Deps.rs

pyo3-arrow 0.5.1

[![dependency status](https://deps.rs/crate/pyo3-arrow/0.5.1/status.svg)](https://deps.rs/crate/pyo3-arrow/0.5.1)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate pyo3-arrow

Dependencies

(9 total, 7 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arrow^5358.0.0out of date
 arrow-array^5358.0.0out of date
 arrow-buffer^5358.0.0out of date
 arrow-schema^5358.0.0out of date
 half^22.7.1up to date
 indexmap^22.13.0up to date
 numpy^0.220.28.0out of date
 pyo3 ⚠️^0.220.28.2out of date
 thiserror^12.0.18out of date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 arrow-select^5358.0.0out of date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.