Skip to content

cargo audit is failing on main #21652

Closed
Bug
#21655
Closed
cargo audit is failing on main#21652
Bug
#21655
Assignees
alamb
Labels
bugSomething isn't working
@alamb

Description

@alamb
alamb
opened on Apr 15, 2026

Describe the bug

Its a new day and we now have a new RUSTSEC failure

Here is an example failure: https://github.com/apache/datafusion/actions/runs/24458936303/job/71467326709

Details 

Run cargo audit --ignore RUSTSEC-2024-0014
  cargo audit --ignore RUSTSEC-2024-0014
  shell: /usr/bin/bash -e {0}
info: syncing channel updates for 1.94.0-x86_64-unknown-linux-gnu
info: latest update on 2026-03-05 for version 1.94.0 (4a4ef493e 2026-03-02)
info: downloading 5 components
    Fetching advisory database from `[https://github.com/RustSec/advisory-db.git`](https://github.com/RustSec/advisory-db.git%60)
      Loaded 1046 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (665 crate dependencies)
Crate:     rustls-webpki
Version:   0.103.10
Title:     Name constraints for URI names were incorrectly accepted
Date:      2026-04-14
ID:        RUSTSEC-2026-0098
URL:       https://rustsec.org/advisories/RUSTSEC-2026-0098
Solution:  Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6
Dependency tree:
rustls-webpki 0.103.10
└── rustls 0.23.37
    ├── ureq 3.2.1
    │   └── bollard-buildkit-proto 0.7.0
    │       ├── bollard-stubs 1.52.1-rc.29.1.3
    │       │   └── bollard 0.20.2
    │       │       └── testcontainers 0.27.2
    │       │           └── testcontainers-modules 0.15.0
    │       │               ├── datafusion-sqllogictest 53.0.0
    │       │               └── datafusion-cli 53.0.0
    │       └── bollard 0.20.2
    ├── tokio-rustls 0.26.4
    │   ├── reqwest 0.12.28
    │   │   └── object_store 0.13.2
    │   │       ├── parquet 58.1.0
    │   │       │   ├── datafusion-execution 53.0.0
    │   │       │   │   ├── datafusion-wasmtest 53.0.0
    │   │       │   │   ├── datafusion-spark 53.0.0
    │   │       │   │   │   └── datafusion-sqllogictest 53.0.0
    │   │       │   │   ├── datafusion-session 53.0.0
    │   │       │   │   │   ├── datafusion-ffi 53.0.0
    │   │       │   │   │   │   ├── ffi_module_loader 0.1.0
    │   │       │   │   │   │   ├── ffi_module_interface 0.1.0
    │   │       │   │   │   │   │   ├── ffi_module_loader 0.1.0
    │   │       │   │   │   │   │   └── ffi_example_table_provider 0.1.0
    │   │       │   │   │   │   └── ffi_example_table_provider 0.1.0
    │   │       │   │   │   ├── datafusion-datasource-parquet 53.0.0
    │   │       │   │   │   │   ├── datafusion-proto 53.0.0
    │   │       │   │   │   │   │   ├── datafusion-ffi 53.0.0
    │   │       │   │   │   │   │   ├── datafusion-examples 53.0.0
    │   │       │   │   │   │   │   └── datafusion-benchmarks 53.0.0
    │   │   ├── datafusion-functions-aggregate-common 53.0.0
    │   │   ├── datafusion-functions-aggregate 53.0.0
    │   │   ├── datafusion-functions 53.0.0
    │   │   ├── datafusion-ffi 53.0.0
    │   │   ├── datafusion-expr-common 53.0.0
    │   │   │   ├── datafusion-pruning 53.0.0
    │   │   │   ├── datafusion-physical-optimizer 53.0.0
    │   │   │   ├── datafusion-physical-expr-common 53.0.0
    │   │   │   ├── datafusion-physical-expr 53.0.0
    │   │   │   ├── datafusion-optimizer 53.0.0
    │   │   │   ├── datafusion-functions-nested 53.0.0
    │   │   │   ├── datafusion-functions-aggregate-common 53.0.0
    │   │   │   ├── datafusion-functions 53.0.0
    │   │   │   ├── datafusion-expr 53.0.0
    │   │   │   └── datafusion 53.0.0
    │   │   ├── datafusion-expr 53.0.0
    │   │   ├── datafusion-execution 53.0.0
    │   │   ├── datafusion-examples 53.0.0
    │   │   ├── datafusion-datasource-parquet 53.0.0
    │   │   ├── datafusion-datasource-json 53.0.0
    │   │   ├── datafusion-datasource-csv 53.0.0
    │   │   ├── datafusion-datasource-avro 53.0.0
    │   │   ├── datafusion-datasource-arrow 53.0.0
    │   │   ├── datafusion-datasource 53.0.0
    │   │   ├── datafusion-cli 53.0.0
    │   │   ├── datafusion-catalog-listing 53.0.0
    │   │   ├── datafusion-catalog 53.0.0
    │   │   ├── datafusion-benchmarks 53.0.0
    │   │   └── datafusion 53.0.0
    │   ├── datafusion-cli 53.0.0
    │   ├── datafusion-benchmarks 53.0.0
    │   └── datafusion 53.0.0
    ├── datafusion-wasmtest 53.0.0
    ├── datafusion-substrait 53.0.0
    ├── datafusion-sqllogictest 53.0.0
    ├── datafusion-proto 53.0.0
    ├── datafusion-execution 53.0.0
    ├── datafusion-examples 53.0.0
    ├── datafusion-datasource-parquet 53.0.0
    ├── datafusion-datasource-json 53.0.0
    ├── datafusion-datasource-csv 53.0.0
    ├── datafusion-datasource-avro 53.0.0
    ├── datafusion-datasource-arrow 53.0.0
    ├── datafusion-datasource 53.0.0
    ├── datafusion-common 53.0.0
    ├── datafusion-cli 53.0.0
    ├── datafusion-catalog-listing 53.0.0
    ├── datafusion-catalog 53.0.0
    ├── datafusion-benchmarks 53.0.0
    └── datafusion 53.0.0

To Reproduce

cargo audit --ignore RUSTSEC-2024-0014

Expected behavior

No response

Additional context

No response

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions