fast_ITEMS</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5942";>#5942</a></li> <li>Add FFI definition <code>compat::PyObject_HasAttrWithError</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5944";>#5944</a></li> <li>Add FFI definitions <code>PyDict_SetDefault</code>, <code>PyDict_SetDefaultRef</code>, <code>PyDict_ContainsString</code>, <code>PyDict_Pop</code>, <code>PyDict_PopString</code>, <code>PyDict_ClearWatcher</code>, <code>PyDict_Watch</code>, <code>PyDict_Unwatch</code>, and <code>PyFrozenDict_New</code>. <a href="https://redirect.github.com/PyO3/pyo3/pull/5947";>#5947</a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyO3/pyo3/commit/0f90242785fe0ce5e4e67c1da5ed361d410dbf8c";><code>0f90242</code></a> release: 0.29.0 (<a href="https://redirect.github.com/pyo3/pyo3/issues/6107";>#6107</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/cd128ed50e6fffc4e49a08c149599a3b8bd21d5b";><code>cd128ed</code></a> doc: mention abi3t, python3t.dll, and abi3t_compat folder in FAQ (<a href="https://redirect.github.com/pyo3/pyo3/issues/6124";>#6124</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/7e2ef18b939488c446c9bcc1ed550e3ce22da5bd";><code>7e2ef18</code></a> Avoid type checks in methods where CPython already guarantees the received ty...</li> <li><a href="https://github.com/PyO3/pyo3/commit/f9301990e75e9f132aa3d4bf96a98d3abfac1c04";><code>f930199</code></a> docs: additional detail in migration guide for 0.29 (<a href="https://redirect.github.com/pyo3/pyo3/issues/6123";>#6123</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/91ab0d1b9bf26116d1a9fd8d833c32f22259da0b";><code>91ab0d1</code></a> Enable Windows abi3t tests (<a href="https://redirect.github.com/pyo3/pyo3/issues/6106";>#6106</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/fe0fdd518fb238ebf07480fde3c54a75041a1820";><code>fe0fdd5</code></a> add <code>PyLong*</code> API (3.14+) (<a href="https://redirect.github.com/pyo3/pyo3/issues/6016";>#6016</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/f41b1dfaf4fecce0edc6417a317671bdec593d07";><code>f41b1df</code></a> Hang when reattaching after detach during shutdown (<a href="https://redirect.github.com/pyo3/pyo3/issues/6085";>#6085</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/5ae66a859c2575b2b0ce0b2982f55388561513e6";><code>5ae66a8</code></a> Fix double import on RustPython (<a href="https://redirect.github.com/pyo3/pyo3/issues/6122";>#6122</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/ad4a510dddba60ac1887800365894839f7ba5a9c";><code>ad4a510</code></a> PyFunction: enable some extra tests with abi3 (<a href="https://redirect.github.com/pyo3/pyo3/issues/6118";>#6118</a>)</li> <li><a href="https://github.com/PyO3/pyo3/commit/c79ac0ea2d7b751ea0191b4a5462d1de8f824728";><code>c79ac0e</code></a> ci: Add test for minimum supported debug build of Python (<a href="https://redirect.github.com/pyo3/pyo3/issues/5852";>#5852</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyo3/pyo3/compare/v0.27.2...v0.29.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/beam/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
