Skip to content

chore(deps): bump pyo3 from 0.24.2 to 0.28.1#161

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/cargo/pyo3-0.28.1
Feb 16, 2026
Merged

chore(deps): bump pyo3 from 0.24.2 to 0.28.1#161
github-actions[bot] merged 1 commit into
mainfrom
dependabot/cargo/pyo3-0.28.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps pyo3 from 0.24.2 to 0.28.1.

Release notes

Sourced from pyo3's releases.

PyO3 0.28.1

This patch contains a number of minor compile-time fixes for PyO3 0.28.0.

Thank you to the following contributors for the improvements:

@​davidhewitt @​funsafemath @​ngoldbaum @​rara64 @​tdyas

PyO3 0.28.0

This release contains many improvements across PyO3's feature set:

  • Proper support for __init__ methods for #[pyclass] types
  • Support for #[deleter]s to complement the existing #[getter] and #[setter] attributes when implementing class "properties".
  • Support for subclassing many Python types with the abi3 feature (requires Python 3.12+).
  • A new #[pyclass(new = "from_fields")] option to automatically define the constructor from the class fields.
  • Many corrections to FFI definitions (including removal of many private CPython methods)
  • Many improvements to the experimental-inspect feature's functionality.

The minimum supported Rust version has been increased to Rust 1.83.

This release also switches #[pymodule] to use PEP 489 multi-phase initialization internally. This should have no immediate functional impact other than preparing PyO3 to support newer technologies such as Python subinterpreters.

There are also many other incremental improvements, bug fixes and smaller features; full detail can be found in the CHANGELOG.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​ABorgna @​ahlinc @​alex @​altendky @​bazaah @​bschoenmaeckers @​chirizxc @​clin1234 @​davidhewitt @​dependabot[bot] @​freakboy3742 @​henryp3278 @​Icxolu @​lazka @​LilyFirefly @​linkmauve @​lmmx @​lukaslueg @​MatthieuDartiailh @​MusicalNinjaDad

... (truncated)

Changelog

Sourced from pyo3's changelog.

[0.28.1] - 2026-02-14

Fixed

  • Fix *args / **kwargs support in experimental-async feature (regressed in 0.28.0). #5771
  • Fix clippy::declare_interior_mutable_const warning inside #[pyclass] generated code on enums. #5772
  • Fix ambiguous_associated_items compilation error when deriving FromPyObject or using #[pyclass(from_py_object)] macro on enums with Error variant. #5784
  • Fix __qualname__ for complex #[pyclass] enum variants to include the enum name. #5796

[0.28.0] - 2026-02-01

Packaging

  • Bump MSRV to Rust 1.83. #5531
  • Bump minimum supported quote version to 1.0.37. #5531
  • Bump supported GraalPy version to 25.0. #5542
  • Drop memoffset dependency. #5545
  • Support for free-threaded Python is now opt-out rather than opt-in. #5564
  • Bump target-lexicon dependency to 0.13.3. #5571
  • Drop indoc and unindent dependencies. #5608

