build(deps): bump the per-dependency group across 1 directory with 8 updates

[dependabot]

Bumps the per-dependency group with 8 updates in the /bindings/python directory:

Package	From	To
anyhow	1.0.100	1.0.102
pyo3	0.24.2	0.28.2
spin	0.9.8	0.10.0
regex	1.12.2	1.12.3
uuid	1.20.0	1.21.0
jsonschema	0.30.0	0.42.1
chrono	0.4.43	0.4.44
rand	0.9.2	0.10.0

Updates anyhow from 1.0.100 to 1.0.102

Release notes

Sourced from anyhow's releases.

1.0.102

• Remove backtrace dependency (#438, #439, #440, #441, #442)

1.0.101

• Add #[inline] to anyhow::Ok helper (#437, thanks @​Ibitier)

Commits

• 5c657b3 Release 1.0.102
• e737fb6 Merge pull request #442 from dtolnay/backtrace
• 7fe62b5 Further simply backtrace conditional compilation
• c8cb5ca Merge pull request #441 from dtolnay/backtrace
• de27df7 Delete CI use of --features=backtrace
• 9b67e5d Merge pull request #440 from dtolnay/backtrace
• efdb11a Simplify std_backtrace conditional code
• b8a9a70 Merge pull request #439 from dtolnay/backtrace
• a42fc2c Remove feature = "backtrace" conditional code
• 2a2a3ce Re-word backtrace feature comment
• Additional commits viewable in compare view

Updates pyo3 from 0.24.2 to 0.28.2

Release notes

Sourced from pyo3's releases.

PyO3 0.28.2

This patch release contains a soundness fix for subclassing native types such as PyList with the abi3 feature enabled when targeting a minimum version of Python 3.12 or higher. (Support for doing such subclassing was newly added in PyO3 0.28.0.)

PyO3 0.28.0 and 0.28.1 will be yanked.

This release also contains a correction to the FFI definition PyType_GetTypeDataSize and incorrectly-generated __qualname__ on #[pyclass] enum variant types when using #[pyo3(name = "...")] option to rename the enum and/or variant.

Thank you to the following contributors for the improvements:

@​davidhewitt @​Icxolu @​ngoldbaum

PyO3 0.28.1

This patch contains a number of minor compile-time fixes for PyO3 0.28.0.

Thank you to the following contributors for the improvements:

@​davidhewitt @​funsafemath @​ngoldbaum @​rara64 @​tdyas

PyO3 0.28.0

This release contains many improvements across PyO3's feature set:

• Proper support for __init__ methods for #[pyclass] types
• Support for #[deleter]s to complement the existing #[getter] and #[setter] attributes when implementing class "properties".
• Support for subclassing many Python types with the abi3 feature (requires Python 3.12+).
• A new #[pyclass(new = "from_fields")] option to automatically define the constructor from the class fields.
• Many corrections to FFI definitions (including removal of many private CPython methods)
• Many improvements to the experimental-inspect feature's functionality.

The minimum supported Rust version has been increased to Rust 1.83.

This release also switches #[pymodule] to use PEP 489 multi-phase initialization internally. This should have no immediate functional impact other than preparing PyO3 to support newer technologies such as Python subinterpreters.

There are also many other incremental improvements, bug fixes and smaller features; full detail can be found in the CHANGELOG.

Please consult the migration guide for help upgrading.

Thank you to everyone who contributed code, documentation, design ideas, bug reports, and feedback. The following contributors' commits are included in this release:

@​ABorgna @​ahlinc @​alex @​altendky @​bazaah @​bschoenmaeckers @​chirizxc

... (truncated)

Changelog

Sourced from pyo3's changelog.

