Skip to content

[branch-52] Update to use lz4_flex 0.12.1 and quinn-proto 0.11.14#21009

Merged
alamb merged 4 commits intoapache:branch-52from
alamb:alamb/update_lz4_flex
Mar 18, 2026
Merged

[branch-52] Update to use lz4_flex 0.12.1 and quinn-proto 0.11.14#21009
alamb merged 4 commits intoapache:branch-52from
alamb:alamb/update_lz4_flex

Conversation

@alamb
Copy link
Contributor

@alamb alamb commented Mar 17, 2026
edited
Loading

Which issue does this PR close?

Rationale for this change

cargo audit is failing on on branch-52 like this:

...
Crate:     lz4_flex
Version:   0.12.0
Warning:   yanked

error: 2 vulnerabilities found!
warning: 4 allowed warnings found

here is an example of that heppening on CI: https://github.com/apache/datafusion/actions/runs/23209529148/job/67454157529?pr=21004

What changes are included in this PR?

  • Update lz4_flex 50 0.12.1 (non yanked)

Are these changes tested?

Are there any user-facing changes?

@alamb alamb mentioned this pull request Mar 17, 2026
Merged
mbutrovich
mbutrovich approved these changes Mar 17, 2026
View reviewed changes
Copy link
Contributor

@mbutrovich mbutrovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @alamb. I was just looking at that failure in #21004.

@alamb
Copy link
Contributor Author

alamb commented Mar 17, 2026

Strangely now there is something related to rust-pem-tls or whatever. Looking

@comphead
Copy link
Contributor

comphead commented Mar 17, 2026
edited
Loading

this is the original message

Crate:     rustls-pemfile
Version:   2.2.0
Warning:   unmaintained
Title:     rustls-pemfile is unmaintained
Date:      2025-11-28
ID:        RUSTSEC-2025-0134
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0134

the PR needs to ignore RUSTSEC-2025-0134

@github-actions github-actions bot added the development-process Related to development process of DataFusion label Mar 18, 2026
@alamb
Copy link
Contributor Author

alamb commented Mar 18, 2026

this is the original message

Crate:     rustls-pemfile
Version:   2.2.0
Warning:   unmaintained
Title:     rustls-pemfile is unmaintained
Date:      2025-11-28
ID:        RUSTSEC-2025-0134
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0134

the PR needs to ignore RUSTSEC-2025-0134

@comphead
Copy link
Contributor

comphead commented Mar 18, 2026

this backport should fix it #21020

@github-actions github-actions bot removed the development-process Related to development process of DataFusion label Mar 18, 2026
@alamb
Copy link
Contributor Author

alamb commented Mar 18, 2026

this backport should fix it #21020

Thank you -- I merged that one and then merged this PR up

@alamb
Copy link
Contributor Author

alamb commented Mar 18, 2026
edited
Loading

Thank you for the review / approval @xudong963 and @mbutrovich

@alamb alamb changed the title [branch-52] Update to use lz4_flex 0.12.1 (avoid yanked lz4_flex 0.12.0) [branch-52] Update to use lz4_flex 0.12.1 and quinn-proto 0.11.14 Mar 18, 2026
@alamb
Copy link
Contributor Author

alamb commented Mar 18, 2026

whohoo -- it is green!

@alamb alamb merged commit e034c6b into apache:branch-52 Mar 18, 2026
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbutrovich mbutrovich mbutrovich approved these changes

@xudong963 xudong963 xudong963 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alamb @comphead @mbutrovich @xudong963