Skip to content

Bump cbor2 from 5.9.0 to 6.0.1 in /openc3/python#3297

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/openc3/python/cbor2-6.0.1
Closed

Bump cbor2 from 5.9.0 to 6.0.1 in /openc3/python#3297
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/openc3/python/cbor2-6.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Bumps cbor2 from 5.9.0 to 6.0.1.

Release notes

Sourced from cbor2's releases.

6.0.1

  • Fixed an error in the mutability logic during decoding, leading to values being decoded as immutable in unexpected places (#295)

6.0.0

  • No changes since v6.0.0rc1

6.0.0rc1

  • MAJOR REWRITE: The Python and C implementations of the encoder and decoder were replaced with a single, Rust-based implementation in the interest of maintainability.

    Here are some of the highlights:

    • Improved memory safety (100% safe-mode Rust)
    • Complete elimination of reference leaks
    • Support for free-threading and subinterpreters
    • Substantially improved performance
    • Improved decoder error handling where any non-base exception gets wrapped in a CBORDecodeError
    • Iterative, rather than recursive decoding, meaning the container nesting depth is limited only by the available memory, rather than the C stack size

  • BACKWARD INCOMPATIBLE Changed the signature of the tag_hook decoder callables to accept (CBORTag, immutable as arguments instead of CBORDecoder, CBORTag)

  • BACKWARD INCOMPATIBLE Changed the signature of the object_hook decoder callables to accept (Mapping[Any, Any], bool) instead of (CBORDecoder, dict[Any, Any])

  • BACKWARD INCOMPATIBLE Removed the break_marker singleton as no longer necessary

  • BACKWARD INCOMPATIBLE Removed the CBORDecodeValueError exception, instead chaining ValueError or TypeError to a CBORDecodeError

  • BACKWARD INCOMPATIBLE Changed the decoding of semantic tag 261 to yield an IPv4Interface or IPv6Interface if the address contains host bits

  • BACKWARD INCOMPATIBLE Removed the individual decoding functions from the API as they were mistakenly called directly by users. Please open an issue if you need them back.

  • BACKWARD INCOMPATIBLE Changed the encoding of IP addresses to use the semantic tags 52 and 54 instead of the deprecated 260 and 261 (#232)

  • BACKWARD INCOMPATIBLE Dropped the deprecated cbor2.decoder and cbor2.encoder modules – everything in the API is now importable directly from cbor2

  • BACKWARD INCOMPATIBLE The cbor2.FrozenDict class has now been renamed frozendict and is not available on Python 3.15 where the built-in frozendict class must be used instead

  • Added the semantic_decoders decoder option to add or override decoders for specific semantic tags

  • Added the immutable decoder flag to always use immutable containers where possible when decoding a CBOR stream

  • Added the allow_indefinite decoder option to optionally disallow indefinite-length strings and containers

  • Dropped support for Python 3.9

  • Fixed the decoder not rejecting invalid two-byte simple value sequences (0xF800 - 0xF81F)

Commits
  • 3d22272 Bumped up the version
  • 7e07ab5 Fixed ContinueFrame handler not mutating the immutable flag in the current frame
  • 03c656c Marked the 6.x series as supported
  • 516c1a2 Bumped up the version
  • c175272 [pre-commit.ci] pre-commit autoupdate (#294)
  • 547186a [pre-commit.ci] pre-commit autoupdate (#292)
  • c544b4b Install tzdata for Windows when testing
  • 9d95436 Removed timezones workaround in Hypothesis strategies
  • ffd7030 Bump the github-actions group with 3 updates (#293)
  • 71b0e95 Install Rust in the RTD build job
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump cbor2 from 5.9.0 to 6.0.1 in /openc3/python
1fc242f 
Bumps [cbor2](https://github.com/agronholm/cbor2) from 5.9.0 to 6.0.1.
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Commits](agronholm/cbor2@5.9.0...6.0.1)

---
updated-dependencies:
- dependency-name: cbor2
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 29, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 29, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 13, 2026

Superseded by #3370.

@dependabot dependabot Bot closed this May 13, 2026
@dependabot dependabot Bot deleted the dependabot/uv/openc3/python/cbor2-6.0.1 branch May 13, 2026 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants