pyca / bcrypt

Modern(-ish) password hashing for your software and your servers
Apache License 2.0
1.26k stars 168 forks source link

Bump pyo3 from 0.22.1 to 0.22.2 in /src/_bcrypt #834

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps pyo3 from 0.22.1 to 0.22.2.

Release notes

Sourced from pyo3's releases.

PyO3 0.22.2

This release contains some minor reliability fixes building upon PyO3 0.22.1.

As PyO3 is still working on supporting freethreaded Python (upcoming in 3.13), support has been gated behind an UNSAFE_PYO3_BUILD_FREE_THREADED=1 environment variable to avoid unsuspecting users running into broken builds.

Packages built for the abi3 stable ABI will now use FFI functions for refcounting instead of inline reference count modifications on all versions of the stable ABI (previously only abi3 builds for 3.12 and up would use FFI functions). This helps mitigate interactions of old versions of the stable ABI with future CPython releases which do more complex reference counting (e.g. immortal objects, freethreaded reference counting).

The #[pymodule] declarative module now supports directly receiving options. (E.g. #[pymodule(name = "foo")], which would previously have been written as two attributes #[pymodule] #[pyo3(name = "foo")].)

A compile error on Rust 1.78 related to use of c"" literals has been fixed.

Thank you to the following contributors for the improvements:

@​davidhewitt @​FlickerSoul @​gi0baro @​Icxolu @​MatthijsKok @​styvane

Changelog

Sourced from pyo3's changelog.

[0.22.2] - 2024-07-17

Packaging

  • Require opt-in to freethreaded Python using the UNSAFE_PYO3_BUILD_FREE_THREADED=1 environment variable (it is not yet supported by PyO3). #4327

Changed

  • Use FFI function calls for reference counting on all abi3 versions. #4324
  • #[pymodule(...)] now directly accepts all relevant #[pyo3(...)] options. #4330

Fixed

  • Fix compile failure in declarative #[pymodule] under presence of #![no_implicit_prelude]. #4328
  • Fix compile failure due to c-string literals on Rust < 1.79. #4353
Commits
  • 92b0f15 release: 0.22.2
  • da9f52e only emit c-string literals on Rust 1.79 and later (#4352) (#4353)
  • 3d7e5a3 chore: update ruff configuration to resolve deprecation warning (#4346)
  • e2ebb72 use FFI calls for refcounting on all abi3 versions (#4324)
  • 7e0fc30 allow #[pymodule(...)] to accept all relevant #[pyo3(...)] options (#4330)
  • 6317570 remove BuildFlag member to avoid breaking change in patch
  • 7fed7c3 Prevent building in GIL-less environment (#4327)
  • d99fc06 docs: fixups to 0.22 migration guide (#4332)
  • 613a70b docs: use versioned links from docs to guide (#4331)
  • b50f1c3 ci: check minimal-versions on MSRV feature powerset (#4273)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)