This is an automated email from the ASF dual-hosted git repository.
comphead pushed a commit to branch branch-52
in repository https://gitbox.apache.org/repos/asf/datafusion.git
The following commit(s) were added to refs/heads/branch-52 by this push:
new 30545ba3ff [branch-52] Update aws-smithy, bytes and time for security
audits (#20546)
30545ba3ff is described below
commit 30545ba3fffc1a738000c871491779a215d57005
Author: Andrew Lamb <[email protected]>
AuthorDate: Wed Feb 25 17:42:01 2026 -0500
[branch-52] Update aws-smithy, bytes and time for security audits (#20546)
## Which issue does this PR close?
- Part of https://github.com/apache/datafusion/issues/20287
## Rationale for this change
The security audit CI check [failed
here](https://github.com/apache/datafusion/actions/runs/22381549301/job/64783156671?pr=20539)
on
- https://github.com/apache/datafusion/pull/20539
This is due to some dependencies being yanked (aws-smithy specifically)
## What changes are included in this PR?
Let's update the relevant dependencies with small security related fixes
## Are these changes tested?
<!--
We typically require tests for all PRs in order to:
1. Prevent the code from being accidentally broken by subsequent changes
2. Serve as another way to document the expected behavior of the code
If tests are not included in your PR, please explain why (for example,
are they covered by existing tests)?
-->
## Are there any user-facing changes?
<!--
If there are user-facing changes then we may require documentation to be
updated before approving the PR.
-->
<!--
If there are any breaking changes to public APIs, please add the `api
change` label.
-->
---
Cargo.lock | 100 +++++++++++++++++++++++++++++++++++++------------------------
1 file changed, 61 insertions(+), 39 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 194358e620..45872ccfad 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -603,7 +603,7 @@ dependencies = [
"aws-sdk-ssooidc",
"aws-sdk-sts",
"aws-smithy-async",
- "aws-smithy-http",
+ "aws-smithy-http 0.62.6",
"aws-smithy-json",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
@@ -665,7 +665,7 @@ dependencies = [
"aws-credential-types",
"aws-sigv4",
"aws-smithy-async",
- "aws-smithy-http",
+ "aws-smithy-http 0.62.6",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
"aws-smithy-types",
@@ -689,7 +689,7 @@ dependencies = [
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
- "aws-smithy-http",
+ "aws-smithy-http 0.62.6",
"aws-smithy-json",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
@@ -711,7 +711,7 @@ dependencies = [
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
- "aws-smithy-http",
+ "aws-smithy-http 0.62.6",
"aws-smithy-json",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
@@ -733,7 +733,7 @@ dependencies = [
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
- "aws-smithy-http",
+ "aws-smithy-http 0.62.6",
"aws-smithy-json",
"aws-smithy-query",
"aws-smithy-runtime",
@@ -754,7 +754,7 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "69e523e1c4e8e7e8ff219d732988e22bfeae8a1cafdbe6d9eca1546fa080be7c"
dependencies = [
"aws-credential-types",
- "aws-smithy-http",
+ "aws-smithy-http 0.62.6",
"aws-smithy-runtime-api",
"aws-smithy-types",
"bytes",
@@ -771,9 +771,9 @@ dependencies = [
[[package]]
name = "aws-smithy-async"
-version = "1.2.7"
+version = "1.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "9ee19095c7c4dda59f1697d028ce704c24b2d33c6718790c7f1d5a3015b4107c"
+checksum = "3cba48474f1d6807384d06fec085b909f5807e16653c5af5c45dfe89539f0b70"
dependencies = [
"futures-util",
"pin-project-lite",
@@ -801,11 +801,32 @@ dependencies = [
"tracing",
]
+[[package]]
+name = "aws-smithy-http"
+version = "0.63.4"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "af4a8a5fe3e4ac7ee871237c340bbce13e982d37543b65700f4419e039f5d78e"
+dependencies = [
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "bytes",
+ "bytes-utils",
+ "futures-core",
+ "futures-util",
+ "http 1.3.1",
+ "http-body 1.0.1",
+ "http-body-util",
+ "percent-encoding",
+ "pin-project-lite",
+ "pin-utils",
+ "tracing",
+]
+
[[package]]
name = "aws-smithy-http-client"
-version = "1.1.5"
