Skip to content

Upgrade pyo3 past 0.22 to clear RUSTSEC-2025-0020 / 2026-0177 #2

Description

@Nathan-D-R

The new cargo audit CI job flags pyo3 0.22.6:

  • RUSTSEC-2025-0020 (patched >= 0.24.1)
  • RUSTSEC-2026-0177 (patched >= 0.29.0)

The audit job currently --ignores both to stay green.

Proposed scope: upgrade pyo3 to 0.29 (and numpy to 0.29 if used),
migrating the binding to the 0.29 API - same change already done in
OpenTFRaw#20 / OpenTimsTDF#1 (into_py_any, non-_bound constructors,
from_py_object opt-in on Clone pyclasses). Then remove the --ignore
flags from .github/workflows/audit.yml.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions