Update pyo3 requirement from 0.16.5 to 0.24.1

[dependabot]

Updates the requirements on pyo3 to permit the latest version.

Release notes

Sourced from pyo3's releases.

PyO3 0.16.6

This release is a tactical set of soundness fixes identified for the PyCapsule bindings released in PyO3 0.16. To avoid breaking API changes capsules created with PyCapsule::new and PyCapsule::new_with_destructor will now leak their contents (and not call the destructor) if released on a thread other than the one they were created.

PyO3 0.17 will be released shortly with breaking API changes which resolve the PyCapsule issues with better design (e.g. the destructor has a Send bound added). Users are encouraged to upgrade at their earliest convenience.

Thanks to @​saethlin for reporting the issue, and to @​adamreichold and @​davidhewitt for implementing the resolution.

Changelog

Sourced from pyo3's changelog.

[0.16.6] - 2022-08-23

Changed

• Fix soundness issues with PyCapsule type with select workarounds. Users are encourage to upgrade to PyO3 0.17 at their earliest convenience which contains API breakages which fix the issues in a long-term fashion. #2522
  • PyCapsule::new and PyCapsule::new_with_destructor now take ownership of a copy of the name to resolve a possible use-after-free.
  • PyCapsule::name now returns an empty CStr instead of dereferencing a null pointer if the capsule has no name.
  • The destructor F in PyCapsule::new_with_destructor will never be called if the capsule is deleted from a thread other than the one which the capsule was created in (a warning will be emitted).
• Panics during drop of panic payload caught by PyO3 will now abort. #2544

[0.16.5] - 2022-05-15

Added

• Add an experimental generate-import-lib feature to support auto-generating non-abi3 python import libraries for Windows targets. #2364
• Add FFI definition Py_ExitStatusException. #2374

Changed

• Deprecate experimental generate-abi3-import-lib feature in favor of the new generate-import-lib feature. #2364

Fixed

• Added missing warn_default_encoding field to PyConfig on 3.10+. The previously missing field could result in incorrect behavior or crashes. #2370
• Fixed order of pathconfig_warnings and program_name fields of PyConfig on 3.10+. Previously, the order of the fields was swapped and this could lead to incorrect behavior or crashes. #2370

[0.16.4] - 2022-04-14

Added

• Add PyTzInfoAccess trait for safe access to time zone information. #2263
• Add an experimental generate-abi3-import-lib feature to auto-generate python3.dll import libraries for Windows. #2282
• Add FFI definitions for PyDateTime_BaseTime and PyDateTime_BaseDateTime. #2294

Changed

• Improved performance of failing calls to FromPyObject::extract which is common when functions accept multiple distinct types. #2279
• Default to "m" ABI tag when choosing libpython link name for CPython 3.7 on Unix. #2288
• Allow to compile "abi3" extensions without a working build host Python interpreter. #2293

Fixed

• Crates depending on PyO3 can collect code coverage via LLVM instrumentation using stable Rust. #2286
• Fix segfault when calling FFI methods PyDateTime_DATE_GET_TZINFO or PyDateTime_TIME_GET_TZINFO on datetime or time without a tzinfo. #2289
• Fix directory names starting with the letter n breaking serialization of the interpreter configuration on Windows since PyO3 0.16.3. #2299

[0.16.3] - 2022-04-05

Packaging

... (truncated)

Commits

• 4fdebfc release: 0.16.6
• dde98a0 pin bumpalo
• 30211a6 ui test fixes
• 5c74ddf clippy fixes
• 7426aea safety: abort on uncaught panics
• 916abf6 Merge pull request #2522 from davidhewitt/capsule-soundness-backport
• c267ace ci: fix nightly UI tests
• 86740f9 ci: fix nightly ui tests
• 96427ee Use proper method for pinning MSRV minimal package versions
• 1e8f6d9 Try fix hashbrown version on msrv
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)