Skip to content

Security: Mitigate lancedb advisory chain (paste) #14

New issue
New issue
Open
Open
Security: Mitigate lancedb advisory chain (paste)#14
@saagar210

Description

@saagar210
saagar210
opened on Feb 22, 2026

Tracking unmaintained advisory for paste proc-macro in LanceDB/DataFusion dependency graph.

Advisories in this track:

  • RUSTSEC-2024-0436 (paste)

Current dependency chain evidence:

  • lancedb -> lance* / datafusion* -> paste

Planned mitigation path:

  1. Monitor lancedb/lance/datafusion upstream for maintained replacement.
  2. Evaluate whether vector backend feature scoping can reduce exposure without product regression.
  3. Remove waiver once dependency graph no longer includes paste.

Parent issue: #11

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions