Skip to content

deps(core): bump the all group across 1 directory with 2 updates #1351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(core): bump the all group across 1 directory with 2 updates #1351

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 20, 2025
edited
Loading

Updates the requirements on pyo3 and sqlparser to permit the latest version.
Updates pyo3 to 0.27.0

Release notes

Sourced from pyo3's releases.

PyO3 0.27.0

This release is the first PyO3 release to be tested against Python 3.14.0 final. There are no significant changes to 3.14 support since PyO3 0.26 which was tested against the 3.14 release candidates.

Support for PyPy 3.9 and PyPy 3.10 (both no longer supported upstream) has been dropped.

The FromPyObject trait has been reworked in a similar fashion to the IntoPyObject trait introduced in PyO3 0.23. This has established a performant and flexible implementation of both these traits and no further changes to the traits are anticipated in the future. Thank you for the patience upgrading through these incremental improvements at the core of PyO3.

The .downcast() family of functions are now deprecated in favour of the .cast() family of functions, which are an incremental improvement to API usability and to error messages on failed conversions.

Operations on the PyCapsule type have been changed without deprecation to fix some issues with lifetimes of return values (in .name() and .reference() specifically). The capsule API now also encourages checking of capsule names, which is one of the few defences available to protect the validity of casting data read by the capsule API.

There are also many other incremental improvements, bug fixes and smaller features.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​alex @​altendky @​bazaah @​bschoenmaeckers @​crepererum @​davidhewitt @​dependabot[bot] @​elbaro @​Icxolu @​jqnatividad @​mbrobbel @​NilsIrl @​rvben @​sanders41 @​tdyas @​Tpt @​vvsagar

Changelog

Sourced from pyo3's changelog.

[0.27.0] - 2025-10-19

Packaging

  • Extend range of supported versions of hashbrown optional dependency to include version 0.16. #5428
  • Bump optional num-bigint dependency minimum version to 0.4.4. #5471
  • Test against Python 3.14 final release. #5499
  • Drop support for PyPy 3.9 and 3.10. #5516
  • Provide a better error message when building an outdated PyO3 for a too-new Python version. #5519

Added

  • Add FromPyObjectOwned as convenient trait bound for FromPyObject when the data is not borrowed from Python. #4390
  • Add Borrowed::extract, same as PyAnyMethods::extract, but does not restrict the lifetime by deref. #4390
  • experimental-inspect: basic support for #[derive(IntoPyObject)] (no struct fields support yet). #5365
  • experimental-inspect: support #[pyo3(get, set)] and #[pyclass(get_all, set_all)]. #5370
  • Add PyTypeCheck::classinfo_object that returns an object that can be used as parameter in isinstance or issubclass. #5387
  • Implement PyTypeInfo on datetime.* types even when the limited API is enabled. #5388
  • Implement PyTypeInfo on PyIterator, PyMapping and PySequence. #5402
  • Implement PyTypeInfo on PyCode when using the stable ABI. #5403
  • Implement PyTypeInfo on PyWeakrefReference when using the stable ABI. #5404
  • Add pyo3::sync::RwLockExt trait, analogous to pyo3::sync::MutexExt for readwrite locks. #5435
  • Add PyString::from_bytes. #5437
  • Implement AsRef<[u8]> for PyBytes. #5445
  • Add CastError and CastIntoError. #5468
  • Add PyCapsuleMethods::pointer_checked and PyCapsuleMethods::is_valid_checked. #5474
  • Add Borrowed::cast, Borrowed::cast_exact and Borrowed::cast_unchecked. #5475
  • Add conversions for jiff::civil::ISOWeekDate. #5478
  • Add conversions for &Cstr, Cstring and Cow<Cstr>. #5482
  • add #[pyclass(skip_from_py_object)] option, to opt-out of the FromPyObject: PyClass + Clone blanket impl. #5488
  • Add PyErr::add_note. #5489
  • Add FromPyObject impl for Cow<Path> & Cow<OsStr>. #5497
  • Add #[pyclass(from_py_object)] pyclass option, to opt-in to the extraction of pyclasses by value (requires Clone). #5506

Changed

  • Rework FromPyObject trait for flexibility and performance: #4390
    • Add a second lifetime to FromPyObject, to allow borrowing data from Python objects (e.g. &str from Python str).
    • Replace extract_bound with extract, which takes Borrowed<'a, 'py, PyAny>.
  • Optimize FromPyObject implementations for Vec<u8> and [u8; N] from bytes and bytearray. #5244
  • Deprecate #[pyfn] attribute. #5384
  • Fetch type name dynamically on cast errors instead of using PyTypeCheck::NAME. #5387
  • Deprecate PyTypeCheck::NAME in favour of PyTypeCheck::classinfo_object which provides the type information at runtime. #5387
  • PyClassGuard(Mut) and PyRef(Mut) extraction now returns an opaque Rust error #5413
  • Fetch type name dynamically when exporting types implementing PyTypeInfo with #[pymodule_use]. #5414
  • Improve Debug representation of PyBuffer<T>. #5442
  • experimental-inspect: change the way introspection data is emitted in the binaries to avoid a pointer indirection and simplify parsing. #5450
  • Optimize Py<T>::drop for the case when attached to the Python interpreter. #5454
  • Replace DowncastError and DowncastIntoError with CastError and CastIntoError. #5468
  • Enable fast-path for 128-bit integer conversions on GraalPy. #5471

... (truncated)

Commits

Updates sqlparser to 0.59.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added core dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Oct 20, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 20, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@dependabot
deps(core): bump the all group across 1 directory with 2 updates
90adc64 
Updates the requirements on [pyo3](https://github.com/pyo3/pyo3) and [sqlparser](https://github.com/apache/datafusion-sqlparser-rs) to permit the latest version.

Updates `pyo3` to 0.27.0
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
- [Commits](PyO3/pyo3@v0.26.0...v0.27.0)

Updates `sqlparser` to 0.59.0
- [Changelog](https://github.com/apache/datafusion-sqlparser-rs/blob/main/CHANGELOG.md)
- [Commits](apache/datafusion-sqlparser-rs@v0.58.0...v0.59.0)

---
updated-dependencies:
- dependency-name: pyo3
  dependency-version: 0.27.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: sqlparser
  dependency-version: 0.59.0
  dependency-type: direct:production
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/wren-core-base/all-400881e519 branch from a8d88c2 to 90adc64 Compare October 27, 2025 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant