dependabot[bot] opened a new pull request, #2473: URL: https://github.com/apache/iceberg-python/pull/2473
Bumps [zstandard](https://github.com/indygreg/python-zstandard) from 0.24.0 to 0.25.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/indygreg/python-zstandard/releases";>zstandard's releases</a>.</em></p> <blockquote> <h2>0.25.0</h2> <ul> <li>PyO3 Rust created upgraded from 0.24 to 0.25. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/273";>#273</a>)</li> <li>We now use <code>Py_REFCNT(obj)</code> instead of accessing <code>(*obj)->ob_refcnt</code> directly. This fixes a nogil / multi-threaded compile error. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/201";>#201</a>, <a href="https://redirect.github.com/indygreg/python-zstandard/issues/275";>#275</a>)</li> <li>A zstandard commit to fix qsort detection on BSD operating systems has been backported. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/272";>#272</a>)</li> <li>The <code>PYTHON_ZSTANDARD_IMPORT_POLICY</code> environment variable now has leading and trailing whitespace stripped. Values like <code> cffi</code> and <code>cffi </code> are now equivalent to <code>cffi</code>.</li> <li>The CI jobs for building wheels have been overhauled to always use <code>cibuildwheel</code> and <code>uv</code> (where possible). This change should be backwards compatible. But wheel building for this project has historically been fragile and there may be unwanted changes. We're optimistic that standardizing on uv (except for musllinux ppc64le and s390x where uv isn't available) will lead to more stability over time.</li> <li>CI now runs tests against the wheels we distribute. Previously, we ran tests against a separate build that was theoretically identical. But the builds may have been subtly different, leading to preventable bugs in our wheels. (Enabling this test coverage did not uncover any failures.)</li> <li>The <code>pyproject.toml</code> build backend has been switched from <code>setuptools.build_meta:__legacy__</code> to <code>setuptools.build_meta</code>.</li> <li>The setuptools build dependency has been upgraded from <69.0.0 to >=77.0.0. Modern versions of setuptools broke <code>--config-settings=--build-option=...</code> as part of implementing PEP 660. A workaround is to use <code>--config-settings=--global-option=...</code> instead. <code>--global-option</code> apparently is deprecated and the setuptools folks have yet to figure out how to thread config settings into <code>setup.py</code> invocations. (<code>--build-option</code> is sent to the <code>build_wheel</code> command but not the <code>build_editable</code> command.)</li> <li>Python 3.14 wheels are now built with <code>manylinux_2_28</code> (versus <code>manylinux2014</code>) for older Python versions. This may raise the minimum glibc version, effectively dropping support for Debian 8 and 9, Ubuntu 13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in practice most platforms don't container newer glibc symbols and are still ABI compatible with <code>manylinux2014</code> and glibc 2.17.</li> <li>We now require cffi >= 2.0.0b on Python 3.14. <3.14 still requires 1.17. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/274";>#274</a>)</li> <li>The cffi backend is now automatically disabled for free-threaded builds on Python <3.14, as cffi didn't implement free-threaded support until the 2.0 release. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/274";>#274</a>)</li> <li>Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not yet formally support free-threaded builds. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/276";>#276</a>)</li> <li>The C and Rust backends now declare the GIL as unused.</li> <li>The <code>pythoncapi_compat.h</code> file has been upgraded to the latest version. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/278";>#278</a>)</li> <li><code>setup.py</code> now depends on <code>packaging</code> and uses <code>packaging.version.Version</code> for version comparisons. This removes some deprecation warnings from usage of legacy distutils <code>Version</code> classes.</li> <li>Relax run-time libzstd version checking in C extension from exactly 1.5.7 to >=1.5.6. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/254";>#254</a>, <a href="https://redirect.github.com/indygreg/python-zstandard/issues/267";>#267</a>)</li> <li>C extension types now (correctly) declare their fully qualified type names</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/indygreg/python-zstandard/blob/main/docs/news.rst";>zstandard's changelog</a>.</em></p> <blockquote> <h1>0.25.0 (released 2025-09-14)</h1> <ul> <li>PyO3 Rust created upgraded from 0.24 to 0.25. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/273";>#273</a>)</li> <li>We now use <code>Py_REFCNT(obj)</code> instead of accessing <code>(*obj)->ob_refcnt</code> directly. This fixes a nogil / multi-threaded compile error. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/201";>#201</a>, <a href="https://redirect.github.com/indygreg/python-zstandard/issues/275";>#275</a>)</li> <li>A zstandard commit to fix qsort detection on BSD operating systems has been backported. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/272";>#272</a>)</li> <li>The <code>PYTHON_ZSTANDARD_IMPORT_POLICY</code> environment variable now has leading and trailing whitespace stripped. Values like <code> cffi</code> and <code>cffi </code> are now equivalent to <code>cffi</code>.</li> <li>The CI jobs for building wheels have been overhauled to always use <code>cibuildwheel</code> and <code>uv</code> (where possible). This change should be backwards compatible. But wheel building for this project has historically been fragile and there may be unwanted changes. We're optimistic that standardizing on uv (except for musllinux ppc64le and s390x where uv isn't available) will lead to more stability over time.</li> <li>CI now runs tests against the wheels we distribute. Previously, we ran tests against a separate build that was theoretically identical. But the builds may have been subtly different, leading to preventable bugs in our wheels. (Enabling this test coverage did not uncover any failures.)</li> <li>The <code>pyproject.toml</code> build backend has been switched from <code>setuptools.build_meta:__legacy__</code> to <code>setuptools.build_meta</code>.</li> <li>The setuptools build dependency has been upgraded from <69.0.0 to >=77.0.0. Modern versions of setuptools broke <code>--config-settings=--build-option=...</code> as part of implementing PEP 660. A workaround is to use <code>--config-settings=--global-option=...`` instead. </code>--global-option<code>apparently is deprecated and the setuptools folks have yet to figure out how to thread config settings into</code>setup.py<code> invocations. (`--build-option</code> is sent to the <code>build_wheel</code> command but not the <code>build_editable</code> command.)</li> <li>Python 3.14 wheels are now built with <code>manylinux_2_28</code> (versus <code>manylinux2014</code>) for older Python versions. This may raise the minimum glibc version, effectively dropping support for Debian 8 and 9, Ubuntu 13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in practice most platforms don't container newer glibc symbols and are still ABI compatible with <code>manylinux2014</code> and glibc 2.17.</li> <li>We now require cffi >= 2.0.0b on Python 3.14. <3.14 still requires 1.17. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/274";>#274</a>)</li> <li>The cffi backend is now automatically disabled for free-threaded builds on Python <3.14, as cffi didn't implement free-threaded support until the 2.0 release. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/274";>#274</a>)</li> <li>Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not yet formally support free-threaded builds. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/276";>#276</a>)</li> <li>The C and Rust backends now declare the GIL as unused.</li> <li>The <code>pythoncapi_compat.h</code> file has been upgraded to the latest version. (<a href="https://redirect.github.com/indygreg/python-zstandard/issues/278";>#278</a>)</li> <li><code>setup.py</code> now depends on <code>packaging</code> and uses <code>packaging.version.Version</code> for version comparisons. This removes some deprecation warnings from usage of legacy distutils <code>Version</code> classes.</li> <li>Relax run-time libzstd version checking in C extension from exactly 1.5.7</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indygreg/python-zstandard/commit/7a77a7510b8ce068e4a103d29aea1b5ec829d8b6";><code>7a77a75</code></a> global: release 0.25.0</li> <li><a href="https://github.com/indygreg/python-zstandard/commit/79355394165dc87422f6b8a5fcde66069e5eafca";><code>7935539</code></a> rust: <code>cargo upgrade</code></li> <li><a href="https://github.com/indygreg/python-zstandard/commit/bc3074cb2f30d9eb9435ee1042576d31d4f7099e";><code>bc3074c</code></a> rust: update dependencies</li> <li><a href="https://github.com/indygreg/python-zstandard/commit/51a277a795dbca0b9dfce6b45766089b35aef506";><code>51a277a</code></a> c-ext: correctly define fully qualified type names to <code>zstandard.*</code></li> <li><a href="https://github.com/indygreg/python-zstandard/commit/9ccbc39ef2fe86080c5fe9380cde01dbc4627809";><code>9ccbc39</code></a> docs: fix ReST in <code>news.rst</code></li> <li><a href="https://github.com/indygreg/python-zstandard/commit/58c68a185075d5e6a132f5d12b7938279ec60d78";><code>58c68a1</code></a> zstd: synchronize qsort code with upstream</li> <li><a href="https://github.com/indygreg/python-zstandard/commit/395f6932e9c58520a2bb08563163bd2c40b9b103";><code>395f693</code></a> docs: document existence of <code>compression.zstd</code> in stdlib</li> <li><a href="https://github.com/indygreg/python-zstandard/commit/6967817f31c102559ce5e5f474d42f25db451493";><code>6967817</code></a> docs: update comparisons to other implementations</li> <li><a href="https://github.com/indygreg/python-zstandard/commit/e4e829a5362620b5fb3ca594b2ccf844686630bf";><code>e4e829a</code></a> docs: document new libzstd version constraint behaviors</li> <li><a href="https://github.com/indygreg/python-zstandard/commit/604a65a51b96ebae88e0114d32858dd9ac504215";><code>604a65a</code></a> Relax libzstd version checking</li> <li>Additional commits viewable in <a href="https://github.com/indygreg/python-zstandard/compare/0.24.0...0.25.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
