Skip to content

chore: update testcontainers and astral-tokio-tar for cargo audit#21114

Merged
alamb merged 2 commits intoapache:mainfrom
getChan:audit/fix-rustsec-2026-0066
Mar 24, 2026
Merged

chore: update testcontainers and astral-tokio-tar for cargo audit#21114
alamb merged 2 commits intoapache:mainfrom
getChan:audit/fix-rustsec-2026-0066

Conversation

@getChan
Copy link
Copy Markdown
Contributor

@getChan getChan commented Mar 23, 2026
edited
Loading

Which issue does this PR close?

  • N/A

Rationale for this change

cargo audit --ignore RUSTSEC-2024-0014 started failing due to RUSTSEC-2026-0066 in astral-tokio-tar 0.5.6, which was pulled in transitively through testcontainers.

As a result, the Security audit GitHub Actions workflow is currently failing on this dependency resolution.

This change only updates Cargo.lock because the existing version requirements in Cargo.toml already allow a safe resolution. Re-resolving the lockfile is enough to move from testcontainers 0.27.1 to 0.27.2, which in turn updates astral-tokio-tar from 0.5.6 to 0.6.0.

What changes are included in this PR?

  • Updated Cargo.lock
  • Resolved testcontainers from 0.27.1 to 0.27.2
  • Updated transitive astral-tokio-tar from 0.5.6 to 0.6.0

Are these changes tested?

Yes.

  • cargo test -p datafusion-cli
  • cargo audit --ignore RUSTSEC-2024-0014

Are there any user-facing changes?

No.

This PR was created with the help of a coding agent.

@getChan getChan changed the title chore: update lockfile to resolve cargo audit failure chore: update testcontainers lockfile for cargo audit Mar 23, 2026
alamb
alamb approved these changes Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@alamb alamb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me -- thank you @getChan

@alamb alamb changed the title chore: update testcontainers lockfile for cargo audit chore: update testcontainers and astral-tokio-tar for cargo audit Mar 24, 2026
@alamb alamb added this pull request to the merge queue Mar 24, 2026
Merged via the queue into apache:main with commit dc9098e Mar 24, 2026
35 checks passed
@alamb alamb mentioned this pull request Apr 6, 2026
Merged
alamb added a commit that referenced this pull request Apr 7, 2026
@alamb
[branch-52] chore: update deps for cargo audit (#21415)
76e21d3 
- Part of #21078

This PR Backports the dependency updates below to branch-52 to get a
clean `cargo audit` CI run:
- #20407
- #20471
- #21089
- #21114 to branch-52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alamb alamb alamb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@getChan @alamb