| Message ID | 20250604064433.3765706-1-richard.purdie@linuxfoundation.org |
|---|---|
| State | Accepted, archived |
| Commit | 2e817e6e4d53543766b935479b148a1950cc37c8 |
| Headers | show |
| Series | oeqa/maturin/guessing-game: Bump dependencies to avoid security warning | expand |
diff --git a/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml b/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml index de95025e863..a78ada2593d 100644 --- a/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml +++ b/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml @@ -14,7 +14,7 @@ crate-type = ["cdylib"] rand = "0.8.4" [dependencies.pyo3] -version = "0.19.0" +version = "0.24.1" # "abi3-py38" tells pyo3 (and maturin) to build using the stable ABI with minimum Python version 3.8 features = ["abi3-py38"]
The Cargo.toml lock for guessing-game, used to test maturin has a minor security advisory which keeps tripping up github's automated security analysis, "PyO3 Risk of buffer overflow in `PyString::from_object`". Bump the minimum version requirement for pyo3 to avoid this warning even if it isn't anything critical and just automated tests. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)