Skip to content

deps: bump cbor2 from 5.9.0 to 6.0.1#143

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cbor2-6.0.1
Closed

deps: bump cbor2 from 5.9.0 to 6.0.1#143
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cbor2-6.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps cbor2 from 5.9.0 to 6.0.1.

Release notes

Sourced from cbor2's releases.

6.0.1

  • Fixed an error in the mutability logic during decoding, leading to values being decoded as immutable in unexpected places (#295)

6.0.0

  • No changes since v6.0.0rc1

6.0.0rc1

  • MAJOR REWRITE: The Python and C implementations of the encoder and decoder were replaced with a single, Rust-based implementation in the interest of maintainability.

    Here are some of the highlights:

    • Improved memory safety (100% safe-mode Rust)
    • Complete elimination of reference leaks
    • Support for free-threading and subinterpreters
    • Substantially improved performance
    • Improved decoder error handling where any non-base exception gets wrapped in a CBORDecodeError
    • Iterative, rather than recursive decoding, meaning the container nesting depth is limited only by the available memory, rather than the C stack size
  • BACKWARD INCOMPATIBLE Changed the signature of the tag_hook decoder callables to accept (CBORTag, immutable as arguments instead of CBORDecoder, CBORTag)

  • BACKWARD INCOMPATIBLE Changed the signature of the object_hook decoder callables to accept (Mapping[Any, Any], bool) instead of (CBORDecoder, dict[Any, Any])

  • BACKWARD INCOMPATIBLE Removed the break_marker singleton as no longer necessary

  • BACKWARD INCOMPATIBLE Removed the CBORDecodeValueError exception, instead chaining ValueError or TypeError to a CBORDecodeError

  • BACKWARD INCOMPATIBLE Changed the decoding of semantic tag 261 to yield an IPv4Interface or IPv6Interface if the address contains host bits

  • BACKWARD INCOMPATIBLE Removed the individual decoding functions from the API as they were mistakenly called directly by users. Please open an issue if you need them back.

  • BACKWARD INCOMPATIBLE Changed the encoding of IP addresses to use the semantic tags 52 and 54 instead of the deprecated 260 and 261 (#232)

  • BACKWARD INCOMPATIBLE Dropped the deprecated cbor2.decoder and cbor2.encoder modules – everything in the API is now importable directly from cbor2

  • BACKWARD INCOMPATIBLE The cbor2.FrozenDict class has now been renamed frozendict and is not available on Python 3.15 where the built-in frozendict class must be used instead

  • Added the semantic_decoders decoder option to add or override decoders for specific semantic tags

  • Added the immutable decoder flag to always use immutable containers where possible when decoding a CBOR stream

  • Added the allow_indefinite decoder option to optionally disallow indefinite-length strings and containers

  • Dropped support for Python 3.9

  • Fixed the decoder not rejecting invalid two-byte simple value sequences (0xF800 - 0xF81F)

Commits
  • 3d22272 Bumped up the version
  • 7e07ab5 Fixed ContinueFrame handler not mutating the immutable flag in the current frame
  • 03c656c Marked the 6.x series as supported
  • 516c1a2 Bumped up the version
  • c175272 [pre-commit.ci] pre-commit autoupdate (#294)
  • 547186a [pre-commit.ci] pre-commit autoupdate (#292)
  • c544b4b Install tzdata for Windows when testing
  • 9d95436 Removed timezones workaround in Hypothesis strategies
  • ffd7030 Bump the github-actions group with 3 updates (#293)
  • 71b0e95 Install Rust in the RTD build job
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [cbor2](https://github.com/agronholm/cbor2) from 5.9.0 to 6.0.1.
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Commits](agronholm/cbor2@5.9.0...6.0.1)

---
updated-dependencies:
- dependency-name: cbor2
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
dependabot Bot requested a review from KayronCalloway as a code owner May 4, 2026 19:29
@dependabot @github

dependabot Bot commented on behalf of github May 19, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #158.

@dependabot dependabot Bot closed this May 19, 2026
@dependabot
dependabot Bot deleted the dependabot/pip/cbor2-6.0.1 branch May 19, 2026 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants