From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue, 3 Jun 2025 21:29:25 +0000 (+0100)
Subject: oeqa/maturin/guessing-game: Bump dependencies to avoid security warning
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e817e6e4d53543766b935479b148a1950cc37c8;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

oeqa/maturin/guessing-game: Bump dependencies to avoid security warning

The Cargo.toml lock for guessing-game, used to test maturin has a minor security
advisory which keeps tripping up github's automated security analysis, "PyO3
Risk of buffer overflow in `PyString::from_object`".

Bump the minimum version requirement for pyo3 to avoid this warning even if it
isn't anything critical and just automated tests.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml b/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml
index de95025e863..a78ada2593d 100644
--- a/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml
+++ b/meta/lib/oeqa/files/maturin/guessing-game/Cargo.toml
@@ -14,7 +14,7 @@ crate-type = ["cdylib"]
 rand = "0.8.4"
 
 [dependencies.pyo3]
-version = "0.19.0"
+version = "0.24.1"
 # "abi3-py38" tells pyo3 (and maturin) to build using the stable ABI with minimum Python version 3.8
 features = ["abi3-py38"]