[I] Update lexical-core version due to soundness issues with current version [arrow-rs]

Thu, 26 Sep 2024 17:58:10 -0700 


andygrove opened a new issue, #6468:
URL: https://github.com/apache/arrow-rs/issues/6468

   **Is your feature request related to a problem or challenge? Please describe 
what you are trying to do.**
   <!--
   A clear and concise description of what the problem is. Ex. I'm always 
frustrated when [...] 
   (This section helps Arrow developers understand the context and *why* for 
this feature, in addition to  the *what*)
   -->
   
   `cargo deny check all` advises:
   
   ```
   129 │ lexical-core 0.8.5 
registry+https://github.com/rust-lang/crates.io-index
       │ 
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 
unsound advisory detected
       │
       ├ ID: RUSTSEC-2023-0086
       ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0086
       ├ `RUSTSEC-2024-0377` contains multiple soundness issues:
         
          1. [Bytes::read() allows creating instances of types with invalid bit 
patterns](https://github.com/Alexhuszagh/rust-lexical/issues/102)
          1. [BytesIter::read() advances iterators out of 
bounds](https://github.com/Alexhuszagh/rust-lexical/issues/101)
          1. [The `BytesIter` trait has safety invariants but is public and not 
marked `unsafe`](https://github.com/Alexhuszagh/rust-lexical/issues/104)
          1. [`write_float()` calls `MaybeUninit::assume_init()` on 
uninitialized data, which is is not allowed by the Rust abstract 
machine](https://github.com/Alexhuszagh/rust-lexical/issues/95)
          1. [`radix()` calls `MaybeUninit::assume_init()` on uninitialized 
data, which is is not allowed by the Rust abstract 
machine](https://github.com/Alexhuszagh/rust-lexical/issues/126)
   ```
   
   **Describe the solution you'd like**
   <!--
   A clear and concise description of what you want to happen.
   -->
   
   Upgrade to 1.x version
   
   **Describe alternatives you've considered**
   <!--
   A clear and concise description of any alternative solutions or features 
you've considered.
   -->
   
   **Additional context**
   <!--
   Add any other context or screenshots about the feature request here.
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to