Deps.rs

pyo3-stub-gen 0.10.0

[![dependency status](https://deps.rs/crate/pyo3-stub-gen/0.10.0/status.svg)](https://deps.rs/crate/pyo3-stub-gen/0.10.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate pyo3-stub-gen

Dependencies

(14 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^1.0.981.0.98up to date
 chrono^0.4.400.4.41up to date
 either^1.15.01.15.0up to date
 indexmap>=2.7.02.10.0up to date
 inventory^0.3.200.3.20up to date
 itertools^0.13.00.14.0out of date
 log^0.4.270.4.27up to date
 maplit^1.0.21.0.2up to date
 num-complex^0.4.60.4.6up to date
 numpy>=0.24.00.25.0up to date
 pyo3 ⚠️>=0.24.00.25.1maybe insecure
 pyo3-stub-gen-derive^0.10.00.10.0up to date
 serde^1.0.2191.0.219up to date
 toml^0.8.210.8.23up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 test-case^3.3.13.3.1up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.