fix(deps): bump pyo3 to 0.28 to clear RUSTSEC-2025-0020

davidsmfreire · claude · davidsmfreire · commit 9c278bb4992a · 2026-04-25T15:26:04.000+01:00
pyo3 0.19.2 has a buffer-overflow advisory in `PyString::from_object`
(fixed in 0.24.1). Bump to 0.28 and migrate the `#[pymodule]` entry
point to the `Bound&lt;'_, PyModule&gt;` API introduced in 0.21.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/sqlshield-py/Cargo.toml b/sqlshield-py/Cargo.toml
@@ -19,5 +19,5 @@ crate-type = ["cdylib"]
 
 
 [dependencies]
-pyo3 = "0.19.0"
+pyo3 = "0.28"
 sqlshield = { workspace = true }
diff --git a/sqlshield-py/src/lib.rs b/sqlshield-py/src/lib.rs
@@ -44,8 +44,8 @@ fn validate_query(query: &str, schema: &str) -> PyResult<Vec<String>> {
 
 /// A Python module implemented in Rust.
 #[pymodule]
-fn sqlshield(_py: Python, m: &PyModule) -> PyResult<()> {
-    m.add_class::<PySqlValidationError>().unwrap();
+fn sqlshield(m: &Bound<'_, PyModule>) -> PyResult<()> {
+    m.add_class::<PySqlValidationError>()?;
     m.add_function(wrap_pyfunction!(validate_files, m)?)?;
     m.add_function(wrap_pyfunction!(validate_query, m)?)?;
     Ok(())
