From 126e80fa3c22f6f4fab643c59fbda60b6a460520 Mon Sep 17 00:00:00 2001 From: Sahas Subramanian Date: Fri, 19 Jun 2026 08:32:30 +0000 Subject: [PATCH] Opt into FromPyObject derive for Clone pyclasses under PyO3 0.29 The pyo3 0.29 bump (#89) updated the dependency but didn't address 0.29's deprecation of the *automatic* `FromPyObject` derive for `#[pyclass]` types that implement `Clone`, which `cargo clippy -D warnings` rejects. `ComponentGraphConfig` and `FormulaOverrides` are both extracted from Python by value (`config.extract::()` and the by-value `Option` argument), so opt back in explicitly with `#[pyclass(from_py_object)]` to preserve the previous behavior. The 0.29 bump itself also pulled in the fix for the out-of-bounds read in list/tuple iterator `nth`/`nth_back` (GHSA-36hh-v3qg-5jq4); note it under Upgrading. Signed-off-by: Sahas Subramanian --- RELEASE_NOTES.md | 2 +- src/graph.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 5c3581a..fe1e234 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -6,7 +6,7 @@ ## Upgrading - +- Bumped PyO3 to 0.29 to pull in the fix for RUSTSEC out-of-bounds read advisory GHSA-36hh-v3qg-5jq4 (`nth`/`nth_back` on list/tuple iterators). ## New Features diff --git a/src/graph.rs b/src/graph.rs index 841093f..6685eb1 100644 --- a/src/graph.rs +++ b/src/graph.rs @@ -16,7 +16,7 @@ use pyo3::{ types::{PyAny, PySet, PyType}, }; -#[pyclass(subclass)] +#[pyclass(subclass, from_py_object)] #[derive(Clone, Default, Debug)] pub struct ComponentGraphConfig { config: cg::ComponentGraphConfig, @@ -60,7 +60,7 @@ impl ComponentGraphConfig { } } -#[pyclass(subclass)] +#[pyclass(subclass, from_py_object)] #[derive(Clone, Default, Debug)] pub struct FormulaOverrides { overrides: cg::FormulaOverrides,