chore(deps): update pyo3 requirement from 0.19 to 0.28

[dependabot]

Updates the requirements on pyo3 to permit the latest version.

Release notes

Sourced from pyo3's releases.

PyO3 0.28.3

This patch contains several fixes for stability of the PyO3 0.28.x series:

• Python::attach and Python::try_attach will no longer return before the thread initializing the interpreter has finished runnning site.py when using the auto-initialize feature.
• Fix unsoundness in PyBytesWriter::write_vectored when targeting the Python 3.15 prerelease interpreter.
• Fix possible deadlock in .into_pyobject() implementation for C-like #[pyclass] enums.

A couple of edge cases causing compile failures were also fixed.

Thank you to the following contributors for the improvements:

@​alex @​bschoenmaeckers @​chirizxc @​davidhewitt @​Embers-of-the-Fire @​Icxolu @​maurosilber @​ngoldbaum

Changelog

Sourced from pyo3's changelog.

[0.28.3] - 2026-04-02

Fixed

• Fix compile error with #[pyclass(get_all)] on a type named Probe. #5837
• Fix compile error in debug builds related to _Py_NegativeRefcount with Python < 3.12. #5847
• Fix a race condition where Python::attach or try_attach could return before site.py had finished running. #5903
• Fix unsoundness in PyBytesWriter::write_vectored with Python 3.15 prerelease versions. #5907
• Fix deadlock in .into_pyobject() implementation for C-like #[pyclass] enums. #5928

[0.28.2] - 2026-02-18

Fixed

• Fix complex enum __qualname__ not using python name #5815
• Fix FFI definition PyType_GetTypeDataSize (was incorrectly named PyObject_GetTypeDataSize). #5819
• Fix memory corruption when subclassing native types with abi3 feature on Python 3.12+ (newly enabled in PyO3 0.28.0). #5823

[0.28.1] - 2026-02-14

Fixed

• Fix *args / **kwargs support in experimental-async feature (regressed in 0.28.0). #5771
• Fix clippy::declare_interior_mutable_const warning inside #[pyclass] generated code on enums. #5772
• Fix ambiguous_associated_items compilation error when deriving FromPyObject or using #[pyclass(from_py_object)] macro on enums with Error variant. #5784
• Fix __qualname__ for complex #[pyclass] enum variants to include the enum name. #5796
• Fix missing std::sync::atomic::Ordering import for targets without atomic64. #5808

[0.28.0] - 2026-02-01

Packaging

• Bump MSRV to Rust 1.83. #5531
• Bump minimum supported quote version to 1.0.37. #5531
• Bump supported GraalPy version to 25.0. #5542
• Drop memoffset dependency. #5545
• Support for free-threaded Python is now opt-out rather than opt-in. #5564
• Bump target-lexicon dependency to 0.13.3. #5571
• Drop indoc and unindent dependencies. #5608

Added

• Add __init__ support in #[pymethods]. #4951
• Expose PySuper on PyPy, GraalPy and ABI3 #4951
• Add PyString::from_fmt and py_format! macro. #5199
• Add #[pyclass(new = "from_fields")] option. #5421
• Add pyo3::buffer::PyUntypedBuffer, a type-erased form of PyBuffer<T>. #5458
• Add PyBytes::new_with_writer #5517
• Add PyClass::NAME. #5579
• Add pyo3_build_config::add_libpython_rpath_link_args. #5624

... (truncated)

Commits

• 743af64 release: 0.28.3
• 2042b4c fix deadlock when initializing enum via into_pyobject() (#5928)
• 0157247 ci: update UI tests for Rust 1.94 (#5859)
• e234f8a Update getting-started.md (#5899)
• c06848d fix ffi-check in 3.15.0a7 (#5873)
• 83f4283 remove unused try_trait_v2 feature when enabling the nightly feature (#5868)
• 0de57ed Fix unsoundness in PyBytesWriter::write_vectored (#5907)
• 49cd13f fixes #5900 -- address race condition with initialization and site.py loading...
• c90d163 [fix] Fix std::ffi import for _Py_NegativeRefcount (#5847)
• b79d725 fix(pyo3-macros): allow pyclass named Probe (#5837)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.