Uploaded image for project: 'Apache Arrow'
  1. Apache Arrow
  2. ARROW-7006

[Rust] Bump flatbuffers version to avoid vulnerability

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.15.0
    • 0.16.0
    • Rust

    Description

      From GitHub use emilk:

      cargo audit output:

       

      {{ID: RUSTSEC-2019-0028
      Crate: flatbuffers
      Version: 0.5.0
      Date: 2019-10-20
      URL: https://github.com/google/flatbuffers/issues/5530
      Title: Unsound `impl Follow for bool`}}

      The fix should be as simple as editing https://github.com/apache/arrow/blob/master/rust/arrow/Cargo.toml from flatbuffers = "0.5.0" to flatbuffers = "0.6.0"

      A more longterm improvement is to add a call to cargo audit in your CI to catch these problems as early as possible

       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #5744

          Activity

            People

              paddyhoran Paddy Horan
              paddyhoran Paddy Horan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m