Skip to content

Bump cbor2 from 6.1.2 to 6.1.3 in /openc3/python#3549

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/openc3/python/cbor2-6.1.3
Open

Bump cbor2 from 6.1.2 to 6.1.3 in /openc3/python#3549
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/openc3/python/cbor2-6.1.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps cbor2 from 6.1.2 to 6.1.3.

Release notes

Sourced from cbor2's releases.

6.1.3

  • Fixed the decoder registering 6-byte strings in the string reference namespace at indices 65536–4294967295 where the encoder does not, desynchronising the namespace and resolving later string references to the wrong value (#313; PR by @​sahvx655-wq)
  • Fixed the IPv4/IPv6 network decoders (tags 52 and 54) silently truncating an address byte string that is longer than the address size instead of rejecting it as malformed (#309; PR by @​sahvx655-wq)
  • Fixed quadratic decoding time for indefinite-length and large definite-length byte and text strings, caused by concatenating each chunk onto the accumulated result with + instead of building the result once (#316; PR by @​sahvx655-wq)
  • Fixed datetime_as_timestamp encoding whole-second datetimes before 1970 or after 2106 as floats instead of integers, because the timestamp was narrowed through an unsigned 32-bit integer (#317; PR by @​sahvx655-wq)
  • Fixed the encoder measuring text strings by code point count instead of UTF-8 byte length when deciding whether to add them to the string reference namespace, desynchronising it from the decoder (which counts bytes) and corrupting later string references for non-ASCII strings (#314; PR by @​sahvx655-wq)
  • Fixed the decoder rejecting scoped IPv6 addresses (tag 54) with a CBORDecodeError reading invalid types in input array; the encoder emits them as [address, null, zone id] but the decoder only handled the network and interface array forms, so a scoped ~ipaddress.IPv6Address could not be decoded back (#324; PR by @​sahvx655-wq)
Commits
  • 5820bd4 Bumped up the version
  • 8bb0466 Bump the github-actions group with 2 updates (#323)
  • 00e3dea Decode scoped IPv6 addresses instead of rejecting them (#324)
  • aeff00b Measure text strings by byte length in maybe_stringref (#314)
  • 1c827f1 Encode whole-second datetime timestamps as integers across full range (#317)
  • 791172c Worked around coveralls not working with Homebrew 6
  • 32f66ee [pre-commit.ci] pre-commit autoupdate (#322)
  • 1d5054e Switched to quarterly pre-commit updates
  • c348bbf [pre-commit.ci] pre-commit autoupdate (#319)
  • 6625bc1 Optimized bytestring and text string decoding (#316)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [cbor2](https://github.com/agronholm/cbor2) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Commits](agronholm/cbor2@6.1.2...6.1.3)

---
updated-dependencies:
- dependency-name: cbor2
  dependency-version: 6.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 8, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​cbor2@​6.1.2 ⏵ 6.1.3100 +1100100100100

View full report

@sonarqubecloud

sonarqubecloud Bot commented Jul 8, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants