Skip to content

Update pybind11 requirement from >=2.13.0 to >=3.0.4 in /python#6

Open
dependabot[bot] wants to merge 4 commits into
mainfrom
dependabot/pip/python/pybind11-gte-3.0.4
Open

Update pybind11 requirement from >=2.13.0 to >=3.0.4 in /python#6
dependabot[bot] wants to merge 4 commits into
mainfrom
dependabot/pip/python/pybind11-gte-3.0.4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 13, 2026

Updates the requirements on pybind11 to permit the latest version.

Release notes

Sourced from pybind11's releases.

Version 3.0.4

Bug fixes:

  • Fixed test builds with installed Eigen 5 by improving Eigen3 CMake package detection. #6036

  • Fixed move semantics of scoped_ostream_redirect to preserve buffered output and avoid crashes when moved redirects restore stream buffers. #6033

  • Fixed py::dynamic_attr() traversal on Python 3.13+ to correctly propagate PyObject_VisitManagedDict() results. #6032

  • Fixed std::shared_ptr<T> fallback casting to avoid unnecessary copy-constructor instantiation in reference_internal paths. #6028

CI:

  • Updated setup-uv to the maintained GitHub Action tag scheme. #6035

  • Updated pre-commit hooks. #6029

  • Updated GitHub Actions dependencies, including actions-setup-cmake and cibuildwheel. #6027

Changelog

Sourced from pybind11's changelog.

Version 3.0.4 (April 18, 2026)

Bug fixes:

  • Fixed test builds with installed Eigen 5 by improving Eigen3 CMake package detection. #6036

  • Fixed move semantics of scoped_ostream_redirect to preserve buffered output and avoid crashes when moved redirects restore stream buffers. #6033

  • Fixed py::dynamic_attr() traversal on Python 3.13+ to correctly propagate PyObject_VisitManagedDict() results. #6032

  • Fixed std::shared_ptr<T> fallback casting to avoid unnecessary copy-constructor instantiation in reference_internal paths. #6028

CI:

  • Updated setup-uv to the maintained GitHub Action tag scheme. #6035

  • Updated pre-commit hooks. #6029

  • Updated GitHub Actions dependencies, including actions-setup-cmake and cibuildwheel. #6027

Version 3.0.3 (March 31, 2026)

Bug fixes:

  • Fixed TSS key exhaustion in implicitly_convertible() when many implicit conversions are registered across large module sets. #6020

  • Fixed heap-buffer-overflow in pythonbuf with undersized buffers by enforcing a minimum buffer size. #6019

  • Fixed virtual-inheritance pointer offset crashes when dispatching inherited methods through virtual bases. #6017

  • Fixed free(): invalid pointer crashes during interpreter shutdown with py::enum_<> by duplicating late-added def_property_static argument strings. #6015

  • Fixed function_record heap-type deallocation to call PyObject_Free() and decref the type. #6010

  • Hardened PYBIND11_MODULE_PYINIT and get_internals() against module-initialization crashes. #6018

... (truncated)

Commits
  • d03662f build: support Eigen 5 (#6036)
  • 3d8aabc Bump version from v3.0.3 → v3.0.4
  • 2c1b391 [skip ci] docs: add v3.0.4 changelog updates. (#6041)
  • 804e2c1 fix: segfault when moving scoped_ostream_redirect (#6033)
  • a15579c ci: bump setup-uv to maintained tag scheme (#6035)
  • e2fdf43 Handle result from PyObject_VisitManagedDict (#6032)
  • 98003e2 chore(deps): update pre-commit hooks (#6029)
  • ab392bd fix: avoid copy constructor instantiation in shared_ptr fallback cast (#6028)
  • ad5bc9e chore(deps): bump the actions group with 2 updates (#6027)
  • 1b49908 docs: add v3.0.3 and v3.1.0 changelog updates. (#6023)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

hunhoffe and others added 4 commits May 13, 2026 08:53
@hunhoffe @claude
Add Dependabot config and OSSF Scorecard workflow
9f5f3dc 
Enables weekly Dependabot updates for GitHub Actions and the four
Python manifest directories (python/, utils/mlir_aie_wheels/,
utils/mlir_wheels/), with grouped minor/patch PRs to keep noise down.

Adds an OSSF Scorecard workflow that publishes results to the
GitHub Security tab and the public Scorecard registry, giving us a
running grade on supply-chain posture (token permissions, pinned
dependencies, branch protection, etc.).

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
@hunhoffe @claude
Add SECURITY.md pointing to private vulnerability reporting
3833853 
Provides a private channel for vulnerability disclosure (GitHub's
private advisory flow), removing the need for reporters to choose
between filing a public issue and emailing maintainers directly.

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
@hunhoffe @claude
scorecard: allow workflow_dispatch for ad-hoc runs
8767905 
Lets the workflow be triggered manually from the Actions tab in
addition to the weekly cron and push-to-main triggers, useful for
on-demand reruns and for validating the workflow on forks before
merging.

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
@dependabot
Update pybind11 requirement from >=2.13.0 to >=3.0.4 in /python
20b725e 
Updates the requirements on [pybind11](https://github.com/pybind/pybind11) to permit the latest version.
- [Release notes](https://github.com/pybind/pybind11/releases)
- [Changelog](https://github.com/pybind/pybind11/blob/master/docs/changelog.md)
- [Commits](pybind/pybind11@v2.13.0...v3.0.4)

---
updated-dependencies:
- dependency-name: pybind11
  dependency-version: 3.0.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from hunhoffe as a code owner May 13, 2026 15:42
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hunhoffe hunhoffe Awaiting requested review from hunhoffe hunhoffe is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hunhoffe