Skip to content

deps: bump cbor2 from 5.9.0 to 6.1.1#158

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cbor2-6.1.1
Open

deps: bump cbor2 from 5.9.0 to 6.1.1#158
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cbor2-6.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Copy link
Copy Markdown
Contributor

Bumps cbor2 from 5.9.0 to 6.1.1.

Release notes

Sourced from cbor2's releases.

6.1.1

  • Fixed cbor2.load() returning corrupted data for payloads exceeding 4096 bytes (#304)

6.1.0

  • Added the allow_duplicate_keys parameter to CBORDecoder, load and loads (default: True). When set to False, a CBORDecodeError is raised upon encountering a duplicate key within the same map. (#283)
  • Added support for decoding from any object supporting the buffer API (e.g. memoryview or bytearray) in addition to bytes (#297)
  • Fixed compatibility issues with 32-bit systems (#300)

6.0.1

  • Fixed an error in the mutability logic during decoding, leading to values being decoded as immutable in unexpected places (#295)

6.0.0

  • No changes since v6.0.0rc1

6.0.0rc1

  • MAJOR REWRITE: The Python and C implementations of the encoder and decoder were replaced with a single, Rust-based implementation in the interest of maintainability.

    Here are some of the highlights:

    • Improved memory safety (100% safe-mode Rust)
    • Complete elimination of reference leaks
    • Support for free-threading and subinterpreters
    • Substantially improved performance
    • Improved decoder error handling where any non-base exception gets wrapped in a CBORDecodeError
    • Iterative, rather than recursive decoding, meaning the container nesting depth is limited only by the available memory, rather than the C stack size
  • BACKWARD INCOMPATIBLE Changed the signature of the tag_hook decoder callables to accept (CBORTag, immutable as arguments instead of CBORDecoder, CBORTag)

  • BACKWARD INCOMPATIBLE Changed the signature of the object_hook decoder callables to accept (Mapping[Any, Any], bool) instead of (CBORDecoder, dict[Any, Any])

  • BACKWARD INCOMPATIBLE Removed the break_marker singleton as no longer necessary

  • BACKWARD INCOMPATIBLE Removed the CBORDecodeValueError exception, instead chaining ValueError or TypeError to a CBORDecodeError

  • BACKWARD INCOMPATIBLE Changed the decoding of semantic tag 261 to yield an IPv4Interface or IPv6Interface if the address contains host bits

  • BACKWARD INCOMPATIBLE Removed the individual decoding functions from the API as they were mistakenly called directly by users. Please open an issue if you need them back.

  • BACKWARD INCOMPATIBLE Changed the encoding of IP addresses to use the semantic tags 52 and 54 instead of the deprecated 260 and 261 (#232)

  • BACKWARD INCOMPATIBLE Dropped the deprecated cbor2.decoder and cbor2.encoder modules – everything in the API is now importable directly from cbor2

  • BACKWARD INCOMPATIBLE The cbor2.FrozenDict class has now been renamed frozendict and is not available on Python 3.15 where the built-in frozendict class must be used instead

  • Added the semantic_decoders decoder option to add or override decoders for specific semantic tags

  • Added the immutable decoder flag to always use immutable containers where possible when decoding a CBOR stream

  • Added the allow_indefinite decoder option to optionally disallow indefinite-length strings and containers

... (truncated)

Commits
  • 3e7bc53 Bumped up the version
  • 985d54c Fixed read() and read_exact() not respecting read_position
  • 2bf399c Bumped up the version
  • bde5a9f [pre-commit.ci] pre-commit autoupdate (#303)
  • d2bbecc Make 32-bit builds when appropriate
  • c9b8190 Fixed compatibility with 32-bit systems (#301)
  • 348ad10 Fixed cargo pre-commit hooks
  • 8aaac16 Fixed two more build issues on 32-bit systems
  • 93e391a Fixed build failing on 32-bit systems
  • b5d7f8b Broadened decoder support to any type supporting the buffer interface (#298)
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github May 19, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Bumps [cbor2](https://github.com/agronholm/cbor2) from 5.9.0 to 6.1.1.
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Commits](agronholm/cbor2@5.9.0...6.1.1)

---
updated-dependencies:
- dependency-name: cbor2
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/cbor2-6.1.1 branch from e01a853 to adee6a4 Compare May 27, 2026 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants