chore(deps): Bump the cargo group across 6 directories with 15 updates by dependabot[bot] · Pull Request #4 · uniquenode/cube

dependabot · 2026-02-03T19:07:51Z

Bumps the cargo group with 9 updates in the /rust/cubestore directory:

Package	From	To
bumpalo	`3.7.0`	`3.11.1`
tokio	`1.37.0`	`1.38.2`
regex	`1.5.4`	`1.5.5`
lru	`0.6.6`	`0.7.1`
protobuf	`2.24.1`	`3.7.2`
lz4-sys	`1.9.2`	`1.11.1+lz4-1.10.0`
openssl	`0.10.66`	`0.10.75`
shlex	`1.0.0`	`1.3.0`
tracing-subscriber	`0.3.18`	`0.3.19`

Bumps the cargo group with 3 updates in the /rust/cubesqlplanner/cubesqlplanner directory: tokio, lru and ring.
Bumps the cargo group with 4 updates in the /rust/cubesqlplanner directory: tokio, lru, quinn-proto and ring.
Bumps the cargo group with 6 updates in the /rust/cubesql directory:

Package	From	To
bumpalo	`3.9.1`	`3.19.1`
tokio	`1.35.0`	`1.38.2`
lru	`0.12.1`	`0.16.3`
lexical-core	`0.8.3`	`0.8.5`
quinn-proto	`0.11.3`	`0.11.9`
ring	`0.17.8`	`0.17.14`

Bumps the cargo group with 4 updates in the /rust/cubenativeutils directory: tokio, lru, quinn-proto and ring.
Bumps the cargo group with 6 updates in the /packages/cubejs-backend-native directory:

Package	From	To
tokio	`1.35.0`	`1.38.2`
lru	`0.12.1`	`0.12.5`
quinn-proto	`0.11.3`	`0.11.9`
ring	`0.17.7`	`0.17.14`
pyo3	`0.20.0`	`0.20.3`
whoami	`1.4.1`	`1.6.1`

Updates bumpalo from 3.7.0 to 3.11.1

Changelog

Sourced from bumpalo's changelog.

3.11.1

Released 2022-10-18.

Security

Fixed a bug where when std::vec::IntoIter was ported to bumpalo::collections::vec::IntoIter, it didn't get its underlying Bump's lifetime threaded through. This meant that rustc was not checking the borrows for bumpalo::collections::IntoIter and this could result in use-after-free bugs.

3.11.0

Released 2022-08-17.

Added

Added support for per-Bump allocation limits. These are enforced only in the slow path when allocating new chunks in the Bump, not in the bump allocation hot path, and therefore impose near zero overhead.

Added the bumpalo::boxed::Box::into_inner method.

Changed

Updated to Rust 2021 edition.

The minimum supported Rust version (MSRV) is now 1.56.0.

3.10.0

Released 2022-06-01.

Added

Implement bumpalo::collections::FromIteratorIn for Option and Result, just like core does for FromIterator.

Implement bumpalo::collections::FromIteratorIn for bumpalo::boxed::Box<'a, [T]>.

Added running tests under MIRI in CI for additional confidence in unsafe code.

Publicly exposed bumpalo::collections::Vec::drain_filter since the corresponding std::vec::Vec method has stabilized.

Changed

Bump::new will not allocate a backing chunk until the first allocation inside the bump arena now.

... (truncated)

Commits

10492c6 Bump to version 3.11.1
f63d768 Merge pull request #181 from main--/vec-intoiter-fixes
8e45f75 Implement Drop for IntoIter
6e10b0f Fix unsound IntoIter implementation
6be3953 Add Cargo.lock to gitignore
cf3546a Add change log for 3.11.0
e5a75d3 Delete Cargo.lock
9f8f3b8 Merge pull request #179 from fitzgen/update-deps
abf2fed Swap comparison operands in test for readability
1b1807d Disable a quickcheck under MIRI
Additional commits viewable in compare view

Updates tokio from 1.37.0 to 1.38.2

Release notes

Sourced from tokio's releases.

Tokio v1.38.2

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

sync: synchronize clone() call in broadcast channel (#7232)

#7232: tokio-rs/tokio#7232

Tokio v1.38.1

1.38.1 (July 16th, 2024)

This release fixes the bug identified as (#6682), which caused timers not to fire when they should.

Fixed

time: update wake_up while holding all the locks of sharded time wheels (#6683)

#6682: tokio-rs/tokio#6682 #6683: tokio-rs/tokio#6683

Tokio v1.38.0

This release marks the beginning of stabilization for runtime metrics. It stabilizes RuntimeMetrics::worker_count. Future releases will continue to stabilize more metrics.

Added

fs: add File::create_new (#6573)

io: add copy_bidirectional_with_sizes (#6500)

io: implement AsyncBufRead for Join (#6449)

net: add Apple visionOS support (#6465)

net: implement Clone for NamedPipeInfo (#6586)

net: support QNX OS (#6421)

sync: add Notify::notify_last (#6520)

sync: add mpsc::Receiver::{capacity,max_capacity} (#6511)

sync: add split method to the semaphore permit (#6472, #6478)

task: add tokio::task::join_set::Builder::spawn_blocking (#6578)

wasm: support rt-multi-thread with wasm32-wasi-preview1-threads (#6510)

Changed

macros: make #[tokio::test] append #[test] at the end of the attribute list (#6497)

metrics: fix blocking_threads count (#6551)

metrics: stabilize RuntimeMetrics::worker_count (#6556)

runtime: move task out of the lifo_slot in block_in_place (#6596)

runtime: panic if global_queue_interval is zero (#6445)

sync: always drop message in destructor for oneshot receiver (#6558)

sync: instrument Semaphore for task dumps (#6499)

... (truncated)

Commits

aa303bc chore: prepare Tokio v1.38.2 release
7b6ccb5 chore: backport CI fixes
4b174ce sync: fix cloning value when receiving from broadcast channel
9681ce2 chore: make 1.38 an LTS (#6706)
14b9f71 chore: release Tokio v1.38.1 (#6688)
24344df time: fix race condition leading to lost timers (#6683)
14c17fc chore: prepare Tokio v1.38.0 (#6601)
65cbf73 chore: prepare tokio-macros v2.3.0 (#6600)
dbf93c7 sync: fix incorrect is_empty on mpsc block boundaries (#6603)
873cb8a runtime: move task out of the lifo_slot in block_in_place (#6596)
Additional commits viewable in compare view

Updates regex from 1.5.4 to 1.5.5

Changelog

Sourced from regex's changelog.

1.5.5 (2022-03-08)

This releases fixes a security bug in the regex compiler. This bug permits a vector for a denial-of-service attack in cases where the regex being compiled is untrusted. There are no known problems where the regex is itself trusted, including in cases of untrusted haystacks.

SECURITY #GHSA-m5pq-gvj9-9vr8: Fixes a bug in the regex compiler where empty sub-expressions subverted the existing mitigations in place to enforce a size limit on compiled regexes. The Rust Security Response WG published an advisory about this: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw

Commits

d130381 1.5.5
ae70b41 security: fix denial-of-service bug in compiler
b92ffd5 cargo: use SPDX license format
f6e52da syntax: fix 'unused' warnings
5197f21 fuzz: do not use inherits in Cargo.toml
3662851 doc: fix typo
63ee669 syntax/doc: fix 'their' typo
d6bc7a4 readme: remove broken badge
bd74660 fuzz: try to fix build issue
bd0a142 readme: fix badges
Additional commits viewable in compare view

Updates lru from 0.6.6 to 0.7.1

Changelog

Sourced from lru's changelog.

v0.7.1 - 2021-12-18

Fix lifetime of iterators.

v0.7.0 - 2021-09-14

Explicitly implement Borrow for String and Vec types for non-nightly.

Commits

6fbecc2 Merge pull request #122 from jeromefroe/jerome/prepare-0.7.1-release
c3b2abc Prepare 0.7.1 release
3c6fdf0 Merge pull request #121 from jeromefroe/jerome/fix-lifetimes-of-iterators
416a2d4 Fix lifetimes of iterators
09f68c6 Merge pull request #116 from jeromefroe/jerome/prepare-0.7.0-release
9e82e0a Release 0.7.0
0bf27e9 Merge pull request #115 from Dr-Emann/explicit_borrow_str_slice
075a23d Explicitly implement Borrow for String & Vec for non-nightly
See full diff in compare view

Updates protobuf from 2.24.1 to 3.7.2

Updates lz4-sys from 1.9.2 to 1.11.1+lz4-1.10.0

Changelog

Sourced from lz4-sys's changelog.

1.26.0:

Update to lz4 1.10.0

1.25.0:

Add content_size setting to Lz4FrameInfo

Add LZ4_setStreamDecode

Docs updates

1.24.0:

Update to lz4 1.9.4 (lz4-sys 1.9.4) - this fixes CVE-2021-3520, which was a security vulnerability in the core lz4 library

export the include directory of lz4 from build.rs

1.23.3 (March 5, 2022):

Update lz4 to 1.9.3

Add [de]compress_to_buffer to block API to allow reusing buffers (#16)

Windows static lib support

Support favor_dec_speed

Misc small fixes

1.23.2:

Update lz4 to 1.9.2

Remove dependency on skeptic (replace with build-dependency docmatic for README testing)

Move to Rust 2018 edition

1.23.0:

Update lz4 to v1.8.2

Add lz4 block mode api

1.22.0:

Update lz4 to v1.8.0

Remove lz4 redundant dependency to gcc #22 (thanks to Xidorn Quan)

1.21.1:

Fix always rebuild issue #21

1.21.0:

Fix smallest 11-byte stream decoding (thanks to Niklas Hambüchen)

Update lz4 to v1.7.5

1.20.0:

Split out separate sys package #16 (thanks to Thijs Cadier)

1.19.173:

Update lz4 to v1.7.3

... (truncated)

Commits

See full diff in compare view

Updates openssl from 0.10.66 to 0.10.75

Release notes

Sourced from openssl's releases.

openssl-v0.10.75

What's Changed

Fix a few typos (most of them found with codespell) by @botovq in rust-openssl/rust-openssl#2502

Use SHA256 test variant instead of SHA1 by @abbra in rust-openssl/rust-openssl#2504

pin home to an older version on MSRV CI by @alex in rust-openssl/rust-openssl#2509

Implement set_rsa_oaep_label for AWS-LC/BoringSSL by @goffrie in rust-openssl/rust-openssl#2508

sys/evp: add EVP_MAC symbols by @huwcbjones in rust-openssl/rust-openssl#2510

CI: bump LibreSSL 4.x branches to latest releases by @botovq in rust-openssl/rust-openssl#2513

Fix unsound OCSP find_status handling of optional next_update field by @alex in rust-openssl/rust-openssl#2517

Release openssl v0.10.75 and openssl-sys v0.9.111 by @alex in rust-openssl/rust-openssl#2518

New Contributors

@abbra made their first contribution in rust-openssl/rust-openssl#2504

@goffrie made their first contribution in rust-openssl/rust-openssl#2508

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.74...openssl-v0.10.75

openssl-v0.10.74

What's Changed

[AIX] use /usr to find_openssl_dir by @daltenty in rust-openssl/rust-openssl#2401

Improve support for OPENSSL_NO_COMP and OPENSSL_NO_SRTP by @justsmth in rust-openssl/rust-openssl#2423

Add aws-lc-fips feature to allow linking the aws-lc-fips-sys crate by @skmcgrail in rust-openssl/rust-openssl#2424

variety of fixes for warnings in new rust by @alex in rust-openssl/rust-openssl#2427

Some API adjustments for LibreSSL 4.2.0 by @botovq in rust-openssl/rust-openssl#2426

Update OpenSSL documentation URLs to new docs.openssl.org domain by @alex in rust-openssl/rust-openssl#2430

pkey_ctx: add ability to generate DSA params & keys by @huwcbjones in rust-openssl/rust-openssl#2432

Run tests on windows-11-arm by @saschanaz in rust-openssl/rust-openssl#2407

pkey_ctx: add ability to generate EC params & keys by @huwcbjones in rust-openssl/rust-openssl#2434

pkey_ctx: add ability to generate DH params & keys by @huwcbjones in rust-openssl/rust-openssl#2433

pkey_ctx: add ability to generate RSA keys by @huwcbjones in rust-openssl/rust-openssl#2431

expose more verifier flags/errors for libressl by @botovq in rust-openssl/rust-openssl#2441

sys/evp: set/get params bindings by @huwcbjones in rust-openssl/rust-openssl#2436

Add support for argon2d and argon2i variants by @greateggsgreg in rust-openssl/rust-openssl#2416

Bump actions/checkout from 4 to 5 by @dependabot[bot] in rust-openssl/rust-openssl#2443

Update bindgen; Update MSRV to 1.70 by @justsmth in rust-openssl/rust-openssl#2438

macros: fully qualify imports by @huwcbjones in rust-openssl/rust-openssl#2445

Disable AES-CFB128 ciphers for BoringSSL by @alebastr in rust-openssl/rust-openssl#2447

Fix missing "__off_t" on NetBSD 10 by @alebastr in rust-openssl/rust-openssl#2448

ML-KEM/ML-DSA part 1: openssl-sys changes by @swenson in rust-openssl/rust-openssl#2450

sys: add symbols to construct an EVP_PKEY from a param builder by @huwcbjones in rust-openssl/rust-openssl#2453

ec-point: add set_affine_coordinates by @huwcbjones in rust-openssl/rust-openssl#2455

openssl-sys: add more functions to replace non-deprecated ones by @huwcbjones in rust-openssl/rust-openssl#2457

ML-KEM/ML-DSA part 2: param builder by @swenson in rust-openssl/rust-openssl#2451

ML-KEM/ML-DSA part 3: param array locate octet string by @swenson in rust-openssl/rust-openssl#2458

sys: add encoder & decoder symbols by @huwcbjones in rust-openssl/rust-openssl#2454

Add bindings for SSL_CIPHER_get_protocol_id by @jedenastka in rust-openssl/rust-openssl#2462

sys/evp: add EVP_PKEY_eq and EVP_PKEY_parameters_eq by @huwcbjones in rust-openssl/rust-openssl#2463

openssl-sys: make it work without deprecated symbols by @huwcbjones in rust-openssl/rust-openssl#2452

drop old libressl versions by @botovq in rust-openssl/rust-openssl#2473

Remove support for LibreSSL < 2.8 by @botovq in rust-openssl/rust-openssl#2475

... (truncated)

Commits

09b90d0 Merge pull request #2518 from alex/bump-for-release
26533f3 Release openssl v0.10.75 and openssl-sys v0.9.111
395ecca Merge pull request #2517 from alex/claude/fix-ocsp-find-status-011CUqcGFNKeKJ...
cc26867 Fix unsound OCSP find_status handling of optional next_update field
95aa8e8 Merge pull request #2513 from botovq/libressl-stable
e735a32 CI: bump LibreSSL 4.x branches to latest releases
21ab91d Merge pull request #2510 from huwcbjones/huw/sys/evp-mac
d9161dc sys/evp: add EVP_MAC symbols
3fd4bf2 Merge pull request #2508 from goffrie/oaep-label
52022fd Implement set_rsa_oaep_label for AWS-LC/BoringSSL
Additional commits viewable in compare view

Updates shlex from 1.0.0 to 1.3.0

Changelog

Sourced from shlex's changelog.

1.3.0

Full fix for the high-severity security vulnerability RUSTSEC-2024-0006 a.k.a. GHSA-r7qv-8r2h-pg27:

Deprecates quote APIs in favor of try_ equivalents that complain about nul bytes.

Also adds a builder API, which allows re-enabling nul bytes without using the deprecated interface, and in the future can allow other things (as discussed in quoting_warning).

Adds documentation about various security risks that remain, particularly with interactive shells.

Adds explicit MSRV of 1.46.0.

1.2.1

Partial fix for the high-severity security vulnerability RUSTSEC-2024-0006 a.k.a. GHSA-r7qv-8r2h-pg27 without bumping MSRV:

The bytes { and \xa0 are now escaped by quoting functions.

1.2.0

Adds bytes module to support operating directly on byte strings.

1.1.0

Adds the std feature (enabled by default).

Disabling the std feature makes the crate work in #![no_std] mode, assuming presence of the alloc crate.

Commits

4a0724b Address security issues involving quote API
4c53044 Minimal fix for the high-severity issue without bumping MSRV
fde8a71 Version bump
f44b62e Merge pull request #15 from danielparks/bytes
0c786d4 Implement Shlex with bytes::Shlex.
879d212 Add support for operating on byte strings
aa2d6e3 Merge pull request #14 from atouchet/badge
18d1dae Fix CI badge
6064b48 Merge pull request #11 from adetaylor/fuzz
6480b2c Adding fuzzers for unsafe code.
Additional commits viewable in compare view

Updates tracing-subscriber from 0.3.18 to 0.3.19

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.19

[ [crates.io][crate-0.3.19] ] | [ [docs.rs][docs-0.3.19] ]

This release updates the tracing dependency to [v0.1.41][tracing-0.1.41] and the tracing-serde dependency to [v0.2.0][tracing-serde-0.2.0].

Added

Add set_span_events to fmt::Subscriber (#2962)

tracing: Allow &[u8] to be recorded as event/span field (#2954)

Changed

Set log max level when reloading (#1270)

Bump MSRV to 1.63 (#2793)

Use const thread_locals when possible (#2838)

Don't gate with_ansi() on the "ansi" feature (#3020)

Updated tracing-serde to 0.2.0 (#3160)

#1270: tokio-rs/tracing#1270 #2793: tokio-rs/tracing#2793 #2838: tokio-rs/tracing#2838 #2954: tokio-rs/tracing#2954 #2962: tokio-rs/tracing#2962 #3020: tokio-rs/tracing#3020 #3160: tokio-rs/tracing#3160 [tracing-0.1.41]: https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.41 [tracing-serde-0.2.0]: https://github.com/tokio-rs/tracing/releases/tag/tracing-serde-0.2.0 [docs-0.3.19]: https://docs.rs/tracing-subscriber/0.3.19/tracing_subscriber/ [crate-0.3.19]: https://crates.io/crates/tracing-subscriber/0.3.19

Commits

311c313 chore: prepare tracing-subscriber 0.3.19 (#3162)
35f360a chore: fix new Clippy lints in Rust 1.83.0 (#3165)
c66a692 chore: prepare tracing-serde 0.2.0 (#3160)
0ca7887 chore: prepare tracing 0.1.41 (#3159)
504a287 tracing: update core to v0.1.33 and attributes to v0.1.28 (#3156)
baa5489 chore: prepare tracing-attributes 0.1.28 (#3155)
cb0f0e7 chore: prepare tracing-core 0.1.33 (#3153)
11c8273 subscriber: don't gate with_ansi() on the "ansi" feature (#3020)
8a25a16 core: fix missed register_callsite error (#2938)
6f08af0 subscriber: set log max level when reloading (#1270)
Additional commits viewable in compare view

Updates tokio from 1.38.0 to 1.38.2

Release notes

Sourced from tokio's releases.

Tokio v1.38.2

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

sync: synchronize clone() call in broadcast channel (#7232)

#7232: tokio-rs/tokio#7232

Tokio v1.38.1

1.38.1 (July 16th, 2024)

This release fixes the bug identified as (#6682), which caused timers not to fire when they should.

Fixed

time: update wake_up while holding all the locks of sharded time wheels (#6683)

#6682: tokio-rs/tokio#6682 #6683: tokio-rs/tokio#6683

Tokio v1.38.0

This release marks the beginning of stabilization for runtime metrics. It stabilizes RuntimeMetrics::worker_count. Future releases will continue to stabilize more metrics.

