This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/datafusion.git
The following commit(s) were added to refs/heads/main by this push:
new dc9098ef66 chore: update testcontainers and astral-tokio-tar for cargo
audit (#21114)
dc9098ef66 is described below
commit dc9098ef66d03e5e14584382844367febec80c4c
Author: Namgung Chan <[email protected]>
AuthorDate: Wed Mar 25 05:17:41 2026 +0900
chore: update testcontainers and astral-tokio-tar for cargo audit (#21114)
## Which issue does this PR close?
- N/A
## Rationale for this change
`cargo audit --ignore RUSTSEC-2024-0014` started failing due to
`RUSTSEC-2026-0066` in `astral-tokio-tar 0.5.6`, which was pulled in
transitively through `testcontainers`.
As a result, the `Security audit` GitHub Actions workflow is currently
failing on this dependency resolution.
This change only updates `Cargo.lock` because the existing version
requirements in `Cargo.toml` already allow a safe resolution.
Re-resolving the lockfile is enough to move from `testcontainers 0.27.1`
to `0.27.2`, which in turn updates `astral-tokio-tar` from `0.5.6` to
`0.6.0`.
## What changes are included in this PR?
- Updated `Cargo.lock`
- Resolved `testcontainers` from `0.27.1` to `0.27.2`
- Updated transitive `astral-tokio-tar` from `0.5.6` to `0.6.0`
## Are these changes tested?
Yes.
- `cargo test -p datafusion-cli`
- `cargo audit --ignore RUSTSEC-2024-0014`
## Are there any user-facing changes?
No.
This PR was created with the help of a coding agent.
---
Cargo.lock | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 9c06c7856e..656a0f572f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -523,9 +523,9 @@ dependencies = [
[[package]]
name = "astral-tokio-tar"
-version = "0.5.6"
+version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "ec179a06c1769b1e42e1e2cbe74c7dcdb3d6383c838454d063eaac5bbb7ebbe5"
+checksum = "3c23f3af104b40a3430ccb90ed5f7bd877a8dc5c26fc92fde51a22b40890dcf9"
dependencies = [
"filetime",
"futures-core",
@@ -6018,9 +6018,9 @@ dependencies = [
[[package]]
name = "testcontainers"
-version = "0.27.1"
+version = "0.27.2"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "c1c0624faaa317c56d6d19136580be889677259caf5c897941c6f446b4655068"
+checksum = "0bd36b06a2a6c0c3c81a83be1ab05fe86460d054d4d51bf513bc56b3e15bdc22"
dependencies = [
"astral-tokio-tar",
"async-trait",
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
