[
https://issues.apache.org/jira/browse/ARROW-7006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paddy Horan updated ARROW-7006:
-------------------------------
Component/s: Rust
Fix Version/s: 1.0.0
> [Rust] Bump flatbuffers version to avoid vulnerability
> ------------------------------------------------------
>
> Key: ARROW-7006
> URL: https://issues.apache.org/jira/browse/ARROW-7006
> Project: Apache Arrow
> Issue Type: Improvement
> Components: Rust
> Affects Versions: 0.15.0
> Reporter: Paddy Horan
> Assignee: Paddy Horan
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> From GitHub use emilk:
> [{{cargo audit}}|https://github.com/RustSec/cargo-audit] output:
>
> {{ID: RUSTSEC-2019-0028
> Crate: flatbuffers
> Version: 0.5.0
> Date: 2019-10-20
> URL: https://github.com/google/flatbuffers/issues/5530
> Title: Unsound `impl Follow for bool`}}
> The fix should be as simple as editing
> [https://github.com/apache/arrow/blob/master/rust/arrow/Cargo.toml] from
> {{flatbuffers = "0.5.0"}} to {{flatbuffers = "0.6.0"}}
> A more longterm improvement is to add a call to {{cargo audit}} in your CI to
> catch these problems as early as possible
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