Added

fs: add File::create_new (#6573)

io: add copy_bidirectional_with_sizes (#6500)

io: implement AsyncBufRead for Join (#6449)

net: add Apple visionOS support (#6465)

net: implement Clone for NamedPipeInfo (#6586)

net: support QNX OS (#6421)

sync: add Notify::notify_last (#6520)

sync: add mpsc::Receiver::{capacity,max_capacity} (#6511)

sync: add split method to the semaphore permit (#6472, #6478)

task: add tokio::task::join_set::Builder::spawn_blocking (#6578)

wasm: support rt-multi-thread with wasm32-wasi-preview1-threads (#6510)

Changed

macros: make #[tokio::test] append #[test] at the end of the attribute list (#6497)

metrics: fix blocking_threads count (#6551)

metrics: stabilize RuntimeMetrics::worker_count (#6556)

runtime: move task out of the lifo_slot in block_in_place (#6596)

runtime: panic if global_queue_interval is zero (#6445)

sync: always drop message in destructor for oneshot receiver (#6558)

sync: instrument Semaphore for task dumps (#6499)

... (truncated)

Commits

aa303bc chore: prepare Tokio v1.38.2 release
7b6ccb5 chore: backport CI fixes
4b174ce sync: fix cloning value when receiving from broadcast channel
9681ce2 chore: make 1.38 an LTS (#6706)
14b9f71 chore: release Tokio v1.38.1 (#6688)
24344df time: fix race condition leading to lost timers (#6683)
14c17fc chore: prepare Tokio v1.38.0 (#6601)
65cbf73 chore: prepare tokio-macros v2.3.0 (#6600)
dbf93c7 sync: fix incorrect is_empty on mpsc block boundaries (#6603)
873cb8a runtime: move task out of the lifo_slot in block_in_place (#6596)
Additional commits viewable in compare view

Updates flatbuffers from 2.1.1 to 2.1.2

Commits

See full diff in compare view

Updates lru from 0.12.3 to 0.12.5

Changelog

Sourced from lru's changelog.

v0.7.1 - 2021-12-18

Fix lifetime of iterators.

v0.7.0 - 2021-09-14

Explicitly implement Borrow for String and Vec types for non-nightly.

Commits

6fbecc2 Merge pull request #122 from jeromefroe/jerome/prepare-0.7.1-release
c3b2abc Prepare 0.7.1 release
3c6fdf0 Merge pull request #121 from jeromefroe/jerome/fix-lifetimes-of-iterators
416a2d4 Fix lifetimes of iterators
09f68c6 Merge pull request #116 from jeromefroe/jerome/prepare-0.7.0-release
9e82e0a Release 0.7.0
0bf27e9 Merge pull request #115 from Dr-Emann/explicit_borrow_str_slice
075a23d Explicitly implement Borrow for String & Vec for non-nightly
See full diff in compare view

Updates ring from 0.17.8 to 0.17.14

Changelog

Sourced from ring's changelog.

Version 0.17.14 (2025-03-11)

Fixed a performance bug in the AVX2-based AES-GCM implementation added in ring 0.17.13. This will be another notable performance improvement for most newish x86-64 systems. The performance issue impacted not just AES-GCM.

Compatibility with GNU binutils 2.29 (used on Amazon Linux 2), and probably even earlier versions, was restored. It is expected that ring 0.17.14 will build on all the systems that 0.17.12 would build on.

Version 0.17.13 (2025-03-06)

Increased MSRV to 1.66.0 to avoid bugs in earlier versions so that we can safely use core::arch::x86_64::__cpuid and core::arch::x86::__cpuid from Rust in future releases.

AVX2-based VAES-CLMUL implementation. This will be a notable performance improvement for most newish x86-64 systems. This will likely raise the minimum binutils version supported for very old Linux distros.

Version 0.17.12 (2025-03-05)

Bug fix: briansmith/ring#2447 for denial of service (DoS).

Fixes a panic in ring::aead::quic::HeaderProtectionKey::new_mask() when integer overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

Fixes a panic on 64-bit targets in ring::aead::{AES_128_GCM, AES_256_GCM} when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

Commits

See full diff in compare view

Updates tokio from 1.38.0 to 1.38.2

Release notes

Sourced from tokio's releases.

Tokio v1.38.2

This release fixes a soundness issue in the broadcast channel. The channel accepts values that are Send but !Sync. Previously, the channel called clone() on these values without synchronizing. This release fixes the channel by synchronizing calls to .clone() (Thanks Austin Bonander for finding and reporting the issue).

Fixed

sync: synchronize clone() call in broadcast channel (#7232)

#7232: tokio-rs/tokio#7232

Tokio v1.38.1

1.38.1 (July 16th, 2024)

This release fixes the bug identified as (#6682), which caused timers not to fire when they should.

Fixed

time: update wake_up while holding all the locks of sharded time wheels (#6683)

#6682: tokio-rs/tokio#6682 #6683: tokio-rs/tokio#6683

Tokio v1.38.0

This release marks the beginning of stabilization for runtime metrics. It stabilizes RuntimeMetrics::worker_count. Future releases will continue to stabilize more metrics.

Added

fs: add File::create_new (#6573)

io: add copy_bidirectional_with_sizes (#6500)

io: implement AsyncBufRead for Join (#6449)

net: add Apple visionOS support (#6465)

net: implement Clone for NamedPipeInfo (#6586)

net: support QNX OS (#6421)

sync: add Notify::notify_last (#6520)

sync: add mpsc::Receiver::{capacity,max_capacity} (#6511)

sync: add split method to the semaphore permit (#6472, #6478)

task: add tokio::task::join_set::Builder::spawn_blocking (#6578)

wasm: support rt-multi-thread with wasm32-wasi-preview1-threads (#6510)

Changed

macros: make #[tokio::test] append #[test] at the end of the attribute list (#6497)

metrics: fix blocking_threads count (#6551)

metrics: stabilize RuntimeMetrics::worker_count (#6556)

runtime: move task out of the lifo_slot in block_in_place (#6596)

runtime: panic if global_queue_interval is zero (#6445)

sync: always drop message in destructor for oneshot receiver (#6558)

sync: instrument Semaphore for task dumps (#6499)

... (truncated)

Commits

aa303bc chore: prepare Tokio v1.38.2 release
7b6ccb5 chore: backport CI fixes
4b174ce sync: fix cloning value when receiving from broadcast channel
9681ce2 chore: make 1.38 an LTS (#6706)
14b9f71 chore: release Tokio v1.38.1 (#6688)
24344df time: fix race condition leading to lost timers (#6683)
14c17fc chore: prepare Tokio v1.38.0 (#6601)
65cbf73 chore: prepare tokio-macros v2.3.0 (#6600)
dbf93c7 sync: fix incorrect is_empty on mpsc block boundaries (#6603)
873cb8a runtime: move task out of the lifo_slot in block_in_place (#6596)
Additional commits viewable in compare view

Updates lru from 0.12.3 to 0.12.5

Changelog

Sourced from lru's changelog.

v0.7.1 - 2021-12-18

Fix lifetime of iterators.

v0.7.0 - 2021-09-14

Explicitly implement Borrow for String and Vec types for non-nightly.

Commits

6fbecc2 Merge pull request #122 from jeromefroe/jerome/prepare-0.7.1-release
c3b2abc Prepare 0.7.1 release
3c6fdf0 Merge pull request #121 from jeromefroe/jerome/fix-lifetimes-of-iterators
416a2d4 Fix lifetimes of iterators
09f68c6 Merge pull request #116 from jeromefroe/jerome/prepare-0.7.0-release
9e82e0a Release 0.7.0
0bf27e9Description has been truncated

Bumps the cargo group with 9 updates in the /rust/cubestore directory: | Package | From | To | | --- | --- | --- | | [bumpalo](https://github.com/fitzgen/bumpalo) | `3.7.0` | `3.11.1` | | [tokio](https://github.com/tokio-rs/tokio) | `1.37.0` | `1.38.2` | | [regex](https://github.com/rust-lang/regex) | `1.5.4` | `1.5.5` | | [lru](https://github.com/jeromefroe/lru-rs) | `0.6.6` | `0.7.1` | | protobuf | `2.24.1` | `3.7.2` | | [lz4-sys](https://github.com/10xGenomics/lz4-rs) | `1.9.2` | `1.11.1+lz4-1.10.0` | | [openssl](https://github.com/rust-openssl/rust-openssl) | `0.10.66` | `0.10.75` | | [shlex](https://github.com/comex/rust-shlex) | `1.0.0` | `1.3.0` | | [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.18` | `0.3.19` | Bumps the cargo group with 3 updates in the /rust/cubesqlplanner/cubesqlplanner directory: [tokio](https://github.com/tokio-rs/tokio), [lru](https://github.com/jeromefroe/lru-rs) and [ring](https://github.com/briansmith/ring). Bumps the cargo group with 4 updates in the /rust/cubesqlplanner directory: [tokio](https://github.com/tokio-rs/tokio), [lru](https://github.com/jeromefroe/lru-rs), [quinn-proto](https://github.com/quinn-rs/quinn) and [ring](https://github.com/briansmith/ring). Bumps the cargo group with 6 updates in the /rust/cubesql directory: | Package | From | To | | --- | --- | --- | | [bumpalo](https://github.com/fitzgen/bumpalo) | `3.9.1` | `3.19.1` | | [tokio](https://github.com/tokio-rs/tokio) | `1.35.0` | `1.38.2` | | [lru](https://github.com/jeromefroe/lru-rs) | `0.12.1` | `0.16.3` | | [lexical-core](https://github.com/Alexhuszagh/rust-lexical) | `0.8.3` | `0.8.5` | | [quinn-proto](https://github.com/quinn-rs/quinn) | `0.11.3` | `0.11.9` | | [ring](https://github.com/briansmith/ring) | `0.17.8` | `0.17.14` | Bumps the cargo group with 4 updates in the /rust/cubenativeutils directory: [tokio](https://github.com/tokio-rs/tokio), [lru](https://github.com/jeromefroe/lru-rs), [quinn-proto](https://github.com/quinn-rs/quinn) and [ring](https://github.com/briansmith/ring). Bumps the cargo group with 6 updates in the /packages/cubejs-backend-native directory: | Package | From | To | | --- | --- | --- | | [tokio](https://github.com/tokio-rs/tokio) | `1.35.0` | `1.38.2` | | [lru](https://github.com/jeromefroe/lru-rs) | `0.12.1` | `0.12.5` | | [quinn-proto](https://github.com/quinn-rs/quinn) | `0.11.3` | `0.11.9` | | [ring](https://github.com/briansmith/ring) | `0.17.7` | `0.17.14` | | [pyo3](https://github.com/pyo3/pyo3) | `0.20.0` | `0.20.3` | | [whoami](https://github.com/ardaku/whoami) | `1.4.1` | `1.6.1` | Updates `bumpalo` from 3.7.0 to 3.11.1 - [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md) - [Commits](fitzgen/bumpalo@3.7.0...3.11.1) Updates `tokio` from 1.37.0 to 1.38.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.2) Updates `regex` from 1.5.4 to 1.5.5 - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](rust-lang/regex@1.5.4...1.5.5) Updates `lru` from 0.6.6 to 0.7.1 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.6.6...0.7.1) Updates `protobuf` from 2.24.1 to 3.7.2 Updates `lz4-sys` from 1.9.2 to 1.11.1+lz4-1.10.0 - [Release notes](https://github.com/10xGenomics/lz4-rs/releases) - [Changelog](https://github.com/10XGenomics/lz4-rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/10xGenomics/lz4-rs/commits) Updates `openssl` from 0.10.66 to 0.10.75 - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](rust-openssl/rust-openssl@openssl-v0.10.66...openssl-v0.10.75) Updates `shlex` from 1.0.0 to 1.3.0 - [Changelog](https://github.com/comex/rust-shlex/blob/master/CHANGELOG.md) - [Commits](comex/rust-shlex@1.0.0...1.3.0) Updates `tracing-subscriber` from 0.3.18 to 0.3.19 - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](tokio-rs/tracing@tracing-subscriber-0.3.18...tracing-subscriber-0.3.19) Updates `tokio` from 1.38.0 to 1.38.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.2) Updates `flatbuffers` from 2.1.1 to 2.1.2 - [Release notes](https://github.com/google/flatbuffers/releases) - [Changelog](https://github.com/google/flatbuffers/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/flatbuffers/commits) Updates `lru` from 0.12.3 to 0.12.5 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.6.6...0.7.1) Updates `ring` from 0.17.8 to 0.17.14 - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) Updates `tokio` from 1.38.0 to 1.38.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.2) Updates `lru` from 0.12.3 to 0.12.5 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.6.6...0.7.1) Updates `quinn-proto` from 0.11.3 to 0.11.9 - [Release notes](https://github.com/quinn-rs/quinn/releases) - [Commits](quinn-rs/quinn@quinn-proto-0.11.3...quinn-proto-0.11.9) Updates `ring` from 0.17.8 to 0.17.14 - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) Updates `bumpalo` from 3.9.1 to 3.19.1 - [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md) - [Commits](fitzgen/bumpalo@3.7.0...3.11.1) Updates `tokio` from 1.35.0 to 1.38.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.2) Updates `lru` from 0.12.1 to 0.16.3 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.6.6...0.7.1) Updates `lexical-core` from 0.8.3 to 0.8.5 - [Release notes](https://github.com/Alexhuszagh/rust-lexical/releases) - [Changelog](https://github.com/Alexhuszagh/rust-lexical/blob/main/CHANGELOG) - [Commits](Alexhuszagh/rust-lexical@v0.8.3...v0.8.5) Updates `quinn-proto` from 0.11.3 to 0.11.9 - [Release notes](https://github.com/quinn-rs/quinn/releases) - [Commits](quinn-rs/quinn@quinn-proto-0.11.3...quinn-proto-0.11.9) Updates `ring` from 0.17.8 to 0.17.14 - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) Updates `tokio` from 1.38.0 to 1.38.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.2) Updates `lru` from 0.12.3 to 0.12.5 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.6.6...0.7.1) Updates `quinn-proto` from 0.11.3 to 0.11.9 - [Release notes](https://github.com/quinn-rs/quinn/releases) - [Commits](quinn-rs/quinn@quinn-proto-0.11.3...quinn-proto-0.11.9) Updates `ring` from 0.17.8 to 0.17.14 - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) Updates `tokio` from 1.35.0 to 1.38.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.2) Updates `lru` from 0.12.1 to 0.12.5 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](jeromefroe/lru-rs@0.6.6...0.7.1) Updates `quinn-proto` from 0.11.3 to 0.11.9 - [Release notes](https://github.com/quinn-rs/quinn/releases) - [Commits](quinn-rs/quinn@quinn-proto-0.11.3...quinn-proto-0.11.9) Updates `ring` from 0.17.7 to 0.17.14 - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) Updates `pyo3` from 0.20.0 to 0.20.3 - [Release notes](https://github.com/pyo3/pyo3/releases) - [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md) - [Commits](PyO3/pyo3@v0.20.0...v0.20.3) Updates `whoami` from 1.4.1 to 1.6.1 - [Release notes](https://github.com/ardaku/whoami/releases) - [Commits](https://github.com/ardaku/whoami/commits) --- updated-dependencies: - dependency-name: bumpalo dependency-version: 3.11.1 dependency-type: direct:production dependency-group: cargo - dependency-name: tokio dependency-version: 1.38.2 dependency-type: direct:production dependency-group: cargo - dependency-name: regex dependency-version: 1.5.5 dependency-type: direct:production dependency-group: cargo - dependency-name: lru dependency-version: 0.7.1 dependency-type: direct:production dependency-group: cargo - dependency-name: protobuf dependency-version: 3.7.2 dependency-type: direct:production dependency-group: cargo - dependency-name: lz4-sys dependency-version: 1.11.1+lz4-1.10.0 dependency-type: indirect dependency-group: cargo - dependency-name: openssl dependency-version: 0.10.75 dependency-type: indirect dependency-group: cargo - dependency-name: shlex dependency-version: 1.3.0 dependency-type: indirect dependency-group: cargo - dependency-name: tracing-subscriber dependency-version: 0.3.19 dependency-type: indirect dependency-group: cargo - dependency-name: tokio dependency-version: 1.38.2 dependency-type: direct:production dependency-group: cargo - dependency-name: flatbuffers dependency-version: 2.1.2 dependency-type: indirect dependency-group: cargo - dependency-name: lru dependency-version: 0.12.5 dependency-type: indirect dependency-group: cargo - dependency-name: ring dependency-version: 0.17.14 dependency-type: indirect dependency-group: cargo - dependency-name: tokio dependency-version: 1.38.2 dependency-type: direct:production dependency-group: cargo - dependency-name: lru dependency-version: 0.12.5 dependency-type: indirect dependency-group: cargo - dependency-name: quinn-proto dependency-version: 0.11.9 dependency-type: indirect dependency-group: cargo - dependency-name: ring dependency-version: 0.17.14 dependency-type: indirect dependency-group: cargo - dependency-name: bumpalo dependency-version: 3.19.1 dependency-type: indirect dependency-group: cargo - dependency-name: tokio dependency-version: 1.38.2 dependency-type: direct:production dependency-group: cargo - dependency-name: lru dependency-version: 0.16.3 dependency-type: direct:production dependency-group: cargo - dependency-name: lexical-core dependency-version: 0.8.5 dependency-type: indirect dependency-group: cargo - dependency-name: quinn-proto dependency-version: 0.11.9 dependency-type: indirect dependency-group: cargo - dependency-name: ring dependency-version: 0.17.14 dependency-type: indirect dependency-group: cargo - dependency-name: tokio dependency-version: 1.38.2 dependency-type: direct:production dependency-group: cargo - dependency-name: lru dependency-version: 0.12.5 dependency-type: indirect dependency-group: cargo - dependency-name: quinn-proto dependency-version: 0.11.9 dependency-type: indirect dependency-group: cargo - dependency-name: ring dependency-version: 0.17.14 dependency-type: indirect dependency-group: cargo - dependency-name: tokio dependency-version: 1.38.2 dependency-type: direct:production dependency-group: cargo - dependency-name: lru dependency-version: 0.12.5 dependency-type: indirect dependency-group: cargo - dependency-name: quinn-proto dependency-version: 0.11.9 dependency-type: indirect dependency-group: cargo - dependency-name: ring dependency-version: 0.17.14 dependency-type: indirect dependency-group: cargo - dependency-name: pyo3 dependency-version: 0.20.3 dependency-type: direct:production dependency-group: cargo - dependency-name: whoami dependency-version: 1.6.1 dependency-type: indirect dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Feb 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the cargo group across 6 directories with 15 updates#4

chore(deps): Bump the cargo group across 6 directories with 15 updates#4
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/rust/cubestore/cargo-80e7600485

dependabot bot commented on behalf of github Feb 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 3, 2026

3.11.1

Security

3.11.0

Added

Changed

3.10.0

Added

Changed

Tokio v1.38.2

Fixed

Tokio v1.38.1

1.38.1 (July 16th, 2024)

Fixed

Tokio v1.38.0

Added

Changed

1.5.5 (2022-03-08)

v0.7.1 - 2021-12-18

v0.7.0 - 2021-09-14

openssl-v0.10.75

What's Changed

New Contributors

openssl-v0.10.74

What's Changed

1.3.0

1.2.1

1.2.0

1.1.0

tracing-subscriber 0.3.19

Added

Changed

Tokio v1.38.2

Fixed

Tokio v1.38.1

1.38.1 (July 16th, 2024)

Fixed

Tokio v1.38.0

Added

Changed

v0.7.1 - 2021-12-18

v0.7.0 - 2021-09-14

Version 0.17.14 (2025-03-11)

Version 0.17.13 (2025-03-06)

Version 0.17.12 (2025-03-05)

Tokio v1.38.2

Fixed

Tokio v1.38.1

1.38.1 (July 16th, 2024)

Fixed

Tokio v1.38.0

Added

Changed

v0.7.1 - 2021-12-18

v0.7.0 - 2021-09-14

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants