Deps.rs

datafusion-common 47.0.0

[![dependency status](https://deps.rs/crate/datafusion-common/47.0.0/status.svg)](https://deps.rs/crate/datafusion-common/47.0.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate datafusion-common

Dependencies

(18 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 ahash^0.80.8.11up to date
 apache-avro^0.170.18.0out of date
 arrow^55.0.055.0.0up to date
 arrow-ipc^55.0.055.0.0up to date
 base64^0.22.10.22.1up to date
 half^2.5.02.6.0up to date
 hashbrown^0.14.50.15.2out of date
 indexmap^2.9.02.9.0up to date
 libc^0.2.1710.2.172up to date
 log^0.40.4.27up to date
 object_store^0.12.00.12.0up to date
 parquet^55.0.055.0.0up to date
 paste^1.0.151.0.15up to date
 pyo3 ⚠️^0.24.00.24.2maybe insecure
 recursive^0.1.10.1.1up to date
 sqlparser^0.55.00.55.0up to date
 tokio^1.441.44.2up to date
 web-time^1.1.01.1.0up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 chrono^0.4.380.4.40up to date
 insta^1.41.11.42.2up to date
 rand^0.8.50.9.1out of date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.