alamb opened a new pull request, #10201: URL: https://github.com/apache/arrow-rs/pull/10201
# Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. --> - Closes #10200 # Rationale for this change `cargo audit` currently fails because `Cargo.lock` pins `quinn-proto` to `0.11.14`, which is affected by RUSTSEC-2026-0185: > Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly The advisory recommends upgrading to `quinn-proto >=0.11.15`. # What changes are included in this PR? This PR updates the locked `quinn-proto` dependency from `0.11.14` to `0.11.15`. # Are these changes tested? Yes. I ran: ```shell cargo audit ``` It now completes successfully, reporting only the two existing allowed warnings for `paste` and `memmap2`. # Are there any user-facing changes? No. This is a lockfile-only dependency update. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