+version = "1.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "59e62db736db19c488966c8d787f52e6270be565727236fd5579eaa301e7bc4a"
+checksum = "0709f0083aa19b704132684bc26d3c868e06bd428ccc4373b0b55c3e8748a58b"
dependencies = [
"aws-smithy-async",
"aws-smithy-runtime-api",
@@ -836,9 +857,9 @@ dependencies = [
[[package]]
name = "aws-smithy-observability"
-version = "0.1.5"
+version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "17f616c3f2260612fe44cede278bafa18e73e6479c4e393e2c4518cf2a9a228a"
+checksum = "4d3f39d5bb871aaf461d59144557f16d5927a5248a983a40654d9cf3b9ba183b"
dependencies = [
"aws-smithy-runtime-api",
]
@@ -855,12 +876,12 @@ dependencies = [
[[package]]
name = "aws-smithy-runtime"
-version = "1.9.6"
+version = "1.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "65fda37911905ea4d3141a01364bc5509a0f32ae3f3b22d6e330c0abfb62d247"
+checksum = "8fd3dfc18c1ce097cf81fced7192731e63809829c6cbf933c1ec47452d08e1aa"
dependencies = [
"aws-smithy-async",
- "aws-smithy-http",
+ "aws-smithy-http 0.63.4",
"aws-smithy-http-client",
"aws-smithy-observability",
"aws-smithy-runtime-api",
@@ -871,6 +892,7 @@ dependencies = [
"http 1.3.1",
"http-body 0.4.6",
"http-body 1.0.1",
+ "http-body-util",
"pin-project-lite",
"pin-utils",
"tokio",
@@ -879,9 +901,9 @@ dependencies = [
[[package]]
name = "aws-smithy-runtime-api"
-version = "1.9.3"
+version = "1.11.4"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "ab0d43d899f9e508300e587bf582ba54c27a452dd0a9ea294690669138ae14a2"
+checksum = "8c55e0837e9b8526f49e0b9bfa9ee18ddee70e853f5bc09c5d11ebceddcb0fec"
dependencies = [
"aws-smithy-async",
"aws-smithy-types",
@@ -896,9 +918,9 @@ dependencies = [
[[package]]
name = "aws-smithy-types"
-version = "1.3.5"
+version = "1.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "905cb13a9895626d49cf2ced759b062d913834c7482c38e49557eac4e6193f01"
+checksum = "8ca2734c16913a45343b37313605d84e7d8b34a4611598ce1d25b35860a2bed3"
dependencies = [
"base64-simd",
"bytes",
@@ -1225,9 +1247,9 @@ checksum =
"1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
[[package]]
name = "bytes"
-version = "1.11.0"
+version = "1.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
[[package]]
name = "bytes-utils"
@@ -2752,7 +2774,7 @@ dependencies = [
"libc",
"option-ext",
"redox_users",
- "windows-sys 0.61.0",
+ "windows-sys 0.60.2",
]
[[package]]
@@ -2896,7 +2918,7 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
dependencies = [
"libc",
- "windows-sys 0.61.0",
+ "windows-sys 0.60.2",
]
[[package]]
@@ -3772,9 +3794,9 @@ dependencies = [
[[package]]
name = "itoa"
-version = "1.0.15"
+version = "1.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
[[package]]
name = "jiff"
@@ -4192,9 +4214,9 @@ dependencies = [
[[package]]
name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"
[[package]]
name = "num-integer"
@@ -5230,7 +5252,7 @@ dependencies = [
"errno",
"libc",
"linux-raw-sys",
- "windows-sys 0.61.0",
+ "windows-sys 0.60.2",
]
[[package]]
@@ -5322,9 +5344,9 @@ dependencies = [
[[package]]
name = "ryu"
-version = "1.0.20"
+version = "1.0.23"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
+checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
[[package]]
name = "same-file"
@@ -5948,7 +5970,7 @@ dependencies = [
"getrandom 0.3.4",
"once_cell",
"rustix",
- "windows-sys 0.61.0",
+ "windows-sys 0.60.2",
]
[[package]]
@@ -6043,30 +6065,30 @@ dependencies = [
[[package]]
name = "time"
-version = "0.3.44"
+version = "0.3.47"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
dependencies = [
"deranged",
"itoa",
"num-conv",
"powerfmt",
- "serde",
+ "serde_core",
"time-core",
"time-macros",
]
[[package]]
name = "time-core"
-version = "0.1.6"
+version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
[[package]]
name = "time-macros"
-version = "0.2.24"
+version = "0.2.27"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
dependencies = [
"num-conv",
"time-core",
@@ -6835,7 +6857,7 @@ version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index";
checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
dependencies = [
- "windows-sys 0.61.0",
+ "windows-sys 0.60.2",
]
[[package]]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
