This is an automated email from the ASF dual-hosted git repository.
dheres pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git
The following commit(s) were added to refs/heads/main by this push:
new 5a1a13a7b3 build(deps): update lz4_flex requirement from 0.11 to 0.12
(#8820)
5a1a13a7b3 is described below
commit 5a1a13a7b39cef7ee71011a1f42f11338e6acd5d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Wed Nov 12 11:34:11 2025 +0100
build(deps): update lz4_flex requirement from 0.11 to 0.12 (#8820)
Updates the requirements on
[lz4_flex](https://github.com/pseitz/lz4_flex) to permit the latest
version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PSeitz/lz4_flex/blob/main/CHANGELOG.md";>lz4_flex's
changelog</a>.</em></p>
<blockquote>
<h1>0.12.0 (2025-11-11)</h1>
<ul>
<li>Fix integer overflows when decoding large payloads <a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/192";>#192</a>
(thanks <a
href="https://github.com/teh-cmc";><code>@teh-cmc</code></a>)</li>
</ul>
<pre><code>This fixes an u32 integer overflow when decoding large
payloads in the block format.
Note: The block format is not suitable for such large payloads, since it
keeps everything in memory. Consider using the frame format for large
data.
<p>This change also removes a unsafe fast-path for write_integer to
simplify the code.
The performance impact is on incompressible data, which is already fast
enough.
</code></pre></p>
<h1>0.11.5 (2025-06-19)</h1>
<ul>
<li>Fix incorrect rust-version field name in Cargo.toml <a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/187";>#187</a></li>
</ul>
<h1>0.11.4 (2025-06-14)</h1>
<ul>
<li>Upgrade to twox-hash 2.0<a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/175";>#175</a></li>
<li>Better <code>no_std</code> compatibility <a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/180";>#180</a></li>
</ul>
<h1>0.11.3 (2024-03-30)</h1>
<ul>
<li>Fix support for <code>--deny=unsafe_code</code> compilation <a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/152";>#152</a></li>
<li>make <code>get_maximum_output_size</code> const <a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/153";>#153</a></li>
</ul>
<h1>0.11.2 (2024-01-11)</h1>
<ul>
<li>Include license file in the published crate</li>
</ul>
<h1>0.11.1 (2023-06-19)</h1>
<ul>
<li>[<strong>breaking</strong>] remove <code>unchecked-decode</code>
Remove <code>unchecked-decode</code> feature-flag, because of feature
unification:
<a
href="https://doc.rust-lang.org/cargo/reference/features.html#feature-unification";>https://doc.rust-lang.org/cargo/reference/features.html#feature-unification</a></li>
</ul>
<h1>0.11.0 (2023-06-18)</h1>
<h3>Documentation</h3>
<ul>
<li>Docs: add decompress block example</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Handle empty input in Frame Format <a
href="https://redirect.github.com/PSeitz/lz4_flex/pull/120";>#120</a></li>
</ul>
<pre><code>Empty input was ignored previously and didn't write anything.
Now an empty Frame is written. This improves compatibility with the
reference implementation and some corner cases.
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/975bfa7ac9583da879b5d7578b423232d84f69fe";><code>975bfa7</code></a>
bump version to 0.12.0</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/40d81107aba09e62b14a04938443d6edd885b540";><code>40d8110</code></a>
update readme</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/642020e842cf4b9ba15173765fab4df40a8574fa";><code>642020e</code></a>
bump version to 0.12</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/5295b1601ef27629f7cf6d7f157f50d51c1308ee";><code>5295b16</code></a>
chore(readme): add python binding impl</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/c1483c4db47d1086489b72337762db7b458b6132";><code>c1483c4</code></a>
fix the issue</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/b3c03bea751f25e58819724caab81d5856c895c7";><code>b3c03be</code></a>
implement test demonstrating the issue</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/a61ee5f23f409641a8c8ab27cac784cdba57d708";><code>a61ee5f</code></a>
remove unsafe write_integer which AFAICT is not used <em>and</em>
broken</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/ad71a3103daa37f8ddd139f0c29b6e4ce8724ba3";><code>ad71a31</code></a>
fix illegal doc comment</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/f1c070e987b7d056c4868b19e0b00149f4256653";><code>f1c070e</code></a>
clippy</li>
<li><a
href="https://github.com/PSeitz/lz4_flex/commit/1496be413a0a5236f1aa8d3b8f14169ef7ce42d2";><code>1496be4</code></a>
update binggan</li>
<li>Additional commits viewable in <a
href="https://github.com/pseitz/lz4_flex/compare/0.11...0.12.0";>compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniël Heres <[email protected]>
---
arrow-ipc/Cargo.toml | 2 +-
parquet/Cargo.toml | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arrow-ipc/Cargo.toml b/arrow-ipc/Cargo.toml
index a3aa930c41..943852ffde 100644
--- a/arrow-ipc/Cargo.toml
+++ b/arrow-ipc/Cargo.toml
@@ -42,7 +42,7 @@ arrow-data = { workspace = true }
arrow-schema = { workspace = true }
arrow-select = { workspace = true}
flatbuffers = { version = "25.2.10", default-features = false }
-lz4_flex = { version = "0.11", default-features = false, features = ["std",
"frame"], optional = true }
+lz4_flex = { version = "0.12", default-features = false, features = ["std",
"frame"], optional = true }
zstd = { version = "0.13.0", default-features = false, optional = true }
[features]
diff --git a/parquet/Cargo.toml b/parquet/Cargo.toml
index 0d2ffa5361..ba9892d329 100644
--- a/parquet/Cargo.toml
+++ b/parquet/Cargo.toml
@@ -58,7 +58,7 @@ snap = { version = "1.0", default-features = false, optional
= true }
brotli = { version = "8.0", default-features = false, features = ["std"],
optional = true }
# To use `flate2` you must enable either the `flate2-zlib-rs` or
`flate2-rust_backened` backends
flate2 = { version = "1.1", default-features = false, optional = true }
-lz4_flex = { version = "0.11", default-features = false, features = ["std",
"frame"], optional = true }
+lz4_flex = { version = "0.12", default-features = false, features = ["std",
"frame"], optional = true }
zstd = { version = "0.13", optional = true, default-features = false }
chrono = { workspace = true }
num-bigint = { version = "0.4", default-features = false }
@@ -87,7 +87,7 @@ tempfile = { version = "3.0", default-features = false }
insta = "1.43.1"
brotli = { version = "8.0", default-features = false, features = ["std"] }
flate2 = { version = "1.0", default-features = false, features =
["rust_backend"] }
-lz4_flex = { version = "0.11", default-features = false, features = ["std",
"frame"] }
+lz4_flex = { version = "0.12", default-features = false, features = ["std",
"frame"] }
zstd = { version = "0.13", default-features = false }
serde_json = { version = "1.0", features = ["std"], default-features = false }
arrow = { workspace = true, features = ["ipc", "test_utils", "prettyprint",
"json"] }
