This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/datafusion.git
The following commit(s) were added to refs/heads/main by this push:
new c3e1c3644a Downgrade aws-smithy-runtime, update `rust_decimal`, ignore
RUSTSEC-2026-0001 to get clean CI (#19657)
c3e1c3644a is described below
commit c3e1c3644a0e51ba912eae7bdcb8d1cfa6a70090
Author: Andrew Lamb <[email protected]>
AuthorDate: Tue Jan 6 07:55:54 2026 -0500
Downgrade aws-smithy-runtime, update `rust_decimal`, ignore
RUSTSEC-2026-0001 to get clean CI (#19657)
## Which issue does this PR close?
<!--
We generally require a GitHub issue to be filed for all bug fixes and
enhancements and this helps us generate change logs for our releases.
You can link an issue to this PR using the GitHub syntax. For example
`Closes #123` indicates that this PR will close issue #123.
-->
- Closes https://github.com/apache/datafusion/issues/19656
## Rationale for this change
CI is failing I think because aws-smithy-runtime was yanked
## What changes are included in this PR?
ran `cargo update` for this crate and then checked in the results:
```shell
andrewlamb@Andrews-MacBook-Pro-3:~/Software/datafusion$ cargo update -p
aws-smithy-runtime
Updating crates.io index
Locking 1 package to latest compatible version
Downgrading aws-smithy-runtime v1.9.6 -> v1.9.5
note: pass `--verbose` to see 149 unchanged dependencies behind latest
```
## Are these changes tested?
I tested locally
```shell
cargo audit
```
## Are there any user-facing changes?
No this is a developmnt process only
---------
Co-authored-by: Jefffrey <[email protected]>
---
.github/workflows/audit.yml | 5 ++++-
Cargo.lock | 16 ++++++++--------
datafusion/sqllogictest/Cargo.toml | 2 +-
3 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 066151babc..e015acdb0d 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -46,4 +46,7 @@ jobs:
with:
tool: cargo-audit
- name: Run audit check
- run: cargo audit
+ # RUSTSEC-2026-0001:
https://rustsec.org/advisories/RUSTSEC-2026-0001.html
+ # underlying rkyv is patched, but rustsec database not yet updated
+ # Can remove when this is merged:
https://github.com/rustsec/advisory-db/pull/2565
+ run: cargo audit --ignore RUSTSEC-2026-0001
diff --git a/Cargo.lock b/Cargo.lock
index 8dcfbc65c2..3e345929ce 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -866,9 +866,9 @@ dependencies = [
[[package]]
name = "aws-smithy-runtime"
-version = "1.9.6"
+version = "1.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "65fda37911905ea4d3141a01364bc5509a0f32ae3f3b22d6e330c0abfb62d247"
+checksum = "a392db6c583ea4a912538afb86b7be7c5d8887d91604f50eb55c262ee1b4a5f5"
dependencies = [
"aws-smithy-async",
"aws-smithy-http",
@@ -5282,9 +5282,9 @@ dependencies = [
[[package]]
name = "rkyv"
-version = "0.7.45"
+version = "0.7.46"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "9008cd6385b9e161d8229e1f6549dd23c3d022f132a2ea37ac3a10ac4935779b"
+checksum = "2297bf9c81a3f0dc96bc9521370b88f054168c29826a75e89c55ff196e7ed6a1"
dependencies = [
"bitvec",
"bytecheck",
@@ -5300,9 +5300,9 @@ dependencies = [
[[package]]
name = "rkyv_derive"
-version = "0.7.45"
+version = "0.7.46"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "503d1d27590a2b0a3a4ca4c94755aa2875657196ecbf401a42eff41d7de532c0"
+checksum = "84d7b42d4b8d06048d3ac8db0eb31bcb942cbeb709f0b5f2b2ebde398d3038f5"
dependencies = [
"proc-macro2",
"quote",
@@ -5351,9 +5351,9 @@ dependencies = [
[[package]]
name = "rust_decimal"
-version = "1.38.0"
+version = "1.39.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "c8975fc98059f365204d635119cf9c5a60ae67b841ed49b5422a9a7e56cdfac0"
+checksum = "35affe401787a9bd846712274d97654355d21b2a2c092a3139aabe31e9022282"
dependencies = [
"arrayvec",
"borsh",
diff --git a/datafusion/sqllogictest/Cargo.toml
b/datafusion/sqllogictest/Cargo.toml
index a26a1d4422..b47d9f2c3d 100644
--- a/datafusion/sqllogictest/Cargo.toml
+++ b/datafusion/sqllogictest/Cargo.toml
@@ -57,7 +57,7 @@ log = { workspace = true }
object_store = { workspace = true }
postgres-protocol = { version = "0.6.7", optional = true }
postgres-types = { version = "0.2.11", features = ["derive",
"with-chrono-0_4"], optional = true }
-rust_decimal = { version = "1.38.0", features = ["tokio-pg"] }
+rust_decimal = { version = "1.39.0", features = ["tokio-pg"] }
# When updating the following dependency verify that sqlite test file
regeneration works correctly
# by running the regenerate_sqlite_files.sh script.
sqllogictest = "0.28.4"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
