Paddy Horan created ARROW-7006:
----------------------------------
Summary: [Rust] Bump flatbuffers version to avoid vulnerability
Key: ARROW-7006
URL: https://issues.apache.org/jira/browse/ARROW-7006
Project: Apache Arrow
Issue Type: Improvement
Affects Versions: 0.15.0
Reporter: Paddy Horan
>From GitHub use emilk:
[{{cargo audit}}|https://github.com/RustSec/cargo-audit] output:
{{ID: RUSTSEC-2019-0028
Crate: flatbuffers
Version: 0.5.0
Date: 2019-10-20
URL: https://github.com/google/flatbuffers/issues/5530
Title: Unsound `impl Follow for bool`}}
The fix should be as simple as editing
[https://github.com/apache/arrow/blob/master/rust/arrow/Cargo.toml] from
{{flatbuffers = "0.5.0"}} to {{flatbuffers = "0.6.0"}}
A more longterm improvement is to add a call to {{cargo audit}} in your CI to
catch these problems as early as possible
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
