The new cargo audit CI job flags pyo3 0.22.6:
- RUSTSEC-2025-0020 (patched
>= 0.24.1)
- RUSTSEC-2026-0177 (patched
>= 0.29.0)
The audit job currently --ignores both to stay green.
Proposed scope: upgrade pyo3 to 0.29 (and numpy to 0.29 if used),
migrating the binding to the 0.29 API - same change already done in
OpenTFRaw#20 / OpenTimsTDF#1 (into_py_any, non-_bound constructors,
from_py_object opt-in on Clone pyclasses). Then remove the --ignore
flags from .github/workflows/audit.yml.
The new
cargo auditCI job flagspyo30.22.6:>= 0.24.1)>= 0.29.0)The audit job currently
--ignores both to stay green.Proposed scope: upgrade pyo3 to 0.29 (and numpy to 0.29 if used),
migrating the binding to the 0.29 API - same change already done in
OpenTFRaw#20 / OpenTimsTDF#1 (
into_py_any, non-_boundconstructors,from_py_objectopt-in onClonepyclasses). Then remove the--ignoreflags from
.github/workflows/audit.yml.