chore(deps): Update pyo3 requirement from 0.20 to 0.27#5
Closed
dependabot[bot] wants to merge 1 commit into
Closed
chore(deps): Update pyo3 requirement from 0.20 to 0.27#5dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
force-pushed
the
dependabot/cargo/pyo3-0.27
branch
from
8a5e7f5 to
1ac0fd6
Compare
Updates the requirements on [pyo3](https://github.com/pyo3/pyo3) to permit the latest version. - [Release notes](https://github.com/pyo3/pyo3/releases) - [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md) - [Commits](PyO3/pyo3@v0.20.0...v0.27.1) --- updated-dependencies: - dependency-name: pyo3 dependency-version: 0.27.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/pyo3-0.27
branch
from
1ac0fd6 to
5459474
Compare
petitan
added a commit
that referenced
this pull request
Dec 4, 2025
MongoDB treats null as a value for unique constraint purposes. Previously, documents with null or missing fields in unique indexes were incorrectly allowed to insert multiple times. Changes: - Unique indexes now include null keys (add_document_to_indexes) - Unique constraint check no longer skips null keys (check_unique_constraints) - Index rebuild includes null keys for unique indexes - Added 3 regression tests for BUG #5 Also includes shared IndexManager refactoring to fix stale index issue: - IndexManager instances now shared via Arc<RwLock> in DatabaseCore - Prevents stale index state across multiple collection() calls - Merged btree.rs into index.rs for cleaner architecture 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Dec 20, 2025
Changes: - Add WiX manifest (mcp-server/wix/main.wxs) with: - Windows Service installation (auto-start) - Start Menu shortcuts (HTTP + stdio modes) - ProgramData folder for config/database - Upgrade support (MajorUpgrade) - Add MIT License in RTF format for installer - Update release.yml to build MSI installer Also includes: - fix(core): WAL ABORT on persist failure (BUG #5) - fix(core): batch_update_indexes for compound/fuzzy/fulltext - fix(core): collection_write_locks cleanup in drop_collection - feat(tui): fulltext search modal with F3 shortcut - test: regression tests for BUG #1, #3, schema cache 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Dec 21, 2025
…ation BUG #1: $pull unknown operator now returns false (was true - caused data loss) BUG #2: $inc uses saturating_add to prevent integer overflow corruption BUG #3: Query cache uses consistent lock ordering to prevent TOCTOU race BUG #4: $inc validates numeric values and returns error for non-numeric BUG #5: $push $position validates non-negative values BUG #6: compare_values uses integer comparison first for precision BUG #7: $first/$last returns null instead of error for missing fields 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Dec 21, 2025
CRITICAL: - BUG #1: Transaction commit/rollback now uses write lock (was read lock - race condition) - BUG #2: max_operations=0 now uses default limit (was unlimited - DoS vulnerability) - BUG #3: switch_database acquires write lock before existence check (TOCTOU fix) - BUG #4: API key serialization uses ? instead of unwrap (was panic risk) HIGH: - BUG #5: Script versioning uses optimistic locking with version check (race condition fix) - BUG #6: API key cache logs errors instead of silent ignore - BUG #7: Script delete checks for dependent scripts before deletion - BUG #8: TLS key file read once into memory, no double-open - BUG #9: Collection flags update uses write lock (was read lock) MEDIUM: - BUG #10: Projection validation checks values before truncating cast - BUG #12: Script name validation added (same rules as collection names) - BUG #13: Directory creation failures logged instead of silent ignore - BUG #14: All unwrap/expect calls replaced with proper error handling NOT A BUG: - BUG #11: parking_lot::Mutex doesn't poison (verified) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Dec 21, 2025
BUG #1: Signal handler panic - .expect() replaced with graceful error handling BUG #2: Error response body read - unwrap_or_default() replaced with proper error handling BUG #3: JSON serialization - .ok() replaced with serialize_response() helper BUG #4: stdout write errors - detect broken pipe and exit gracefully BUG #5: DoS via unbounded batch - add MAX_BATCH_SIZE limit (1000) BUG #6: DoS via response size - add MAX_RESPONSE_SIZE limit (10MB) BUG #7: SSRF via URL parsing - use url crate for proper URL construction BUG #8: Insecure TLS mode - add prominent warning banner BUG #9: Notification errors silent - log notification forward errors BUG #10: Health check sleep overflow - cap backoff to MAX_HEALTH_BACKOFF_MS BUG #11: Empty batch allowed - reject per JSON-RPC 2.0 spec BUG #12: Missing jsonrpc validation - validate "2.0" version field 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Dec 21, 2025