[0.28.2] - 2026-02-18

Fixed

• Fix complex enum __qualname__ not using python name #5815
• Fix FFI definition PyType_GetTypeDataSize (was incorrectly named PyObject_GetTypeDataSize). #5819
• Fix memory corruption when subclassing native types with abi3 feature on Python 3.12+ (newly enabled in PyO3 0.28.0). #5823

[0.28.1] - 2026-02-14

Fixed

• Fix *args / **kwargs support in experimental-async feature (regressed in 0.28.0). #5771
• Fix clippy::declare_interior_mutable_const warning inside #[pyclass] generated code on enums. #5772
• Fix ambiguous_associated_items compilation error when deriving FromPyObject or using #[pyclass(from_py_object)] macro on enums with Error variant. #5784
• Fix __qualname__ for complex #[pyclass] enum variants to include the enum name. #5796
• Fix missing std::sync::atomic::Ordering import for targets without atomic64. #5808

[0.28.0] - 2026-02-01

Packaging

• Bump MSRV to Rust 1.83. #5531
• Bump minimum supported quote version to 1.0.37. #5531
• Bump supported GraalPy version to 25.0. #5542
• Drop memoffset dependency. #5545
• Support for free-threaded Python is now opt-out rather than opt-in. #5564
• Bump target-lexicon dependency to 0.13.3. #5571
• Drop indoc and unindent dependencies. #5608

Added

• Add __init__ support in #[pymethods]. #4951
• Expose PySuper on PyPy, GraalPy and ABI3 #4951
• Add PyString::from_fmt and py_format! macro. #5199
• Add #[pyclass(new = "from_fields")] option. #5421
• Add pyo3::buffer::PyUntypedBuffer, a type-erased form of PyBuffer<T>. #5458
• Add PyBytes::new_with_writer #5517
• Add PyClass::NAME. #5579
• Add pyo3_build_config::add_libpython_rpath_link_args. #5624
• Add PyBackedStr::clone_ref and PyBackedBytes::clone_ref methods. #5654
• Add PyCapsule::new_with_pointer and PyCapsule::new_with_pointer_and_destructor for creating capsules with raw pointers. #5689
• Add #[deleter] attribute to implement property deleters in #[methods]. #5699
• Add IntoPyObject and FromPyObject implementations for uuid::NonNilUuid. #5707
• Add PyBackedStr::as_str and PyBackedStr::as_py_str methods. #5723
• Add support for subclassing native types (PyDict, exceptions, ...) when building for abi3 on Python 3.12+. #5733
• Add support for subclassing PyList when building for Python 3.12+. #5734
• FFI definitions:
  • Add FFI definitions PyEval_GetFrameBuiltins, PyEval_GetFrameGlobals and PyEval_GetFrameLocals on Python 3.13 and up. #5590
  • Add FFI definitions PyObject_New, PyObject_NewVar, PyObject_GC_Resize, PyObject_GC_New, and PyObject_GC_NewVar. #5591

... (truncated)

Commits

• 2b392c8 release: 0.28.2
• 7e44c1d fix complex enum __qualname__ not using python name (#5815)
• 75abd86 fix memory corruption when subclassing variable-size types (e.g. abi3 + 3.1...
• b62c7a2 Fix typo in PyType_GetTypeDataSize bindings (#5819)
• 45f49ff release: 0.28.1
• 56c34d6 Document Py_GIL_DISABLED in pyo3-build-config docs (#5810)
• 92bc9ef Avoid unused variable warning with a debug Python build (#5811)
• ca5df1a ci: re-enable list_get_item_unchecked benchmark on free-threaded build (#5812)
• 413d9b5 Fix missing std::sync::atomic::Ordering import for targets without atomic64...
• 1c764cd docs: improve messaging around #[pyclass(from_py_object)] change (#5798)
• Additional commits viewable in compare view

Updates spin from 0.9.8 to 0.10.0

Changelog

Sourced from spin's changelog.

[0.10.0] - 2025-03-26

Added

• Mutex::try_lock_weak
• RwLock::try_write_weak
• RwLock::try_upgrade_weak

Changed

• Updated MSRV to 1.60
• Use dep: syntax in Cargo.toml
• portable_atomic feature has been renamed to portable-atomic, for consistency.

Fixed

Commits

• See full diff in compare view

Updates regex from 1.12.2 to 1.12.3

Changelog

Sourced from regex's changelog.

1.12.3 (2025-02-03)

This release excludes some unnecessary things from the archive published to crates.io. Specifically, fuzzing data and various shell scripts are now excluded. If you run into problems, please file an issue.

Improvements:

• #1319: Switch from a Cargo exclude list to an include list, and exclude some unnecessary stuff.

