This release contains a focus on quality improvements over the PyO3 0.16 releases.
There have been new API types added such as PyDictKeys, PyDictValues, PyDictItems, PyCode, PyFrame, and PySuper. The PyMapping and PySequence types have changed so they are more directly compatible with the corresponding Python Mapping and Sequence base classes in the collections.abc module (this is a breaking change).
A new #[pyclass(frozen)] option has been added to opt-out of runtime borrow checking by removing the ability to access &mut self for objects owned by Python.
There have been a number of soundness fixes, both to the PyCapsule type (see the CHANGELOG for more details) and to a number of FFI bindings which had fallen out of sync with newer Python and PyPy releases.
There have been numerous other smaller improvements, changes and fixes. For full details see the CHANGELOG.
Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following users' commits are included in this release:
This release is a tactical set of soundness fixes identified for the PyCapsule bindings released in PyO3 0.16. To avoid breaking API changes capsules created with PyCapsule::new and PyCapsule::new_with_destructor will now leak their contents (and not call the destructor) if released on a thread other than the one they were created.
PyO3 0.17 will be released shortly with breaking API changes which resolve the PyCapsule issues with better design (e.g. the destructor has a Send bound added). Users are encouraged to upgrade at their earliest convenience.
Change datetime constructors taking a tzinfo to take Option<&PyTzInfo> instead of Option<&PyObject>: PyDateTime::new, PyDateTime::new_with_fold, PyTime::new, and PyTime::new_with_fold. #1588
Move PyTypeObject::type_object method to the PyTypeInfo trait, and deprecate the PyTypeObject trait. #2287
Methods of Py and PyAny now accept impl IntoPy<Py<PyString>> rather than just &str to allow use of the intern! macro. #2312
Change the deprecated pyproto feature to be opt-in instead of opt-out. #2322
Emit better error messages when #[pyfunction] return types do not implement IntoPy. #2326
Require T: IntoPy for impl<T, const N: usize> IntoPy<PyObject> for [T; N] instead of T: ToPyObject. #2326
Add a message to the ValueError raised by the #[derive(FromPyObject)] implementation for a tuple struct. #2414
Allow #[classattr] methods to take Python argument. #2456
Rework PyCapsule type to resolve soundness issues: #2485
PyCapsule::new and PyCapsule::new_with_destructor now take name: Option<CString> instead of &CStr.
The destructor F in PyCapsule::new_with_destructor must now be Send.
PyCapsule::get_context deprecated in favour of PyCapsule::context which doesn't take a py: Python<'_> argument.
PyCapsule::set_context no longer takes a py: Python<'_> argument.
PyCapsule::name now returns PyResult<Option<&CStr>> instead of &CStr.
FromPyObject::extract for Vec<T> no longer accepts Python str inputs. #2500
Ensure each #[pymodule] is only initialized once. #2523
pyo3_build_config::add_extension_module_link_args now also emits linker arguments for wasm32-unknown-emscripten. #2538
Type checks for PySequence and PyMapping now require inputs to inherit from (or register with) collections.abc.Sequence and collections.abc.Mapping respectively. #2477
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps pyo3 from 0.16.5 to 0.17.0.
Release notes
Sourced from pyo3's releases.
Changelog
Sourced from pyo3's changelog.
... (truncated)
Commits
04c1ac8
release: 0.17.0bc03d6a
Merge pull request #2580 from davidhewitt/docs-bonanzaf753790
guide: note existence of PyFunction::new_closure86a1116
guide: note hash can have any integer type up to 64 bitsc5ecf47
docs: note__richcmp__
disables default__hash__
f7ebda8
docs: note with_gil auto-creates thread statefb05e1d
guide: additional detail on how to handle foreign errors580e747
guide: use sentence case, move function signatures to own sectionaf60a35
guide: don't use::pyo3
ef8ccc0
docs: demonstrateNotImplemented
in__richcmp__
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)