Bump lmdb from 1.8.1 to 2.0.0

[dependabot]

Bumps lmdb from 1.8.1 to 2.0.0.

Changelog

Sourced from lmdb's changelog.

2026-03-17 2.0.0

This is the largest py-lmdb release in years, made possible by a new coding partner: Claude (Anthropic). Nearly every change below was co-authored by Claude, turning months of backlogged issues into a week of focused work.

Potentially breaking changes

• Thread-safety overhaul (#180). Environment.close(), Transaction.abort(), Transaction.commit(), and cursor operations are now serialized with locks to prevent use-after-free and double-free crashes when called concurrently. Code that previously "worked" by luck with racy close/abort patterns may now block where it previously crashed or silently corrupted memory. If you relied on the old undefined behavior, review your threading model.

• Duplicate environment path rejection (#230). Opening the same LMDB path twice in one process now raises lmdb.Error instead of silently proceeding to a likely segfault. This will surface latent bugs in code that accidentally opened the same environment twice.

• Minimum Python version is now 3.9. Python 2.7 and 3.5-3.8 are no longer supported. Python 2 compatibility shims have been removed from the codebase.

New features

• PEP 561 type stubs (py.typed) are now shipped (#257). IDEs and type checkers will pick up lmdb's types automatically.

• Cache getpid() result to avoid a syscall on every transaction dealloc. Since glibc 2.25, getpid() is no longer cached in userspace; this showed up in profiles for workloads with many short-lived transactions. Contributed by @​ltfish (#421).

Bug fixes

• Fix memory safety issues across cpython and CFFI implementations (#420): multiple reference count leaks in cpython.c (env_readers_callback, db_flags, env_flags, env_copy, env_new, make_arg_cache, cursor_get_multi), a getmulti validation bug in cffi.py, and a cursor leak on mdb_cursor_open failure.

• Fix unsafe buffer protocol usage in cpython.c that could read freed memory (#372).

• Fix cmd_copyfd fd validation to use os.fstat() instead of os.fdopen(), which consumed the fd.

• Add fork detection to CFFI implementation. Previously, Transaction.del and Environment.del would call mdb_txn_abort / mdb_env_close in forked

... (truncated)

Commits

• 45fde11 Restrict wheel builds to Python 3.9+
• 2bc0a8d Bump version to 2.0.0 for release
• c869024 Add fork detection to CFFI implementation (#425)
• fea14c5 Cache getpid() to avoid syscall in trans_dealloc (#424)
• b0ff574 Fix cmd_copyfd fd validation: use os.fstat() instead of os.fdopen()
• f38d768 Add comprehensive test suite for lmdb.tool (#148) (#423)
• d5e86b5 Fix pyright errors and remove Python 2 compat (#422)
• e3f3588 Fix memory safety issues across cpython and CFFI implementations (#420)
• 67cd213 Release GIL during mdb_env_close (#418) (#419)
• 9d22186 Fix remaining close/thread-safety races (#180) (#417)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)