Skip to content

Update pybind11 requirement from >=2.10.0 to >=3.0.4#532

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pybind11-gte-3.0.4
Open

Update pybind11 requirement from >=2.10.0 to >=3.0.4#532
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pybind11-gte-3.0.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on pybind11 to permit the latest version.

Release notes

Sourced from pybind11's releases.

Version 3.0.4

Bug fixes:

  • Fixed test builds with installed Eigen 5 by improving Eigen3 CMake package detection. #6036

  • Fixed move semantics of scoped_ostream_redirect to preserve buffered output and avoid crashes when moved redirects restore stream buffers. #6033

  • Fixed py::dynamic_attr() traversal on Python 3.13+ to correctly propagate PyObject_VisitManagedDict() results. #6032

  • Fixed std::shared_ptr<T> fallback casting to avoid unnecessary copy-constructor instantiation in reference_internal paths. #6028

CI:

  • Updated setup-uv to the maintained GitHub Action tag scheme. #6035

  • Updated pre-commit hooks. #6029

  • Updated GitHub Actions dependencies, including actions-setup-cmake and cibuildwheel. #6027

Changelog

Sourced from pybind11's changelog.

Version 3.0.4 (April 18, 2026)

Bug fixes:

  • Fixed test builds with installed Eigen 5 by improving Eigen3 CMake package detection. #6036

  • Fixed move semantics of scoped_ostream_redirect to preserve buffered output and avoid crashes when moved redirects restore stream buffers. #6033

  • Fixed py::dynamic_attr() traversal on Python 3.13+ to correctly propagate PyObject_VisitManagedDict() results. #6032

  • Fixed std::shared_ptr<T> fallback casting to avoid unnecessary copy-constructor instantiation in reference_internal paths. #6028

CI:

  • Updated setup-uv to the maintained GitHub Action tag scheme. #6035

  • Updated pre-commit hooks. #6029

  • Updated GitHub Actions dependencies, including actions-setup-cmake and cibuildwheel. #6027

Version 3.0.3 (March 31, 2026)

Bug fixes:

  • Fixed TSS key exhaustion in implicitly_convertible() when many implicit conversions are registered across large module sets. #6020

  • Fixed heap-buffer-overflow in pythonbuf with undersized buffers by enforcing a minimum buffer size. #6019

  • Fixed virtual-inheritance pointer offset crashes when dispatching inherited methods through virtual bases. #6017

  • Fixed free(): invalid pointer crashes during interpreter shutdown with py::enum_<> by duplicating late-added def_property_static argument strings. #6015

  • Fixed function_record heap-type deallocation to call PyObject_Free() and decref the type. #6010

  • Hardened PYBIND11_MODULE_PYINIT and get_internals() against module-initialization crashes. #6018

... (truncated)

Commits
  • d03662f build: support Eigen 5 (#6036)
  • 3d8aabc Bump version from v3.0.3 → v3.0.4
  • 2c1b391 [skip ci] docs: add v3.0.4 changelog updates. (#6041)
  • 804e2c1 fix: segfault when moving scoped_ostream_redirect (#6033)
  • a15579c ci: bump setup-uv to maintained tag scheme (#6035)
  • e2fdf43 Handle result from PyObject_VisitManagedDict (#6032)
  • 98003e2 chore(deps): update pre-commit hooks (#6029)
  • ab392bd fix: avoid copy constructor instantiation in shared_ptr fallback cast (#6028)
  • ad5bc9e chore(deps): bump the actions group with 2 updates (#6027)
  • 1b49908 docs: add v3.0.3 and v3.1.0 changelog updates. (#6023)
  • Additional commits viewable in compare view


Note

Medium Risk
Major-version pybind11 bumps can break C++ extension builds or ABI behavior; CMake still fetches pybind11 v2.13.6 separately, so local/CI paths may diverge until aligned.

Overview
Raises the pybind11 version pinned in pyproject.toml’s [build-system] requires from >=2.10.0 to >=3.0.4, so wheels and other setuptools/cibuildwheel builds can pull the current pybind11 release when compiling the Python bindings.

No application or binding source changes—only the minimum build-time dependency for the extension build.

Reviewed by Cursor Bugbot for commit fd8b4e9. Bugbot is set up for automated code reviews on this repo. Configure here.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added Changed Required label for PR that categorizes merge commit message as "Changed" for changelog dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 28, 2026
@coveralls-official

coveralls-official Bot commented Apr 28, 2026

Copy link
Copy Markdown

Coverage Report for CI Build 28481195858

Coverage decreased (-0.02%) to 79.603%

Details

  • Coverage decreased (-0.02%) from the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • 1 coverage regression across 1 file.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

1 previously-covered line in 1 file lost coverage.

File Lines Losing Coverage Coverage
src/bits.hpp 1 93.75%

Coverage Stats

Coverage Status
Relevant Lines: 4486
Covered Lines: 3571
Line Coverage: 79.6%
Coverage Strength: 14680141.19 hits per line

💛 - Coveralls

@github-actions

Copy link
Copy Markdown

'This PR has been flagged as stale due to no activity for over 60
days. It will not be automatically closed, but it has been given
a stale-pr label and should be manually reviewed.'

@hoffmang9

Copy link
Copy Markdown
Member

@dependabot rebase

Updates the requirements on [pybind11](https://github.com/pybind/pybind11) to permit the latest version.
- [Release notes](https://github.com/pybind/pybind11/releases)
- [Changelog](https://github.com/pybind/pybind11/blob/master/docs/changelog.md)
- [Commits](pybind/pybind11@v2.10.0...v3.0.4)

---
updated-dependencies:
- dependency-name: pybind11
  dependency-version: 3.0.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pybind11-gte-3.0.4 branch from b34ee02 to fd8b4e9 Compare June 30, 2026 22:56

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit fd8b4e9. Configure here.

Comment thread pyproject.toml
@@ -1,5 +1,5 @@
[build-system]
requires = ["setuptools>=82.0.1", "wheel", "setuptools_scm[toml]>=3.5.0", "pybind11>=2.10.0"]
requires = ["setuptools>=82.0.1", "wheel", "setuptools_scm[toml]>=3.5.0", "pybind11>=3.0.4"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pybind11 build requirement mismatch

Medium Severity

The [build-system] entry now requires pybind11>=3.0.4, but the chiapos extension is still compiled via CMake FetchContent pinned to v2.13.6, which is below that floor. Wheels and sdist builds can pass isolation while the native module keeps the older pybind11 headers and ABI.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit fd8b4e9. Configure here.

@github-actions github-actions Bot removed the stale-pr label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Changed Required label for PR that categorizes merge commit message as "Changed" for changelog dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant