Skip to content

Commit 0daa88c

Browse files
alambalamb
authored
chore(deps): Update half to 2.7.1, ignore RUSTSEC-2025-0111 (#18287)
## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes #123` indicates that this PR will close issue #123. --> - Closes #18288 ## Rationale for this change `cargo audit` says that the current version of `half` we have in our Cargo.lock file was yanked ``` Crate: half Version: 2.7.0 Warning: yanked Dependency tree: half 2.7.0 ``` And indeed it is: https://crates.io/crates/half/versions <img width="1193" height="830" alt="Screenshot 2025-10-26 at 7 20 54 AM" src="https://github.com/user-attachments/assets/ad6944c6-912c-4c56-9d1d-efe760ae85ee" /> So let's update to a non yanked version ## What changes are included in this PR? run `cargo update -p half` and check the result in ## Are these changes tested? <!-- We typically require tests for all PRs in order to: 1. Prevent the code from being accidentally broken by subsequent changes 2. Serve as another way to document the expected behavior of the code If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> ## Are there any user-facing changes? <!-- If there are user-facing changes then we may require documentation to be updated before approving the PR. --> <!-- If there are any breaking changes to public APIs, please add the `api change` label. -->
1 parent f870dcd commit 0daa88c

File tree

2 files changed

+8
-3
lines changed

2 files changed

+8
-3
lines changed

.github/workflows/audit.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,4 +46,9 @@ jobs:
4646
with:
4747
tool: cargo-audit
4848
- name: Run audit check
49-
run: cargo audit
49+
# RUSTSEC-2025-0111: tokio-tar is by testcontainers for orchestration
50+
# of testing, so does not impact DataFusion's security
51+
# See https://github.com/apache/datafusion/issues/18288
52+
# NOTE: can remove this once testcontainers releases a version that includes
53+
# https://github.com/testcontainers/testcontainers-rs/pull/852
54+
run: cargo audit --ignore RUSTSEC-2025-0111

Cargo.lock

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)