AdamGS opened a new pull request, #22937: URL: https://github.com/apache/datafusion/pull/22937
## Which issue does this PR close? - Closes #. ## Rationale for this change `cargo audit` currently reports the following vulnerabilities: ``` Crate: postgres-protocol Version: 0.6.11 Title: Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service Date: 2026-06-12 ID: RUSTSEC-2026-0179 URL: https://rustsec.org/advisories/RUSTSEC-2026-0179 Severity: 8.7 (high) Solution: Upgrade to >=0.6.12 Crate: postgres-protocol Version: 0.6.11 Title: Panic decoding a malformed `hstore` value allows denial of service Date: 2026-06-12 ID: RUSTSEC-2026-0180 URL: https://rustsec.org/advisories/RUSTSEC-2026-0180 Severity: 6.9 (medium) Solution: Upgrade to >=0.6.12 Crate: tokio-postgres Version: 0.7.17 Title: Panic on a `DataRow` with fewer fields than columns allows denial of service Date: 2026-06-12 ID: RUSTSEC-2026-0178 URL: https://rustsec.org/advisories/RUSTSEC-2026-0178 Severity: 6.9 (medium) Solution: Upgrade to >=0.7.18 ``` ## What changes are included in this PR? Upgrade the minimal version of the `tokio-postgres` dependency ## Are these changes tested? Existing tests ## Are there any user-facing changes? None -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
