Bump pyo3 from 0.16.2 to 0.16.6

[dependabot]

Bumps pyo3 from 0.16.2 to 0.16.6.

Release notes

Sourced from pyo3's releases.

PyO3 0.16.6

This release is a tactical set of soundness fixes identified for the PyCapsule bindings released in PyO3 0.16. To avoid breaking API changes capsules created with PyCapsule::new and PyCapsule::new_with_destructor will now leak their contents (and not call the destructor) if released on a thread other than the one they were created.

PyO3 0.17 will be released shortly with breaking API changes which resolve the PyCapsule issues with better design (e.g. the destructor has a Send bound added). Users are encouraged to upgrade at their earliest convenience.

Thanks to @​saethlin for reporting the issue, and to @​adamreichold and @​davidhewitt for implementing the resolution.

PyO3 0.16.5

This release contains an FFI definition correction to resolve crashes for PyOxidizer on Python 3.10, and a new generate-import-lib feature to allow easier cross-compiling to Windows.

Thank you to the following users for the improvements:

@​cjermain @​davidhewitt @​indygreg @​messense

PyO3 0.16.4

This release fixes a regression introduced in 0.16.3 leading to build failures on Windows, enables crates depending on PyO3 to collect code coverage using LLVM instrumentation on stable Rust version 1.60 or later, and enables safe access to time zone information attached to Python's time and datetime objects. There are also some adjustments to PyO3's build-time interpreter detection to make it easier to cross-compile abi3 Python extensions.

Thank you to the following users for the improvements:

@​adamreichold @​davidhewitt @​mejrs @​messense @​pickfire @​ravenexp @​RicoHageman

PyO3 0.16.3

This release contains a number of non-breaking additions and fixes since PyO3 0.16.2.

They are mostly centered on improving support for various build configurations. There are also usability tweaks to the #[pyclass] macro and a new intern! macro to create statically-backed PyString objects as an optimization technique.

Thank you to the following users for the improvements:

@​adamreichold @​aganders3 @​alex @​kmp1 @​mejrs @​messense @​mityax
@​momirza @​ravenexp @​zh-jq

Changelog

Sourced from pyo3's changelog.

[0.16.6] - 2022-08-23

### Changed

• Fix soundness issues with PyCapsule type with select workarounds. Users are encourage to upgrade to PyO3 0.17 at their earliest convenience which contains API breakages which fix the issues in a long-term fashion. #2522
  • PyCapsule::new and PyCapsule::new_with_destructor now take ownership of a copy of the name to resolve a possible use-after-free.
  • PyCapsule::name now returns an empty CStr instead of dereferencing a null pointer if the capsule has no name.
  • The destructor F in PyCapsule::new_with_destructor will never be called if the capsule is deleted from a thread other than the one which the capsule was created in (a warning will be emitted).
• Panics during drop of panic payload caught by PyO3 will now abort. #2544

[0.16.5] - 2022-05-15

Added

• Add an experimental generate-import-lib feature to support auto-generating non-abi3 python import libraries for Windows targets. #2364
• Add FFI definition Py_ExitStatusException. #2374

Changed

• Deprecate experimental generate-abi3-import-lib feature in favor of the new generate-import-lib feature. #2364

Fixed

• Added missing warn_default_encoding field to PyConfig on 3.10+. The previously missing field could result in incorrect behavior or crashes. #2370
• Fixed order of pathconfig_warnings and program_name fields of PyConfig on 3.10+. Previously, the order of the fields was swapped and this could lead to incorrect behavior or crashes. #2370

[0.16.4] - 2022-04-14

Added

• Add PyTzInfoAccess trait for safe access to time zone information. #2263
• Add an experimental generate-abi3-import-lib feature to auto-generate python3.dll import libraries for Windows. #2282
• Add FFI definitions for PyDateTime_BaseTime and PyDateTime_BaseDateTime. #2294

Changed

• Improved performance of failing calls to FromPyObject::extract which is common when functions accept multiple distinct types. #2279
• Default to "m" ABI tag when choosing libpython link name for CPython 3.7 on Unix. #2288
• Allow to compile "abi3" extensions without a working build host Python interpreter. #2293

Fixed

• Crates depending on PyO3 can collect code coverage via LLVM instrumentation using stable Rust. #2286
• Fix segfault when calling FFI methods PyDateTime_DATE_GET_TZINFO or PyDateTime_TIME_GET_TZINFO on datetime or time without a tzinfo. #2289
• Fix directory names starting with the letter n breaking serialization of the interpreter configuration on Windows since PyO3 0.16.3. #2299

[0.16.3] - 2022-04-05

Packaging

... (truncated)

Commits

• 4fdebfc release: 0.16.6
• dde98a0 pin bumpalo
• 30211a6 ui test fixes
• 5c74ddf clippy fixes
• 7426aea safety: abort on uncaught panics
• 916abf6 Merge pull request #2522 from davidhewitt/capsule-soundness-backport
• c267ace ci: fix nightly UI tests
• 86740f9 ci: fix nightly ui tests
• 96427ee Use proper method for pinning MSRV minimal package versions
• 1e8f6d9 Try fix hashbrown version on msrv
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)