Skip to content

deps: auto-build pystring update to v1.2.0#5235

Merged
lgritz merged 1 commit into
AcademySoftwareFoundation:mainfrom
lgritz:lg-pystring
Jun 14, 2026
Merged

deps: auto-build pystring update to v1.2.0#5235
lgritz merged 1 commit into
AcademySoftwareFoundation:mainfrom
lgritz:lg-pystring

Conversation

@lgritz

@lgritz lgritz commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

@lgritz
deps: auto-build pystring update to v1.2.0
01fa1f5 
Signed-off-by: Larry Gritz <lg@larrygritz.com>
@lgritz lgritz requested a review from grdanny June 14, 2026 01:45
aconty
aconty approved these changes Jun 14, 2026
View reviewed changes

@aconty aconty left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Funny, I was fixing this in my own PR. AI fix?

@lgritz

lgritz commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator Author

What happened here is an interesting sequence:

A while back we put in a security fix where packages OIIO pulls down for CI need a commit hash, not just a tag or branch (to combat supply chain vulnerabilities involving setting tags of dependencies to malicious commits). Our build system checks that the tag it wants still has the hash we say it should.

Then we needed a fix in pystring that wasn't yet in a tagged release, so I said to use "master" and gave the commit hash of the current TOT that had Danny's fix. My intention was to switch it to a real tag as soon as the release happened.

But I forgot.

And all was fine, because main still pointed to that same commit whose hash I specified. Until yesterday, when Danny made merged more PRs and made a new release -- to pystring "master" was no longer the hash we said, oops.

@lgritz lgritz merged commit f762c35 into AcademySoftwareFoundation:main Jun 14, 2026
83 of 91 checks passed
lgritz added a commit to lgritz/OpenImageIO that referenced this pull request Jun 14, 2026
@lgritz
deps: auto-build pystring update to v1.2.0 (AcademySoftwareFoundation…
4cbe90f 
…#5235)

Signed-off-by: Larry Gritz <lg@larrygritz.com>
@lgritz lgritz deleted the lg-pystring branch June 14, 2026 17:38
lgritz added a commit to lgritz/OpenImageIO that referenced this pull request Jun 14, 2026
@lgritz
deps: auto-build pystring update to v1.2.0 (AcademySoftwareFoundation…
839b744 
…#5235)

Signed-off-by: Larry Gritz <lg@larrygritz.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grdanny grdanny Awaiting requested review from grdanny

1 more reviewer

@aconty aconty aconty approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lgritz @aconty