Deps.rs

polars-lazy 0.32.1

[![dependency status](https://deps.rs/crate/polars-lazy/0.32.1/status.svg)](https://deps.rs/crate/polars-lazy/0.32.1)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate polars-lazy

Dependencies

(16 total, 10 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 ahash^0.80.8.12up to date
 bitflags^22.11.1up to date
 glob^0.30.3.3up to date
 once_cell^11.21.4up to date
 polars-arrow^0.32.10.53.0out of date
 polars-core^0.32.10.53.0out of date
 polars-io^0.32.10.53.0out of date
 polars-json^0.32.10.53.0out of date
 polars-ops^0.32.10.53.0out of date
 polars-pipe^0.32.10.48.1out of date
 polars-plan^0.32.10.53.0out of date
 polars-time^0.32.10.53.0out of date
 polars-utils^0.32.10.53.0out of date
 pyo3 ⚠️^0.190.28.3out of date
 rayon^1.61.12.0up to date
 smartstring^11.0.1up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^11.0.150up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.