Skip to content

Bump cbor2 from 5.9.0 to 6.1.0 in /openc3/python#3370

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/openc3/python/cbor2-6.1.0
Open

Bump cbor2 from 5.9.0 to 6.1.0 in /openc3/python#3370
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/openc3/python/cbor2-6.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 13, 2026

Bumps cbor2 from 5.9.0 to 6.1.0.

Release notes

Sourced from cbor2's releases.

6.1.0

  • Added the allow_duplicate_keys parameter to CBORDecoder, load and loads (default: True). When set to False, a CBORDecodeError is raised upon encountering a duplicate key within the same map. (#283)
  • Added support for decoding from any object supporting the buffer API (e.g. memoryview or bytearray) in addition to bytes (#297)
  • Fixed compatibility issues with 32-bit systems (#300)

6.0.1

  • Fixed an error in the mutability logic during decoding, leading to values being decoded as immutable in unexpected places (#295)

6.0.0

  • No changes since v6.0.0rc1

6.0.0rc1

  • MAJOR REWRITE: The Python and C implementations of the encoder and decoder were replaced with a single, Rust-based implementation in the interest of maintainability.

    Here are some of the highlights:

    • Improved memory safety (100% safe-mode Rust)
    • Complete elimination of reference leaks
    • Support for free-threading and subinterpreters
    • Substantially improved performance
    • Improved decoder error handling where any non-base exception gets wrapped in a CBORDecodeError
    • Iterative, rather than recursive decoding, meaning the container nesting depth is limited only by the available memory, rather than the C stack size

  • BACKWARD INCOMPATIBLE Changed the signature of the tag_hook decoder callables to accept (CBORTag, immutable as arguments instead of CBORDecoder, CBORTag)

  • BACKWARD INCOMPATIBLE Changed the signature of the object_hook decoder callables to accept (Mapping[Any, Any], bool) instead of (CBORDecoder, dict[Any, Any])

  • BACKWARD INCOMPATIBLE Removed the break_marker singleton as no longer necessary

  • BACKWARD INCOMPATIBLE Removed the CBORDecodeValueError exception, instead chaining ValueError or TypeError to a CBORDecodeError

  • BACKWARD INCOMPATIBLE Changed the decoding of semantic tag 261 to yield an IPv4Interface or IPv6Interface if the address contains host bits

  • BACKWARD INCOMPATIBLE Removed the individual decoding functions from the API as they were mistakenly called directly by users. Please open an issue if you need them back.

  • BACKWARD INCOMPATIBLE Changed the encoding of IP addresses to use the semantic tags 52 and 54 instead of the deprecated 260 and 261 (#232)

  • BACKWARD INCOMPATIBLE Dropped the deprecated cbor2.decoder and cbor2.encoder modules – everything in the API is now importable directly from cbor2

  • BACKWARD INCOMPATIBLE The cbor2.FrozenDict class has now been renamed frozendict and is not available on Python 3.15 where the built-in frozendict class must be used instead

  • Added the semantic_decoders decoder option to add or override decoders for specific semantic tags

  • Added the immutable decoder flag to always use immutable containers where possible when decoding a CBOR stream

  • Added the allow_indefinite decoder option to optionally disallow indefinite-length strings and containers

  • Dropped support for Python 3.9

  • Fixed the decoder not rejecting invalid two-byte simple value sequences (0xF800 - 0xF81F)

Commits
  • 2bf399c Bumped up the version
  • bde5a9f [pre-commit.ci] pre-commit autoupdate (#303)
  • d2bbecc Make 32-bit builds when appropriate
  • c9b8190 Fixed compatibility with 32-bit systems (#301)
  • 348ad10 Fixed cargo pre-commit hooks
  • 8aaac16 Fixed two more build issues on 32-bit systems
  • 93e391a Fixed build failing on 32-bit systems
  • b5d7f8b Broadened decoder support to any type supporting the buffer interface (#298)
  • 076f753 Added the allow_duplicate_keys decoding parameter
  • 68ebe9d Added pre-commit checks for Rust
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump cbor2 from 5.9.0 to 6.1.0 in /openc3/python
01ee3d9 
Bumps [cbor2](https://github.com/agronholm/cbor2) from 5.9.0 to 6.1.0.
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Commits](agronholm/cbor2@5.9.0...6.1.0)

---
updated-dependencies:
- dependency-name: cbor2
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 13, 2026
@dependabot dependabot Bot mentioned this pull request May 13, 2026
Closed
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 13, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@jmthomas jmthomas self-requested a review May 15, 2026 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmthomas jmthomas Awaiting requested review from jmthomas

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants