Update pybind11 requirement from >=2.10.0 to >=3.0.4

[dependabot]

Updates the requirements on pybind11 to permit the latest version.

Release notes

Sourced from pybind11's releases.

Version 3.0.4

Bug fixes:

• Fixed test builds with installed Eigen 5 by improving Eigen3 CMake package detection. #6036

• Fixed move semantics of scoped_ostream_redirect to preserve buffered output and avoid crashes when moved redirects restore stream buffers. #6033

• Fixed py::dynamic_attr() traversal on Python 3.13+ to correctly propagate PyObject_VisitManagedDict() results. #6032

• Fixed std::shared_ptr<T> fallback casting to avoid unnecessary copy-constructor instantiation in reference_internal paths. #6028

CI:

• Updated setup-uv to the maintained GitHub Action tag scheme. #6035

• Updated pre-commit hooks. #6029

• Updated GitHub Actions dependencies, including actions-setup-cmake and cibuildwheel. #6027

Changelog

Sourced from pybind11's changelog.

Version 3.0.4 (April 18, 2026)

Bug fixes:

• Fixed test builds with installed Eigen 5 by improving Eigen3 CMake package detection. #6036

• Fixed move semantics of scoped_ostream_redirect to preserve buffered output and avoid crashes when moved redirects restore stream buffers. #6033

• Fixed py::dynamic_attr() traversal on Python 3.13+ to correctly propagate PyObject_VisitManagedDict() results. #6032

• Fixed std::shared_ptr<T> fallback casting to avoid unnecessary copy-constructor instantiation in reference_internal paths. #6028

CI:

• Updated setup-uv to the maintained GitHub Action tag scheme. #6035

• Updated pre-commit hooks. #6029

• Updated GitHub Actions dependencies, including actions-setup-cmake and cibuildwheel. #6027

Version 3.0.3 (March 31, 2026)

Bug fixes:

• Fixed TSS key exhaustion in implicitly_convertible() when many implicit conversions are registered across large module sets. #6020

• Fixed heap-buffer-overflow in pythonbuf with undersized buffers by enforcing a minimum buffer size. #6019

• Fixed virtual-inheritance pointer offset crashes when dispatching inherited methods through virtual bases. #6017

• Fixed free(): invalid pointer crashes during interpreter shutdown with py::enum_<> by duplicating late-added def_property_static argument strings. #6015

• Fixed function_record heap-type deallocation to call PyObject_Free() and decref the type. #6010

• Hardened PYBIND11_MODULE_PYINIT and get_internals() against module-initialization crashes. #6018

... (truncated)

Commits

• d03662f build: support Eigen 5 (#6036)
• 3d8aabc Bump version from v3.0.3 → v3.0.4
• 2c1b391 [skip ci] docs: add v3.0.4 changelog updates. (#6041)
• 804e2c1 fix: segfault when moving scoped_ostream_redirect (#6033)
• a15579c ci: bump setup-uv to maintained tag scheme (#6035)
• e2fdf43 Handle result from PyObject_VisitManagedDict (#6032)
• 98003e2 chore(deps): update pre-commit hooks (#6029)
• ab392bd fix: avoid copy constructor instantiation in shared_ptr fallback cast (#6028)
• ad5bc9e chore(deps): bump the actions group with 2 updates (#6027)
• 1b49908 docs: add v3.0.3 and v3.1.0 changelog updates. (#6023)
• Additional commits viewable in compare view

---

Note

Medium Risk
Medium risk because it upgrades the C++/Python binding dependency and the CMake FetchContent pin, which can affect native build and ABI/compatibility across platforms.

Overview
Updates the project’s pybind11 dependency to >=3.0.4 in pyproject.toml.

Also updates the CMake fallback that fetches pybind11 to pin GIT_TAG v3.0.4 (from v2.13.6) when an installed pybind11 package is not found.

^{Reviewed by Cursor Bugbot for commit 825cdb2. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

🤖 Cursor Dependency Analysis

Supply-Chain Malware Review

Checking how this repo declares and uses pybind11 to judge whether the change surface matches expectations.

Verdict: benign

Why this reads as safe

• Package identity: The update stays on the well-known project pybind/pybind11 with a normal PEP 508 constraint (>=3.0.4). There are no typosquatting or substituted-package signals in what you described.

• Scanner vs checklist: Your report shows Unicode: 0 and confusable / IOC: 0, which directly addresses invisible-Unicode/Trojan-Source-style concerns. Nothing there indicates concealed payloads.

• Heuristic “findings” are explainable:

  • shell_process_spawn on docs/changelog.md: Hits on “py::exec” / “py::eval” are documentation for public pybind11 APIs—not execution of attacker code or process spawning.
  • workflow_path_touch on .github/workflows/*: In your scan this is flagged because upstream pybind11’s tree legitimately changed CI workflows between revisions. That is noisy for “dependency-diff” tooling; it does not by itself mean your application .github/workflows were tampered with in chiavdf. Confirm the actual PR diff only touches [build-system] requires in pyproject.toml (what Dependabot normally does).

• ghost_version_or_missing_tag / maintainer_drift: These match naive patterns on >=3.0.4 as text versus PyPI/registry heuristics, not cryptographic verification failure. pybind11>=3.0.4 is valid on PyPI for the renamed v3 series; treat as scanner false-positive unless installs resolve an unexpected distribution.

• Classic obfuscation / supply-chain red flags: No reported base64 blobs, stealth exfiltration, bogus preinstall/postinstall (Python PEP 517 requires lists don’t behave like npm scripts), unexpected new unrelated packages tied to this single constraint bump, or lockfile-hash anomalies from your excerpt.

Practical takeaway: Use the verdict above together with CI green and a quick glance that the GitHub PR is only the pybind11 floor bump you expect—if unrelated repo files appeared, escalate that separately; the malware report as given is consistent with a normal major-line upgrade of a header-only-style build dependency whose upstream changelog and headers changed a lot between v2 and v3.

Compatibility Analysis

Exploring the repo for pybind11 usage and cross-checking with upstream changes.

1) Where pybind11 is used

Location	Role
pyproject.toml	PEP 517 [build-system] requires = [..., "pybind11>=3.0.4"]
src/python_bindings/fastvdf.cpp	Single extension: PYBIND11_MODULE, py::gil_scoped_release, py::bytes / py::tuple, m.def(...) lambdas only; includes pybind11/pybind11.h only.
src/CMakeLists.txt	Python + python -m pybind11 --cmakedir, find_package(pybind11 CONFIG), pybind11_add_module; FetchContent fallback clones tag v2.13.6.
README.md / .github/workflows/codeql-analysis.yml	pip install / pip install ... pybind11 (unpinned pip resolution).

No vendored bindings under extra paths beyond what CMake lists; .flake8 excludes ./src/lib/pybind11 (if present).

2) Overlap with 3.0.4 / listed upstream changes

• Eigen / CMake Eigen3: Not used here — no intersection.
• scoped_ostream_redirect / iostream: Not included or used — no intersection.
• py::dynamic_attr(): Not used — no intersection.
• std::shared_ptr / reference_internal casting: Bindings expose bool, string/byte payloads, tuples — no shared_ptr pybind wrappers — no intersection.

Upstream files touched (cast.h, class.h, common.h, type_caster_base.h, iostream.h) match general internals; your code does not call those APIs directly.

3) Risks / unknowns

• CMake vs declared minimum: FetchContent still pins v2.13.6. Builds that rely on that path (when find_package(pybind11) fails) can still use 2.x, diverging from >=3.0.4 and from “what CI usually gets” via pip. Worth aligning in a follow-up (not strictly part of Dependabot’s one-line bump).
• Major 2→3: Residual risk of CMake/toolchain or Python ABI assumptions; your surface API usage is minimal, so source-level breakage is unlikely; CI green on the PR is the main signal.
• Consumers on very old pinned envs: Stricter floor may affect offline / legacy builds that cannot install pybind11 3 — project policy question.

4) Recommendation

Merge-with-caveats: Safe to merge for typical pip/PEP‑517 and normal dev flows given usage; explicit caveat: bump or reconcile GIT_TAG in src/CMakeLists.txt FetchContent fallback (and optionally document minimum in README) so non-pip CMake paths don’t silently stay on 2.13.6.

---

Malware Scan Summary

• Status: warn
• Warn only mode: true
• Changed upstream files scanned: 23
• Resolution strategy: commit_list
• Changed node/vendor paths: 0
• Changed lockfiles: 0
• Resolved refs: from=n/a to=n/a
• Unicode findings (post-allowlist): 0
• Confusable findings (post-allowlist): 0
• IOC findings (post-allowlist): 0
• Heuristic findings (post-allowlist): 12

Top findings

• docs/changelog.md:2086 shell_process_spawn :: - py::exec, py::eval, and py::eval_file now add the builtins
• docs/changelog.md:2088 shell_process_spawn :: matching exec and eval in pure Python.
• docs/changelog.md:2774 shell_process_spawn :: - Added py::exec() as a shortcut for py::eval<py::eval_statements>()
• .github/workflows/ci.yml:0 workflow_path_touch :: path-touch
• .github/workflows/configure.yml:0 workflow_path_touch :: path-touch
• .github/workflows/nightlies.yml:0 workflow_path_touch :: path-touch
• .github/workflows/pip.yml:0 workflow_path_touch :: path-touch
• .github/workflows/reusable-standard.yml:0 workflow_path_touch :: path-touch
• .github/workflows/tests-cibw.yml:0 workflow_path_touch :: path-touch
• .github/workflows/upstream.yml:0 workflow_path_touch :: path-touch
• pybind11:0 ghost_version_or_missing_tag :: >=3.0.4
• pybind11:0 maintainer_drift :: >=2.10.0->>=3.0.4

[hoffmang9]

@dependabot rebase

[github-actions]

🤖 Cursor Dependency Analysis

Supply-Chain Malware Review

Verifying what this repository's dependency change touches versus the malware scanner's upstream comparison.

Verdict: benign

Why this reads as a normal dependency bump, not compromise

• Change surface: The update is a standard PEP 508 minimum on the canonical package name pybind11 (same PyPI/GitHub project as before), raising the build requirement from >=2.10.0 to >=3.0.4 in pyproject.toml — see 1:2:/home/runner/work/chiavdf/chiavdf/pyproject.toml. No typosquatting, no extra packages, no new install hooks in this repo’s metadata.

• Scanner vs reality (interpretation disagrees with “malicious” implications)

  • ghost_version_or_missing_tag for >=3.0.4: False positive — that string is a version range, not a git tag or a “ghost” release artifact.
  • maintainer_drift: False positive — pattern name even references npm; it’s flagging a semver floor change, not evidence of publisher impersonation.
  • shell_process_spawn in docs/changelog.md: False positive — matches documentation text about py::exec / py::eval APIs, not subprocess abuse.
  • workflow_path_touch: These paths belong to upstream pybind11’s tree in the compare/report, not proof that this app repo’s PR secretly edits your .github/workflows/ (still: confirm the actual PR Files changed tab only lists pyproject.toml / docs you expect).

• Unicode / stealth: The report’s own post-allowlist counts are unicode: 0, confusable: 0, ioc: 0 — no GlassWorm-style signal in the scan output you provided.

Actionable note (not malware): pybind11 3.x is a major move vs 2.x — merge still depends on build/ABI compatibility and CI, which is ordinary engineering risk, not supply-chain malware.

Compatibility Analysis

Tracing pybind11 usage and comparing it to upstream changes.

1) Where pybind11 shows up

Area	Role
pyproject.toml	[build-system] requires pulls pybind11 during isolated builds (workspace already has >=3.0.4).
src/CMakeLists.txt	PYBIND11_FINDPYTHON ON, resolves CMake dir via python -m pybind11 --cmakedir, find_package(pybind11 CONFIG), optional FetchContent at v3.0.4, then pybind11_add_module(chiavdf …).
src/python_bindings/fastvdf.cpp	Only C++ usage: extension module and m.def lambdas.
README.md / .github/workflows/codeql-analysis.yml	Document / install pybind11 for setup (not binding logic).

.flake8 excludes ./src/lib/pybind11; there is no src/lib/pybind11 tree in this checkout (likely stale or optional).

---

2) Overlap with APIs touched in 3.0.4 (notes / changed headers)

fastvdf.cpp uses PYBIND11_MODULE, py::bytes, py::tuple / py::make_tuple, py::gil_scoped_release, and plain m.def lambdas returning primitives / py::bytes.

It does not use:

• Eigen / Eigen3 CMake integration
• scoped_ostream_redirect / iostream.h
• py::dynamic_attr()
• py::class_, std::shared_ptr, or reference_internal

So there is no meaningful intersection with the specific fixes called out for 3.0.4 (or the listed commits touching cast.h, class.h, common.h, type_caster_base.h, iostream.h) for this repo’s binding surface.

---

3) Risks / unknowns

• Constraint change: >=2.10.0 → >=3.0.4 drops pybind11 2.x for PEP 517 builds; anyone scripting an old pybind11 pin will need to update (aligned with CMake FetchContent already at v3.0.4).
• pybind11 2→3 in general: Major bump can affect exotic APIs; this project’s usage is narrow, so practical risk is low but not zero without a full ABI/API audit.
• Validation: Rely on CI / cibuildwheel and local pip install -e . after merge; no substitute for green builds across your Python/OS matrix.

---

4) Recommendation

Merge if CI is green (especially wheel and native builds). Optional note for reviewers: call out that source builds now require pybind11 3.x, consistent with CMake’s v3.0.4 fetch fallback—consider aligning README/CodeQL pip install pybind11 guidance with that minimum if you care about reproducibility.

---

Malware Scan Summary

• Status: warn
• Warn only mode: true
• Changed upstream files scanned: 23
• Resolution strategy: commit_list
• Changed node/vendor paths: 0
• Changed lockfiles: 0
• Resolved refs: from=n/a to=n/a
• Unicode findings (post-allowlist): 0
• Confusable findings (post-allowlist): 0
• IOC findings (post-allowlist): 0
• Heuristic findings (post-allowlist): 12

Top findings

• docs/changelog.md:2086 shell_process_spawn :: - py::exec, py::eval, and py::eval_file now add the builtins
• docs/changelog.md:2088 shell_process_spawn :: matching exec and eval in pure Python.
• docs/changelog.md:2774 shell_process_spawn :: - Added py::exec() as a shortcut for py::eval<py::eval_statements>()
• .github/workflows/ci.yml:0 workflow_path_touch :: path-touch
• .github/workflows/configure.yml:0 workflow_path_touch :: path-touch
• .github/workflows/nightlies.yml:0 workflow_path_touch :: path-touch
• .github/workflows/pip.yml:0 workflow_path_touch :: path-touch
• .github/workflows/reusable-standard.yml:0 workflow_path_touch :: path-touch
• .github/workflows/tests-cibw.yml:0 workflow_path_touch :: path-touch
• .github/workflows/upstream.yml:0 workflow_path_touch :: path-touch
• pybind11:0 ghost_version_or_missing_tag :: >=3.0.4
• pybind11:0 maintainer_drift :: >=2.10.0->>=3.0.4

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 8cbff14. Configure here.}