Commits

• b028e4f 1.12.3
• 5e195de regex-automata-0.4.14
• a3433f6 regex-syntax-0.8.9
• 0c07fae regex-lite-0.1.9
• 6a81006 cargo: exclude development scripts and fuzzing data
• 4733e28 automata: fix onepass::DFA::try_search_slots panic when too many slots are ...
• See full diff in compare view

Updates uuid from 1.20.0 to 1.21.0

Release notes

Sourced from uuid's releases.

v1.21.0

What's Changed

• Update getrandom to 0.4 by @​KodrAus in uuid-rs/uuid#858
• feat: impl core::error::Error for Error by @​XAMPPRocky in uuid-rs/uuid#852
• Prepare for 1.21.0 release by @​KodrAus in uuid-rs/uuid#859

New Contributors

• @​XAMPPRocky made their first contribution in uuid-rs/uuid#852

Full Changelog: uuid-rs/uuid@v1.20.0...v1.21.0

Commits

• a38fa19 Merge pull request #859 from uuid-rs/cargo/v1.21.0
• e45b10f prepare for 1.21.0 release
• f6f5d48 Merge pull request #852 from XAMPPRocky/main
• 9bee4bd Merge branch 'main' into main
• cb8f156 Merge pull request #858 from uuid-rs/chore/getrandom-04
• a59c061 bump msrv to 1.85.0 for getrandom
• b9a3157 bump msrv to 1.81.0
• 2a0a7a3 force an earlier nightly for miri
• a6e0aa1 update rand to 0.10
• 576d47b update getrandom to 0.4
• Additional commits viewable in compare view

Updates jsonschema from 0.30.0 to 0.42.1

Release notes

Sourced from jsonschema's releases.

[Python] Release 0.42.1

Performance

• Reduce dynamic dispatch overhead for non-recursive $ref resolution.
• Cache ECMA regex transformations during format: "regex" validation.

Packaging

• Exclude rust-toolchain.toml from wheels. #1012

[Ruby] Release 0.42.1

Performance

• Reduce dynamic dispatch overhead for non-recursive $ref resolution.
• Cache ECMA regex transformations during format: "regex" validation.

[Rust] Release 0.42.1

Performance

• Reduce dynamic dispatch overhead for non-recursive $ref resolution.
• Cache ECMA regex transformations during format: "regex" validation.

[Python] Release 0.42.0

Fixed

• Panic when validating $ref targets that resolve to boolean schemas.

Performance

• Use FFI PyList_New + PyList_SetItem for array conversion to avoid reallocations.
• Cache ValidationError, ReferencingError, and decimal.Decimal types to avoid repeated module imports.
• Cache formatted schema locations to avoid repeated formatting during evaluate().
• Use as_str instead of to_string for type names in validation errors to avoid allocations.

[Rust] Release 0.42.0

Added

• JsonType::as_str method for zero-allocation type name access.
• ValidationErrorKind::keyword is now public.
• tls-ring feature flag to opt into using ring as the TLS crypto provider instead of the default aws-lc-rs. #997
• CLI: Support YAML (.yaml/.yml) instance files. #988

Changed

• BREAKING: Default TLS crypto provider switched back to aws-lc-rs. Users who need ring can opt in via the tls-ring feature flag. This resolves potential conflicts with other libraries using aws-lc-rs. #997

Fixed

• Panic when validating $ref targets that resolve to boolean schemas.

... (truncated)

Changelog

Sourced from jsonschema's changelog.

[0.42.1] - 2026-02-17

Performance

• Reduce dynamic dispatch overhead for non-recursive $ref resolution.
• Cache ECMA regex transformations during format: "regex" validation.

[0.42.0] - 2026-02-14

Added

• JsonType::as_str method for zero-allocation type name access.
• ValidationErrorKind::keyword is now public.
• tls-ring feature flag to opt into using ring as the TLS crypto provider instead of the default aws-lc-rs. #997
• CLI: Support YAML (.yaml/.yml) instance files in text output mode. #988

Changed

• BREAKING: Default TLS crypto provider switched back to aws-lc-rs. Users who need ring can opt in via the tls-ring feature flag. This resolves potential conflicts with other libraries using aws-lc-rs. #997

Fixed

• Panic when validating $ref targets that resolve to boolean schemas.

Performance

• Cache formatted schema locations with OnceLock to avoid repeated formatting during evaluate().

