Skip to content

Commit 6d3aaf8

Browse files
mivertowskiclaude
mivertowski
and
claude
committed
Fix all Dependabot security alerts: upgrade 5 vulnerable dependencies
- jsonwebtoken 9.2 -> 10.3.0 (medium: type confusion auth bypass) - pyo3 0.22 -> 0.24.2 (low: buffer overflow in PyString) - iced 0.13 -> 0.14.0 (fixes lru 0.12.5 -> 0.16.3, low: Stacked Borrows) - bytes 1.11.0 -> 1.11.1 (medium: integer overflow in BytesMut) - time 0.3.44 -> 0.3.47 (medium: stack exhaustion DoS) jsonwebtoken: switched crypto backend from ring to rust_crypto (pure Rust). pyo3: renamed 31 _bound API calls removed in 0.23+. iced: migrated to new boot/title application API and canvas::Action return type. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 0ac8fd5 commit 6d3aaf8

19 files changed

Lines changed: 830 additions & 672 deletions

File tree

Cargo.lock

Lines changed: 748 additions & 575 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/ringkernel-core/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ hkdf = { version = "0.12", optional = true }
6363
sha2 = { version = "0.10", optional = true }
6464

6565
# Authentication (optional)
66-
jsonwebtoken = { version = "9.2", optional = true }
66+
jsonwebtoken = { version = "10", features = ["rust_crypto"], optional = true }
6767
base64 = { version = "0.21", optional = true }
6868

6969
# Rate limiting (optional)

crates/ringkernel-python/Cargo.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ crate-type = ["cdylib"]
1515

1616
[dependencies]
1717
# PyO3 for Python bindings
18-
pyo3 = { version = "0.22", features = ["extension-module", "abi3-py38"] }
19-
pyo3-async-runtimes = { version = "0.22", features = ["tokio-runtime"] }
18+
pyo3 = { version = "0.24", features = ["extension-module", "abi3-py38"] }
19+
pyo3-async-runtimes = { version = "0.24", features = ["tokio-runtime"] }
2020

2121
# Async runtime
2222
tokio = { version = "1.48", features = ["rt-multi-thread", "sync", "time"] }
@@ -27,7 +27,7 @@ ringkernel-cpu = { path = "../ringkernel-cpu" }
2727
ringkernel-cuda = { path = "../ringkernel-cuda", optional = true }
2828

2929
# NumPy interop
30-
numpy = { version = "0.22", optional = true }
30+
numpy = { version = "0.24", optional = true }
3131

3232
# Error handling
3333
thiserror = "2.0"

crates/ringkernel-python/src/benchmark/mod.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -941,7 +941,7 @@ impl PyBenchmarkBaseline {
941941
/// Register benchmark types with the Python module.
942942
pub fn register(m: &Bound<'_, PyModule>) -> PyResult<()> {
943943
// Create benchmark submodule
944-
let benchmark = PyModule::new_bound(m.py(), "benchmark")?;
944+
let benchmark = PyModule::new(m.py(), "benchmark")?;
945945

946946
// Configuration types
947947
benchmark.add_class::<PyBenchmarkConfig>()?;

crates/ringkernel-python/src/core/hlc.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -283,7 +283,7 @@ impl PyHlcClock {
283283
/// Register HLC types with the Python module.
284284
pub fn register(m: &Bound<'_, PyModule>) -> PyResult<()> {
285285
// Create hlc submodule
286-
let hlc = PyModule::new_bound(m.py(), "hlc")?;
286+
let hlc = PyModule::new(m.py(), "hlc")?;
287287
hlc.add_class::<PyHlcTimestamp>()?;
288288
hlc.add_class::<PyHlcClock>()?;
289289

crates/ringkernel-python/src/core/k2k.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -316,7 +316,7 @@ impl PyK2KBroker {
316316
/// Register K2K types with the Python module.
317317
pub fn register(m: &Bound<'_, PyModule>) -> PyResult<()> {
318318
// Create k2k submodule
319-
let k2k = PyModule::new_bound(m.py(), "k2k")?;
319+
let k2k = PyModule::new(m.py(), "k2k")?;
320320
k2k.add_class::<PyK2KConfig>()?;
321321
k2k.add_class::<PyDeliveryStatus>()?;
322322
k2k.add_class::<PyDeliveryReceipt>()?;

crates/ringkernel-python/src/core/message.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -494,7 +494,7 @@ impl PyMessageEnvelope {
494494
/// Get the payload bytes.
495495
#[getter]
496496
fn payload<'py>(&self, py: Python<'py>) -> Bound<'py, PyBytes> {
497-
PyBytes::new_bound(py, &self.inner.payload)
497+
PyBytes::new(py, &self.inner.payload)
498498
}
499499

500500
/// Total size in bytes (header + payload).
@@ -508,7 +508,7 @@ impl PyMessageEnvelope {
508508
/// Returns:
509509
/// The envelope as a contiguous byte buffer.
510510
fn to_bytes<'py>(&self, py: Python<'py>) -> Bound<'py, PyBytes> {
511-
PyBytes::new_bound(py, &self.inner.to_bytes())
511+
PyBytes::new(py, &self.inner.to_bytes())
512512
}
513513

514514
/// Deserialize an envelope from bytes.

crates/ringkernel-python/src/core/queue.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -490,7 +490,7 @@ impl From<PartitionedQueueStats> for PyPartitionedQueueStats {
490490
/// Register queue types with the Python module.
491491
pub fn register(m: &Bound<'_, PyModule>) -> PyResult<()> {
492492
// Create queue submodule
493-
let queue = PyModule::new_bound(m.py(), "queue")?;
493+
let queue = PyModule::new(m.py(), "queue")?;
494494
queue.add_class::<PyQueueStats>()?;
495495
queue.add_class::<PyQueueTier>()?;
496496
queue.add_class::<PyQueueHealth>()?;

crates/ringkernel-python/src/cuda/mod.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -715,7 +715,7 @@ impl From<RustStreamPoolStats> for PyStreamPoolStats {
715715
/// Register CUDA types with the Python module.
716716
pub fn register(m: &Bound<'_, PyModule>) -> PyResult<()> {
717717
// Create cuda submodule
718-
let cuda = PyModule::new_bound(m.py(), "cuda")?;
718+
let cuda = PyModule::new(m.py(), "cuda")?;
719719

720720
// Device functions
721721
cuda.add_function(wrap_pyfunction!(is_cuda_available, &cuda)?)?;

crates/ringkernel-python/src/error.rs

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -435,54 +435,54 @@ impl<T, E: Into<PyRingKernelError>> IntoPyResult<T> for Result<T, E> {
435435
/// Register exception types with the Python module.
436436
pub fn register_exceptions(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
437437
// Create exceptions module
438-
let exceptions = PyModule::new_bound(py, "exceptions")?;
438+
let exceptions = PyModule::new(py, "exceptions")?;
439439

440440
// Add base exception
441-
exceptions.add("RingKernelError", py.get_type_bound::<RingKernelError>())?;
441+
exceptions.add("RingKernelError", py.get_type::<RingKernelError>())?;
442442

443443
// Memory errors
444-
exceptions.add("MemoryLimitError", py.get_type_bound::<MemoryLimitError>())?;
444+
exceptions.add("MemoryLimitError", py.get_type::<MemoryLimitError>())?;
445445

446446
// Kernel errors
447-
exceptions.add("KernelError", py.get_type_bound::<KernelError>())?;
448-
exceptions.add("KernelStateError", py.get_type_bound::<KernelStateError>())?;
447+
exceptions.add("KernelError", py.get_type::<KernelError>())?;
448+
exceptions.add("KernelStateError", py.get_type::<KernelStateError>())?;
449449

450450
// CUDA errors
451-
exceptions.add("CudaError", py.get_type_bound::<CudaError>())?;
452-
exceptions.add("CudaDeviceError", py.get_type_bound::<CudaDeviceError>())?;
453-
exceptions.add("CudaMemoryError", py.get_type_bound::<CudaMemoryError>())?;
451+
exceptions.add("CudaError", py.get_type::<CudaError>())?;
452+
exceptions.add("CudaDeviceError", py.get_type::<CudaDeviceError>())?;
453+
exceptions.add("CudaMemoryError", py.get_type::<CudaMemoryError>())?;
454454

455455
// Queue errors
456-
exceptions.add("QueueError", py.get_type_bound::<QueueError>())?;
457-
exceptions.add("QueueFullError", py.get_type_bound::<QueueFullError>())?;
458-
exceptions.add("QueueEmptyError", py.get_type_bound::<QueueEmptyError>())?;
456+
exceptions.add("QueueError", py.get_type::<QueueError>())?;
457+
exceptions.add("QueueFullError", py.get_type::<QueueFullError>())?;
458+
exceptions.add("QueueEmptyError", py.get_type::<QueueEmptyError>())?;
459459

460460
// K2K errors
461-
exceptions.add("K2KError", py.get_type_bound::<K2KError>())?;
462-
exceptions.add("K2KDeliveryError", py.get_type_bound::<K2KDeliveryError>())?;
461+
exceptions.add("K2KError", py.get_type::<K2KError>())?;
462+
exceptions.add("K2KDeliveryError", py.get_type::<K2KDeliveryError>())?;
463463

464464
// Benchmark errors
465-
exceptions.add("BenchmarkError", py.get_type_bound::<BenchmarkError>())?;
465+
exceptions.add("BenchmarkError", py.get_type::<BenchmarkError>())?;
466466

467467
// Hybrid errors
468-
exceptions.add("HybridError", py.get_type_bound::<HybridError>())?;
468+
exceptions.add("HybridError", py.get_type::<HybridError>())?;
469469
exceptions.add(
470470
"GpuNotAvailableError",
471-
py.get_type_bound::<GpuNotAvailableError>(),
471+
py.get_type::<GpuNotAvailableError>(),
472472
)?;
473473

474474
// Resource errors
475-
exceptions.add("ResourceError", py.get_type_bound::<ResourceError>())?;
476-
exceptions.add("ReservationError", py.get_type_bound::<ReservationError>())?;
475+
exceptions.add("ResourceError", py.get_type::<ResourceError>())?;
476+
exceptions.add("ReservationError", py.get_type::<ReservationError>())?;
477477

478478
// Add exceptions module to main module
479479
m.add_submodule(&exceptions)?;
480480

481481
// Also add commonly-used exceptions at top level
482-
m.add("RingKernelError", py.get_type_bound::<RingKernelError>())?;
483-
m.add("CudaError", py.get_type_bound::<CudaError>())?;
484-
m.add("KernelError", py.get_type_bound::<KernelError>())?;
485-
m.add("MemoryLimitError", py.get_type_bound::<MemoryLimitError>())?;
482+
m.add("RingKernelError", py.get_type::<RingKernelError>())?;
483+
m.add("CudaError", py.get_type::<CudaError>())?;
484+
m.add("KernelError", py.get_type::<KernelError>())?;
485+
m.add("MemoryLimitError", py.get_type::<MemoryLimitError>())?;
486486

487487
Ok(())
488488
}

0 commit comments

Comments
 (0)