Added

  • Add __init__ support in #[pymethods]. #4951
  • Expose PySuper on PyPy, GraalPy and ABI3 #4951
  • Add PyString::from_fmt and py_format! macro. #5199
  • Add #[pyclass(new = "from_fields")] option. #5421
  • Add pyo3::buffer::PyUntypedBuffer, a type-erased form of PyBuffer<T>. #5458
  • Add PyBytes::new_with_writer #5517
  • Add PyClass::NAME. #5579
  • Add pyo3_build_config::add_libpython_rpath_link_args. #5624
  • Add PyBackedStr::clone_ref and PyBackedBytes::clone_ref methods. #5654
  • Add PyCapsule::new_with_pointer and PyCapsule::new_with_pointer_and_destructor for creating capsules with raw pointers. #5689
  • Add #[deleter] attribute to implement property deleters in #[methods]. #5699
  • Add IntoPyObject and FromPyObject implementations for uuid::NonNilUuid. #5707
  • Add PyBackedStr::as_str and PyBackedStr::as_py_str methods. #5723
  • Add support for subclassing native types (PyDict, exceptions, ...) when building for abi3 on Python 3.12+. #5733
  • Add support for subclassing PyList when building for Python 3.12+. #5734
  • FFI definitions:
    • Add FFI definitions PyEval_GetFrameBuiltins, PyEval_GetFrameGlobals and PyEval_GetFrameLocals on Python 3.13 and up. #5590
    • Add FFI definitions PyObject_New, PyObject_NewVar, PyObject_GC_Resize, PyObject_GC_New, and PyObject_GC_NewVar. #5591
    • Added FFI definitions and an unsafe Rust API wrapping Py_BEGIN_CRITICAL_SECTION_MUTEX and Py_BEGIN_CRITICAL_SECTION_MUTEX2. #5642
    • Add FFI definition PyDict_GetItemStringRef on Python 3.13 and up. #5659
    • Add FFI definition PyIter_NextItem on Python 3.14 and up, and compat::PyIter_NextItem for older versions. #5661
    • Add FFI definitions PyThreadState_GetInterpreter and PyThreadState_GetID on Python 3.9+, PyThreadState_EnterTracing and PyThreadState_LeaveTracing on Python 3.11+, PyThreadState_GetUnchecked on Python 3.13+, and compat::PyThreadState_GetUnchecked. #5711
    • Add FFI definitions PyImport_ImportModuleAttr and PyImport_ImportModuleAttrString on Python 3.14+. #5737
    • Add FFI definitions for the PyABIInfo and PyModExport APIs available in Python 3.15. #5746
  • experimental-inspect:
    • Emit base classes. #5331
    • Emit @typing.final on final classes. #5552

... (truncated)

Commits
  • 45f49ff release: 0.28.1
  • 56c34d6 Document Py_GIL_DISABLED in pyo3-build-config docs (#5810)
  • 92bc9ef Avoid unused variable warning with a debug Python build (#5811)
  • ca5df1a ci: re-enable list_get_item_unchecked benchmark on free-threaded build (#5812)
  • 413d9b5 Fix missing std::sync::atomic::Ordering import for targets without atomic64...
  • 1c764cd docs: improve messaging around #[pyclass(from_py_object)] change (#5798)
  • 927411a fix __qualname__ for complex enum variants (#5796)
  • 2334344 Fix ambiguous associated item error (#5784)
  • 3f5dba9 two before sections, one is after (#5775)
  • 2b15366 use inline const expression initializing enum singletons (#5772)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust labels Feb 16, 2026
@dependabot dependabot Bot requested a review from aviralgarg05 as a code owner February 16, 2026 07:29
@dependabot dependabot Bot added rust dependencies Pull requests that update a dependency file labels Feb 16, 2026
@github-actions

github-actions Bot commented Feb 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
cargo/pyo3 0.28.1 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/29 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 73 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/pyo3-build-config 0.28.1 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/29 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 73 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/pyo3-ffi 0.28.1 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/29 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 73 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/pyo3-macros 0.28.1 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/29 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 73 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/pyo3-macros-backend 0.28.1 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/29 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 73 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • Cargo.lock

@dependabot
chore(deps): bump pyo3 from 0.24.2 to 0.28.1
8cbc67a 
Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.24.2 to 0.28.1.
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
- [Commits](PyO3/pyo3@v0.24.2...v0.28.1)

---
updated-dependencies:
- dependency-name: pyo3
  dependency-version: 0.28.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/pyo3-0.28.1 branch from 9dff16c to 8cbc67a Compare February 16, 2026 07:30
@github-actions github-actions Bot merged commit 526a862 into main Feb 16, 2026
22 checks passed
@dependabot dependabot Bot deleted the dependabot/cargo/pyo3-0.28.1 branch February 16, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@aviralgarg05 aviralgarg05 Awaiting requested review from aviralgarg05 aviralgarg05 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants