From 2e1e31c531b3aa3764c7b2e8b247c060bfdfafef Mon Sep 17 00:00:00 2001 From: Bluetooth Devices Bot Date: Fri, 12 Jun 2026 14:29:07 +0000 Subject: [PATCH] build: pin build-time Cython to the locked version Wheel builds run cibuildwheel in an isolated environment that resolves build-system.requires from PyPI and ignores poetry.lock. The previous unbounded 'Cython>=3.0.8' spec let each release pick up whichever Cython was newest at build time, so the compiled C output (and the shipped .pyd binaries) drifted between releases without any source change. Pin Cython to the version in poetry.lock so release wheels are built with the exact, tested compiler and the binaries are reproducible. --- pyproject.toml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 2325fe59..d1db4595 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,10 @@ [build-system] -requires = ['setuptools>=77.0', 'Cython>=3.0.8', "poetry-core>=2.1.0"] +# Cython is pinned to the version in poetry.lock so release wheels are built +# with the exact, tested compiler. cibuildwheel resolves build-system.requires +# from PyPI in an isolated env (it ignores poetry.lock), so an unbounded spec +# lets each release silently pick up whichever Cython is newest at build time, +# producing drifting C output. Bump this in lockstep with the dev dependency. +requires = ['setuptools>=77.0', 'Cython==3.2.5', "poetry-core>=2.1.0"] build-backend = "poetry.core.masonry.api" [project]