CRITICAL: - BUG #1: UTF-8 byte slicing in error.rs wrap_text() - use char count - BUG #2: UTF-8 byte slicing in main.rs command bar truncation HIGH: - BUG #3: UTF-8 byte slicing in fulltext.rs format_doc_preview() - BUG #4: UTF-8 byte slicing in api_key.rs truncate() - BUG #5: Added timeout to stdio transport to prevent deadlock - BUG #6: Unsafe unwrap in detail.rs - use if-let pattern - BUG #7: Unsafe iterator unwrap in detail.rs - use while-let All string slicing operations now use .chars().count() and .chars().take(n).collect() for UTF-8 safety with Hungarian text. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Jan 6, 2026
Bug fixes for timeout/cancellation not being enforced in several code paths: ## Critical fixes (BUG #3, #4, #11) - filter_doc_ids_by_query: Now checks deadline BEFORE expensive regex matching - collect_doc_ids_for_logical_operator: Propagates cancel_flag/deadline to all branches (And/Or/Nor) - distinct_with_ctx: Was ignoring ctx parameter, now properly extracts and passes deadline ## Medium severity fixes (BUG #1, #2, #5) - FAST PATH: Added deadline check before returning cached/fast results - collect_doc_ids_from_plan: Added cancel_flag/deadline parameters - find_with_index: Added ctx parameters for future support ## ACID Safety Write operations (insert/update/delete) explicitly pass None for deadline to preserve atomicity - only READ operations can be interrupted. ## Documentation - Added deadline propagation docs to QueryExecutionContext - Added timeout behavior docs to filter_doc_ids_by_query Propagation chain: collect_doc_ids_with_options → collect_doc_ids_from_plan → collect_doc_ids_for_logical_operator → filter_doc_ids_by_query → scan_documents_with_early_termination 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Jan 14, 2026
Bug fixes for timeout/cancellation not being enforced in several code paths: ## Critical fixes (BUG #3, #4, #11) - filter_doc_ids_by_query: Now checks deadline BEFORE expensive regex matching - collect_doc_ids_for_logical_operator: Propagates cancel_flag/deadline to all branches (And/Or/Nor) - distinct_with_ctx: Was ignoring ctx parameter, now properly extracts and passes deadline ## Medium severity fixes (BUG #1, #2, #5) - FAST PATH: Added deadline check before returning cached/fast results - collect_doc_ids_from_plan: Added cancel_flag/deadline parameters - find_with_index: Added ctx parameters for future support ## ACID Safety Write operations (insert/update/delete) explicitly pass None for deadline to preserve atomicity - only READ operations can be interrupted. ## Documentation - Added deadline propagation docs to QueryExecutionContext - Added timeout behavior docs to filter_doc_ids_by_query Propagation chain: collect_doc_ids_with_options → collect_doc_ids_from_plan → collect_doc_ids_for_logical_operator → filter_doc_ids_by_query → scan_documents_with_early_termination 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Jan 26, 2026
…nt_documents_with_ctx FIX #5-6-7 extension: The previous commit missed two code paths used by MCP: - find_with_options(): Added _id fast path with normalization (MCP find always sets a limit, so previous fast path never triggered) - count_documents_with_ctx(): Added normalization to single _id query (count_documents() had it, but _with_ctx variant didn't) All _id fast paths now consistently handle string/int conversion: - {"_id": "123"} correctly matches DocumentId::Int(123) Tested via MCP server - all CRUD operations now work with string _id. Version: v0.3.96, MCP v1.0.286 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
petitan
added a commit
that referenced
this pull request
Apr 29, 2026
…ve tests inline (code-stasi AKTA #5) The previous `DatabaseCore::<StorageEngine>::__simulate_crash_for_test` was `pub #[doc(hidden)]` — hidden from rustdoc but still reachable from any crate-external caller. The function deliberately leaks a `StorageEngine` via `std::mem::forget` after releasing the file lock; a production caller stumbling onto it via autocomplete (the `__` prefix alone does not protect) would silently leak the storage handle and keep the `.mlite.lock` fd open for the rest of the process lifetime. Fix: gate the helper with `#[cfg(test)]` so the symbol never appears in non-test builds. To keep the 6 crash-recovery integration tests reachable, move them from `tests/wal_replay_recovery_test.rs` (separate crate, needs public API) into an inline `#[cfg(test)] mod wal_replay_tests` inside `database/mod.rs`. Each test is unchanged; the call site simply becomes `db.simulate_crash_for_test()` (no `__`, no doc_hidden). Side effect: the test name also drops its `__` Stutter, and the module doc comment records why the relocation happened so nobody reintroduces a `pub` version by mistake. 6/6 `wal_replay_tests::*` green, 1023 lib tests unchanged (now 1029 with the moved tests). Nothing removed from production API. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
