From ae6ec4aaf3376548b9a29067854f6a5e8f8aab73 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Feb 2026 20:16:58 +0000 Subject: [PATCH 1/4] Initial plan From 2d3dba69db4362f85e59f8bdbd81b0ad2c7a989e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Feb 2026 20:22:07 +0000 Subject: [PATCH 2/4] Remove RUSTSEC-2026-0002 advisory from deny.toml ignore list Co-authored-by: wjones127 <5488879+wjones127@users.noreply.github.com> --- deny.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/deny.toml b/deny.toml index cc7cd6d6023..e799d67c437 100644 --- a/deny.toml +++ b/deny.toml @@ -87,7 +87,6 @@ ignore = [ { id = "RUSTSEC-2025-0119", reason = "`number_prefix` used by hf-hub in examples" }, { id = "RUSTSEC-2025-0134", reason = "`rustls-pemfile` unmaintained; awaiting upstream object_store/hyper-rustls migration to rustls-pki-types" }, { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained and used by tantivy"}, - { id = "RUSTSEC-2026-0002", reason = "`lru` is used by tantivy and aws-sdk-s3"}, ] # If this is true, then cargo deny will use the git executable to fetch advisory database. # If this is false, then it uses a built-in git library. From d0e1fcd9bb1976b48dca15c2cddcb503785161d9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Feb 2026 20:44:29 +0000 Subject: [PATCH 3/4] Update bytes to 1.11.1 to fix RUSTSEC-2026-0007 Co-authored-by: wjones127 <5488879+wjones127@users.noreply.github.com> --- Cargo.lock | 6 +++--- Cargo.toml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a4eda88f07c..ec844405d68 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "RustyXML" @@ -1467,9 +1467,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" [[package]] name = "bytes-utils" diff --git a/Cargo.toml b/Cargo.toml index c09782967f2..410e13d1294 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -95,7 +95,7 @@ half = { "version" = "2.1", default-features = false, features = [ ] } lance-bitpacking = { version = "=2.1.0-beta.0", path = "./rust/compression/bitpacking" } bitvec = "1" -bytes = "1.4" +bytes = "1.11.1" byteorder = "1.5" clap = { version = "4", features = ["derive"] } chrono = { version = "0.4.41", default-features = false, features = [ From 57e2f5c778c2b2059eec7188ceaa99aa07a83b73 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 3 Feb 2026 20:57:29 +0000 Subject: [PATCH 4/4] Update Python Cargo.lock for bytes 1.11.1 Co-authored-by: wjones127 <5488879+wjones127@users.noreply.github.com> --- python/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/Cargo.lock b/python/Cargo.lock index 01d00dc0034..b8a830db111 100644 --- a/python/Cargo.lock +++ b/python/Cargo.lock @@ -1215,9 +1215,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" [[package]] name = "bytes-utils"