Uploaded image for project: 'Apache Arrow'
  1. Apache Arrow
  2. ARROW-7006

[Rust] Bump flatbuffers version to avoid vulnerability

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.15.0
    • Fix Version/s: 1.0.0
    • Component/s: Rust

      Description

      From GitHub use emilk:

      cargo audit output:

       

      {{ID: RUSTSEC-2019-0028
      Crate: flatbuffers
      Version: 0.5.0
      Date: 2019-10-20
      URL: https://github.com/google/flatbuffers/issues/5530
      Title: Unsound `impl Follow for bool`}}

      The fix should be as simple as editing https://github.com/apache/arrow/blob/master/rust/arrow/Cargo.toml from flatbuffers = "0.5.0" to flatbuffers = "0.6.0"

      A more longterm improvement is to add a call to cargo audit in your CI to catch these problems as early as possible

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                paddyhoran Paddy Horan
                Reporter:
                paddyhoran Paddy Horan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m