This is an automated email from the ASF dual-hosted git repository.
leekei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/fluss-rust.git
The following commit(s) were added to refs/heads/main by this push:
new 4c22ad5 fix: upgrade testcontainers to 0.27.2 to resolve CVEs (#482)
4c22ad5 is described below
commit 4c22ad5012568be420685aab0527f76a7341d446
Author: Keith Lee <[email protected]>
AuthorDate: Sun Apr 5 22:13:52 2026 +0100
fix: upgrade testcontainers to 0.27.2 to resolve CVEs (#482)
* fix: upgrade testcontainers to 0.27.2 to resolve CVEs
Fixes RUSTSEC-2026-0066 (astral-tokio-tar) and
RUSTSEC-2025-0134 (rustls-pemfile unmaintained).
* chore: remove unused test-env-helpers dev-dependency
---
Cargo.lock | 179 +++++++++++++++++++-----------------------------
crates/fluss/Cargo.toml | 3 +-
2 files changed, 70 insertions(+), 112 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index a3b533d..5af3f87 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -324,9 +324,9 @@ dependencies = [
[[package]]
name = "astral-tokio-tar"
-version = "0.5.6"
+version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "ec179a06c1769b1e42e1e2cbe74c7dcdb3d6383c838454d063eaac5bbb7ebbe5"
+checksum = "3c23f3af104b40a3430ccb90ed5f7bd877a8dc5c26fc92fde51a22b40890dcf9"
dependencies = [
"filetime",
"futures-core",
@@ -357,7 +357,7 @@ checksum =
"c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -368,7 +368,7 @@ checksum =
"9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -501,9 +501,9 @@ dependencies = [
[[package]]
name = "bollard"
-version = "0.19.4"
+version = "0.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "87a52479c9237eb04047ddb94788c41ca0d26eaff8b697ecfbb4c32f7fdc3b1b"
+checksum = "ee04c4c84f1f811b017f2fbb7dd8815c976e7ca98593de9c1e2afad0f636bff4"
dependencies = [
"async-stream",
"base64 0.22.1",
@@ -511,7 +511,6 @@ dependencies = [
"bollard-buildkit-proto",
"bollard-stubs",
"bytes",
- "chrono",
"futures-core",
"futures-util",
"hex",
@@ -529,14 +528,13 @@ dependencies = [
"rand 0.9.2",
"rustls",
"rustls-native-certs",
- "rustls-pemfile",
"rustls-pki-types",
"serde",
"serde_derive",
"serde_json",
- "serde_repr",
"serde_urlencoded",
"thiserror 2.0.18",
+ "time",
"tokio",
"tokio-stream",
"tokio-util",
@@ -561,19 +559,18 @@ dependencies = [
[[package]]
name = "bollard-stubs"
-version = "1.49.1-rc.28.4.0"
+version = "1.52.1-rc.29.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "5731fe885755e92beff1950774068e0cae67ea6ec7587381536fca84f1779623"
+checksum = "0f0a8ca8799131c1837d1282c3f81f31e76ceb0ce426e04a7fe1ccee3287c066"
dependencies = [
"base64 0.22.1",
"bollard-buildkit-proto",
"bytes",
- "chrono",
"prost",
"serde",
"serde_json",
"serde_repr",
- "serde_with",
+ "time",
]
[[package]]
@@ -663,7 +660,7 @@ dependencies = [
"heck",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -819,7 +816,7 @@ dependencies = [
"proc-macro2",
"quote",
"scratch",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -833,7 +830,7 @@ dependencies = [
"indexmap 2.13.1",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -851,7 +848,7 @@ dependencies = [
"indexmap 2.13.1",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -874,7 +871,7 @@ dependencies = [
"proc-macro2",
"quote",
"strsim",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -885,7 +882,7 @@ checksum =
"ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d"
dependencies = [
"darling_core",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -910,7 +907,7 @@ checksum =
"780eb241654bf097afb00fc5f054a09b687dad862e485fdcf8399bb056565370"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -943,7 +940,7 @@ checksum =
"97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -1007,13 +1004,12 @@ dependencies = [
[[package]]
name = "etcetera"
-version = "0.10.0"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "26c7b13d0780cb82722fd59f6f57f925e143427e4a75313a6c77243bf5326ae6"
+checksum = "de48cc4d1c1d97a20fd819def54b890cadde72ed3ad0c614822a0a433361be96"
dependencies = [
"cfg-if",
- "home",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
]
[[package]]
@@ -1022,6 +1018,17 @@ version = "2.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
checksum = "a043dc74da1e37d6afe657061213aa6f425f855399a11d3463c6ecccc4dfda1f"
+[[package]]
+name = "ferroid"
+version = "0.8.9"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "bb330bbd4cb7a5b9f559427f06f98a4f853a137c8298f3bd3f8ca57663e21986"
+dependencies = [
+ "portable-atomic",
+ "rand 0.9.2",
+ "web-time",
+]
+
[[package]]
name = "filetime"
version = "0.2.27"
@@ -1110,7 +1117,6 @@ dependencies = [
"strum",
"strum_macros",
"tempfile",
- "test-env-helpers",
"testcontainers",
"thiserror 1.0.69",
"tokio",
@@ -1224,7 +1230,7 @@ checksum =
"e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -1789,7 +1795,7 @@ checksum =
"2a8c8b344124222efd714b73bb41f8b5120b27a7cc1c75593a6ff768d9d05aa4"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2234,7 +2240,7 @@ dependencies = [
"regex",
"regex-syntax",
"structmeta",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2248,7 +2254,7 @@ dependencies = [
"regex",
"regex-syntax",
"structmeta",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2285,7 +2291,7 @@ checksum =
"d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2352,7 +2358,7 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
dependencies = [
"proc-macro2",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2389,7 +2395,7 @@ dependencies = [
"prost",
"prost-types",
"regex",
- "syn 2.0.117",
+ "syn",
"tempfile",
]
@@ -2403,7 +2409,7 @@ dependencies = [
"itertools",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2474,7 +2480,7 @@ dependencies = [
"proc-macro2",
"pyo3-macros-backend",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2487,7 +2493,7 @@ dependencies = [
"proc-macro2",
"pyo3-build-config",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2697,7 +2703,7 @@ checksum =
"b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -2879,15 +2885,6 @@ dependencies = [
"security-framework",
]
-[[package]]
-name = "rustls-pemfile"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
-dependencies = [
- "rustls-pki-types",
-]
-
[[package]]
name = "rustls-pki-types"
version = "1.14.0"
@@ -3022,7 +3019,7 @@ checksum =
"d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3055,7 +3052,7 @@ checksum =
"175ee3e80ae9982737ca543e96133087cbd9a485eecc3bc4de9c1a37b47ea59c"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3098,7 +3095,7 @@ dependencies = [
"darling",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3175,7 +3172,7 @@ dependencies = [
"heck",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3209,7 +3206,7 @@ dependencies = [
"proc-macro2",
"quote",
"structmeta-derive",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3220,7 +3217,7 @@ checksum =
"152a0b65a590ff6c3da95cabe2353ee04e6167c896b28e3b14478c2636c922fc"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3239,7 +3236,7 @@ dependencies = [
"proc-macro2",
"quote",
"rustversion",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3326,17 +3323,6 @@ dependencies = [
"sval_nested",
]
-[[package]]
-name = "syn"
-version = "1.0.109"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
[[package]]
name = "syn"
version = "2.0.117"
@@ -3365,7 +3351,7 @@ checksum =
"728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3402,21 +3388,11 @@ dependencies = [
"winapi-util",
]
-[[package]]
-name = "test-env-helpers"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "c6ab8f4822c904dadef9dd99f228f58a10d1b2c6ece06b108257e72fea72b1c6"
-dependencies = [
- "quote",
- "syn 1.0.109",
-]
-
[[package]]
name = "testcontainers"
-version = "0.25.2"
+version = "0.27.2"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "3f3ac71069f20ecfa60c396316c283fbf35e6833a53dff551a31b5458da05edc"
+checksum = "0bd36b06a2a6c0c3c81a83be1ab05fe86460d054d4d51bf513bc56b3e15bdc22"
dependencies = [
"astral-tokio-tar",
"async-trait",
@@ -3425,7 +3401,10 @@ dependencies = [
"docker_credential",
"either",
"etcetera",
+ "ferroid",
"futures",
+ "http",
+ "itertools",
"log",
"memchr",
"parse-display 0.9.1",
@@ -3437,7 +3416,6 @@ dependencies = [
"tokio",
"tokio-stream",
"tokio-util",
- "ulid",
"url",
]
@@ -3467,7 +3445,7 @@ checksum =
"4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3478,7 +3456,7 @@ checksum =
"ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3591,7 +3569,7 @@ checksum =
"385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3736,7 +3714,7 @@ checksum =
"7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -3772,16 +3750,6 @@ version = "1.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
-[[package]]
-name = "ulid"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "470dbf6591da1b39d43c14523b2b469c86879a53e8b758c8e090a470fe7b1fbe"
-dependencies = [
- "rand 0.9.2",
- "web-time",
-]
-
[[package]]
name = "unicode-ident"
version = "1.0.24"
@@ -3999,7 +3967,7 @@ dependencies = [
"bumpalo",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
"wasm-bindgen-shared",
]
@@ -4140,7 +4108,7 @@ checksum =
"053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -4151,7 +4119,7 @@ checksum =
"3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -4187,15 +4155,6 @@ dependencies = [
"windows-targets 0.52.6",
]
-[[package]]
-name = "windows-sys"
-version = "0.59.0"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
-dependencies = [
- "windows-targets 0.52.6",
-]
-
[[package]]
name = "windows-sys"
version = "0.60.2"
@@ -4373,7 +4332,7 @@ dependencies = [
"heck",
"indexmap 2.13.1",
"prettyplease",
- "syn 2.0.117",
+ "syn",
"wasm-metadata",
"wit-bindgen-core",
"wit-component",
@@ -4389,7 +4348,7 @@ dependencies = [
"prettyplease",
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
"wit-bindgen-core",
"wit-bindgen-rust",
]
@@ -4475,7 +4434,7 @@ checksum =
"de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
"synstructure",
]
@@ -4496,7 +4455,7 @@ checksum =
"70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
@@ -4516,7 +4475,7 @@ checksum =
"11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
"synstructure",
]
@@ -4556,7 +4515,7 @@ checksum =
"625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.117",
+ "syn",
]
[[package]]
diff --git a/crates/fluss/Cargo.toml b/crates/fluss/Cargo.toml
index 7b68e51..ef6a62d 100644
--- a/crates/fluss/Cargo.toml
+++ b/crates/fluss/Cargo.toml
@@ -79,8 +79,7 @@ strum_macros = "0.26"
jiff = { workspace = true, features = ["js"] }
[dev-dependencies]
-testcontainers = "0.25.0"
-test-env-helpers = "0.2.2"
+testcontainers = "0.27.2"
[build-dependencies]
prost-build = "0.14"
