Upgrade `regex` dependency #1874

martin-g · 2022-06-14T12:15:58Z

Describe the bug

Arrow currently uses regex = 1.3:

Line 49 in cedaf8a

regex = "1.3"

There is a security vulnerability in all versions older than 1.5.4 - https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html

To Reproduce

N/A

Expected behavior

Use a version that is not vulnerable

Additional context

N/A

The text was updated successfully, but these errors were encountered:

martin-g · 2022-06-14T12:16:07Z

PR is coming!

Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>

martin-g added the bug label Jun 14, 2022

martin-g added a commit to martin-g/arrow-rs that referenced this issue Jun 14, 2022

Fixes apache#1874 - Upgrade regex dependency to 1.5.6

413f393

Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>

martin-g mentioned this issue Jun 14, 2022

Fixes #1874 - Upgrade regex dependency to 1.5.6 #1875

Merged

tustvold closed this as completed in #1875 Jun 14, 2022

tustvold pushed a commit that referenced this issue Jun 14, 2022

Fixes #1874 - Upgrade regex dependency to 1.5.6 (#1875)

5683ee9

Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>

alamb changed the title ~~Upgrade regex dependency to latest~~ Upgrade regex dependency Jun 23, 2022

alamb added arrow Changes to the arrow crate security labels Jun 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade `regex` dependency #1874

Upgrade `regex` dependency #1874

martin-g commented Jun 14, 2022

martin-g commented Jun 14, 2022

Upgrade regex dependency #1874

Upgrade regex dependency #1874

Comments

martin-g commented Jun 14, 2022

martin-g commented Jun 14, 2022

Upgrade `regex` dependency #1874

Upgrade `regex` dependency #1874