petitan
added a commit
that referenced
this pull request
Jun 11, 2026
…ad-code cleanup (v1.0.534) (#106) * fix(aggregate): CountOnly fast path — spurious empty-input doc + multiplier overflow The count-only fast path emitted `[{_id:null, <field>:0}]` for empty input (empty collection or a `$match` that filters everything out) where the streaming `$group` path and MongoDB return `[]`. Separately, `(count as i64) * multiplier` could panic in debug builds / silently wrap in release on overflow, while the streaming accumulator saturates. Guard the empty `$group` case (skip the output doc when count==0) and switch to `saturating_mul`. Adds regression tests: empty input, empty input with a trailing `$project`, and i64::MAX saturation. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(aggregate): $count over empty input returns [] (MongoDB compat) $count is sugar for `{$group:{_id:null,n:{$sum:1}}},{$project:{_id:0}}`, and a `_id: null` $group emits nothing for zero input rows. IronBase's streaming $group path already returned [], but the $count stage returned [{<field>:0}] — an internal inconsistency. Make all $count materialization sites agree: the Vec path (CountStage::execute), both streaming branches in pipeline.rs, and the count-only fast path (the guard generalizes from `include_id && count==0` to `count==0`, since $count now also returns [] for empty input). Adds regression tests for each path (fast path, streamed $project, $count of an empty $group, and the streaming unit path). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * refactor(aggregate): remove dead planner code (Phase-2 cost model + CountByField) The "Phase 2" cost model (LogicalPlan, PhysicalPlan, select_plan, CollectionStats, CostEstimate) had no live consumer — only its own unit tests. The CountByField fast-path detection (FastPath::CountByField, GroupShape::is_count_by_field, is_sort_limit_pattern, is_index_minmax) computed a value that aggregate.rs immediately discarded; the real index-based per-field count is decided independently by GroupStage::can_use_index / try_index_based_execute_with_context, so removing the discarded detection collapses two sources of truth to one. ~330 lines deleted, no behavior change. Also bumps versions (core 0.3.340 / mcp 1.0.534) and records the #1–#5 aggregate-planner-review fixes in CHANGELOG. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(aggregate): index-based $group count overflow + stale planner references A fresh /code-review pass over the branch diff found that the v1.0.533 saturating_mul fix covered only the CountOnly fast path — the index-based $group execution (try_index_based_execute_with_context and the legacy try_index_based_execute in group_stage.rs) still computed `n * count` with plain `*`: debug panic / silent release wrap for [{$group:{_id:"$city",t:{$sum:i64::MAX}}}] over an indexed field, while the streaming accumulator saturates. Both sites now use saturating_mul; regression test test_index_based_group_count_saturates_multiplier_overflow. Also closes the review's documentation findings: the $count empty-input shape change is now labeled BREAKING in CHANGELOG with a migration note (repo convention, cf. #68/#69); docs/AGGREGATION_OPTIMIZER_PLAN.md gets a status note that the Phase-2 cost model was implemented, found dead and removed (do not re-implement); the stale CountByField test comment and the "LOGICAL PLAN TYPES" banner no longer name deleted machinery; and the unit test deleted with the planner (field-_id $group must NOT take CountOnly, the id_kind guard) is re-added as test_no_count_only_with_field_id. Versions: core 0.3.341 / mcp 1.0.535. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: petitan <petitan@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates the requirements on pyo3 to permit the latest version.
Release notes
Sourced from pyo3's releases.
Changelog
Sourced from pyo3's changelog.
... (truncated)
Commits
9fbcf7crelease: 0.27.1fdfddc8Expose types::iterator::PySendResult in types module (#5539)a09540bupdate MSRV shields.io badge (#5540)1e6db53fixes #5537 -- silence a clippy warning on rust 1.83 (#5538)7525512release: 0.27.0 (#5520)b392013ci: install lychee stable usinginstall-action(#5528)f32ed83fix PyPyModule_ExecDef, PyPyModule_FromDefAndSpec2 definitions (#5529)02b54ebmake warning name distinct in warnings tests (#5532)999ee8aci: enable more tests on 3.14t (#5524)8f669e7attempt to improve unsupported Python version error (#5519)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)