[0.41.0] - 2026-02-04

Performance

• Replace regex-based uri-template format validation with a hand-rolled RFC 6570 parser.
• Specialize items keyword for simple type schemas ({"type": "string"}, {"type": "number"}, etc.) to eliminate dynamic dispatch overhead.
• Precompute regex matches on known properties.
• Faster unevaluatedProperties validation via O(1) property lookup and short-circuit oneOf evaluation.
• Use HashMap for large set of properties.
• Lower HashMap threshold from 40 to 15 properties for faster property lookups.

[0.40.2] - 2026-01-30

Changed

• Exclude internal tracker field from ValidationError Debug output.
• Switch HTTP client TLS crypto backend from aws-lc-rs to ring to simplify building from source on some Linux distributions. #957

Fixed

• type: integer validation in Draft 4 now correctly accepts large integers outside the i64/u64 range when arbitrary-precision feature is enabled.

... (truncated)

Commits

• 9ea8fe0 chore(ruby): Release 0.42.1
• 283f8ca chore(python): Release 0.42.1
• b1584ef chore(rust): Release 0.42.1
• cc885c5 chore(python): Exclude rust-toolchain.toml from wheels
• fb48493 perf: Cache ECMA regex transformations during format: "regex" validation
• e385dc9 perf: Metaschema validation benchmarks
• 3a0e590 build(deps): update serde-saphyr requirement from 0.0.18 to 0.0.19
• ab25304 perf: Reduce dynamic dispatch overhead for non-recursive $ref resolution
• 61b2ab4 docs(ruby): Update readme
• 7b78864 build(deps): bump werkzeug from 2.2.3 to 3.1.5 in /crates/jsonschema-py
• Additional commits viewable in compare view

Updates chrono from 0.4.43 to 0.4.44

Release notes

Sourced from chrono's releases.

0.4.44

What's Changed

• docs: match MSRV with Cargo.toml contents by @​coryan in chronotope/chrono#1772
• Add track_caller to non-deprecated functions by @​svix-jplatte in chronotope/chrono#1774

Commits

• c14b459 Bump version to 0.4.44
• ea832c5 Add track_caller to non-deprecated functions
• cfae889 Fix panic message in to_rfc2822
• f8900b5 docs: match MSRV with Cargo.toml contents
• See full diff in compare view

Updates rand from 0.9.2 to 0.10.0

Changelog

Sourced from rand's changelog.

[0.10.0] - 2026-02-08

Changes

• The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
• Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
• Use Edition 2024 and MSRV 1.85 (#1653)
• Let Fill be implemented for element types, not sliceable types (#1652)
• Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
• Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
• Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
• Remove Clone support for StdRng, ReseedingRng (#1677)
• Use postcard instead of bincode to test the serde feature (#1693)
• Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
• Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
• Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

• Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
• Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
• Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
• Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

• Removed ReseedingRng (#1722)
• Removed unused feature "nightly" (#1732)
• Removed feature small_rng (#1732)

#1632: rust-random/rand#1632 #1642: rust-random/rand#1642 #1649: rust-random/rand#1649 #1652: rust-random/rand#1652 #1653: rust-random/rand#1653 #1659: rust-random/rand#1659 #1665: rust-random/rand#1665 #1669: rust-random/rand#1669 #1674: rust-random/rand#1674 #1677: rust-random/rand#1677 #1693: rust-random/rand#1693 #1695: rust-random/rand#1695 #1697: rust-random/rand#1697 #1717: rust-random/rand#1717 #1722: rust-random/rand#1722 #1732: rust-random/rand#1732 #1734: rust-random/rand#1734

Commits

• acc5f24 Prepare v0.10.0 releases (#1729)
• 95c5165 Add fn rand::make_rng (#1734)
• 146da58 CHANGELOG: add PR links (#1738)
• 8cacd6d README tweaks (#1737)
• 28e3df8 Update chacha20: use ChaChaCore directly; remove bytes_until_reseed field (#1...
• 03db311 Replace fn reseed_and_generate with try_to_reseed
• b14483e Apply inline attr to fn generate
• fda8f74 Remove bytes_until_reseed field
• 213bb3b Bump chacha20 to 0.10.0-rc.11
• 72afe1e Minor tweaks; prepare v0.10.0-rc.9 (#1736)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions