From 159950642d86c13cedfa00a02c7f9e730f77baca Mon Sep 17 00:00:00 2001 From: Manuel Geiger <40306539+Ectras@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:41:49 +0200 Subject: [PATCH 1/3] Remove superfluous lib path from Cargo.toml --- synir/Cargo.toml | 3 --- 1 file changed, 3 deletions(-) diff --git a/synir/Cargo.toml b/synir/Cargo.toml index fcb9ffce..dbbae830 100644 --- a/synir/Cargo.toml +++ b/synir/Cargo.toml @@ -4,9 +4,6 @@ version = "0.1.0" edition = "2021" license = "MIT" -[lib] -path = "src/lib.rs" - [dependencies] bitvec = "1.0.1" itertools = "0.13.0" From d8632c2e5504b665b3a01e54078adfc53c3d0fe7 Mon Sep 17 00:00:00 2001 From: Manuel Geiger <40306539+Ectras@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:42:30 +0200 Subject: [PATCH 2/3] Remove unused typenum dependency --- Cargo.lock | 7 ------- synir/Cargo.toml | 1 - 2 files changed, 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 945f3903..d8fe9253 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -675,7 +675,6 @@ dependencies = [ "itertools 0.13.0", "petgraph", "rand", - "typenum", ] [[package]] @@ -709,12 +708,6 @@ dependencies = [ "serde_json", ] -[[package]] -name = "typenum" -version = "1.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" - [[package]] name = "unicode-ident" version = "1.0.19" diff --git a/synir/Cargo.toml b/synir/Cargo.toml index dbbae830..9712694b 100644 --- a/synir/Cargo.toml +++ b/synir/Cargo.toml @@ -8,7 +8,6 @@ license = "MIT" bitvec = "1.0.1" itertools = "0.13.0" petgraph = { version = "0.8.2", features = ["stable_graph"], git = "https://github.com/keefehuang/petgraph" } -typenum = "1.17.0" [dev-dependencies] criterion = "0.5.1" From d5bfb90352800034d2e55915a0be94142762ca5d Mon Sep 17 00:00:00 2001 From: Manuel Geiger <40306539+Ectras@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:54:05 +0200 Subject: [PATCH 3/3] Bump pyo3 from 0.23.3 to 0.24.2 The old pyo3 version had a minor security issue that Dependabot warned about. Here's the description: PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bound read (by raising a Python exception containing a copy of the data including the overflow). In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul byte. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments. --- Cargo.lock | 24 ++++++++++++------------ synpy/Cargo.toml | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d8fe9253..10ff7ef2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -431,9 +431,9 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.23.5" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7778bffd85cf38175ac1f545509665d0b9b92a198ca7941f131f85f7a4f9a872" +checksum = "e5203598f366b11a02b13aa20cab591229ff0a89fd121a308a5df751d5fc9219" dependencies = [ "cfg-if", "indoc", @@ -449,9 +449,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.23.5" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94f6cbe86ef3bf18998d9df6e0f3fc1050a8c5efa409bf712e661a4366e010fb" +checksum = "99636d423fa2ca130fa5acde3059308006d46f98caac629418e53f7ebb1e9999" dependencies = [ "once_cell", "target-lexicon", @@ -459,9 +459,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.23.5" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9f1b4c431c0bb1c8fb0a338709859eed0d030ff6daa34368d3b152a63dfdd8d" +checksum = "78f9cf92ba9c409279bc3305b5409d90db2d2c22392d443a87df3a1adad59e33" dependencies = [ "libc", "pyo3-build-config", @@ -469,9 +469,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.23.5" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbc2201328f63c4710f68abdf653c89d8dbc2858b88c5d88b0ff38a75288a9da" +checksum = "0b999cb1a6ce21f9a6b147dcf1be9ffedf02e0043aec74dc390f3007047cecd9" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -481,9 +481,9 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.23.5" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fca6726ad0f3da9c9de093d6f116a93c1a38e417ed73bf138472cf4064f72028" +checksum = "822ece1c7e1012745607d5cf0bcb2874769f0f7cb34c4cde03b9358eb9ef911a" dependencies = [ "heck", "proc-macro2", @@ -694,9 +694,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "target-lexicon" -version = "0.12.16" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1" +checksum = "df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c" [[package]] name = "tinytemplate" diff --git a/synpy/Cargo.toml b/synpy/Cargo.toml index 98305a12..34cd9d3e 100644 --- a/synpy/Cargo.toml +++ b/synpy/Cargo.toml @@ -10,5 +10,5 @@ crate-type = ["cdylib"] [dependencies] bitvec = "1.0.1" -pyo3 = "0.23.3" +pyo3 = "0.24.2" synir = { path = "../synir" }