chore(deps): bump the prod-deps group across 1 directory with 5 updates by dependabot[bot] · Pull Request #451 · ToucanToco/fastexcel

dependabot · 2026-02-09T10:21:26Z

Bumps the prod-deps group with 4 updates in the / directory: arrow-array, arrow-pyarrow, calamine and anyhow.

Updates arrow-array from 57.2.0 to 57.3.0

Release notes

arrow 57.3.0

Changelog

57.3.0 (2026-02-02)

Full Changelog

Breaking changes:

Revert "Seal Array trait", mark Array as unsafe #9313 (alamb, gabotechs)

Mark BufferBuilder::new_from_buffer as unsafe #9312 (alamb, Jefffrey)

Fixed bugs:

Fix string array equality when the values buffer is the same and only the offsets to access it differ #9330 (alamb, jhorstmann)

Ensure BufferBuilder::truncate doesn't overset length #9311 (alamb, Jefffrey)

[parquet] Provide only encrypted column stats in plaintext footer #9310 (alamb, rok, adamreeve)

[regression] Error with adaptive predicate pushdown: "Invalid offset …" #9309 (alamb, erratic-pattern, sdf-jkl)

Changelog

Sourced from arrow-array's changelog.

57.3.0 (2026-02-02)

Full Changelog

Breaking changes:

Revert "Seal Array trait", mark Array as unsafe #9313 (alamb, gabotechs)

Mark BufferBuilder::new_from_buffer as unsafe #9312 (alamb, Jefffrey)

Fixed bugs:

Fix string array equality when the values buffer is the same and only the offsets to access it differ #9330 (alamb, jhorstmann)

Ensure BufferBuilder::truncate doesn't overset length #9311 (alamb, Jefffrey)

[parquet] Provide only encrypted column stats in plaintext footer #9310 (alamb, rok, adamreeve)

[regression] Error with adaptive predicate pushdown: "Invalid offset …" #9309 (alamb, erratic-pattern, sdf-jkl)

Commits

7505005 [57_maintenance] Update version to 57.3.0, add changelog (#9333)
6bbfb99 [maintenance_57] Fix string array equality when the values buffer is the same...
505eb8e [57_maintenance] Revert "Seal Array trait (#9092)", mark Array as unsafe ...
74cf914 [57_maintenance] Mark BufferBuilder::new_from_buffer as unsafe (#9292) (#9312)
25cc1ac [57_maintenance] fix: ensure BufferBuilder::truncate doesn't overset length...
9fc2fbb [57_maintenance[Parquet] Provide only encrypted column stats in plaintext foo...
3df3157 [57_maintenance] [regression] Error with adaptive predicate pushdown: "Invali...
See full diff in compare view

Updates arrow-pyarrow from 57.2.0 to 57.3.0

Release notes

Sourced from arrow-pyarrow's releases.

arrow 57.3.0

Changelog

57.3.0 (2026-02-02)

Full Changelog

Breaking changes:

Revert "Seal Array trait", mark Array as unsafe #9313 (alamb, gabotechs)

Mark BufferBuilder::new_from_buffer as unsafe #9312 (alamb, Jefffrey)

Fixed bugs:

Fix string array equality when the values buffer is the same and only the offsets to access it differ #9330 (alamb, jhorstmann)

Ensure BufferBuilder::truncate doesn't overset length #9311 (alamb, Jefffrey)

[parquet] Provide only encrypted column stats in plaintext footer #9310 (alamb, rok, adamreeve)

[regression] Error with adaptive predicate pushdown: "Invalid offset …" #9309 (alamb, erratic-pattern, sdf-jkl)

Changelog

Sourced from arrow-pyarrow's changelog.

57.3.0 (2026-02-02)

Full Changelog

Breaking changes:

Revert "Seal Array trait", mark Array as unsafe #9313 (alamb, gabotechs)

Mark BufferBuilder::new_from_buffer as unsafe #9312 (alamb, Jefffrey)

Fixed bugs:

Fix string array equality when the values buffer is the same and only the offsets to access it differ #9330 (alamb, jhorstmann)

Ensure BufferBuilder::truncate doesn't overset length #9311 (alamb, Jefffrey)

[parquet] Provide only encrypted column stats in plaintext footer #9310 (alamb, rok, adamreeve)

[regression] Error with adaptive predicate pushdown: "Invalid offset …" #9309 (alamb, erratic-pattern, sdf-jkl)

Commits

7505005 [57_maintenance] Update version to 57.3.0, add changelog (#9333)
6bbfb99 [maintenance_57] Fix string array equality when the values buffer is the same...
505eb8e [57_maintenance] Revert "Seal Array trait (#9092)", mark Array as unsafe ...
74cf914 [57_maintenance] Mark BufferBuilder::new_from_buffer as unsafe (#9292) (#9312)
25cc1ac [57_maintenance] fix: ensure BufferBuilder::truncate doesn't overset length...
9fc2fbb [57_maintenance[Parquet] Provide only encrypted column stats in plaintext foo...
3df3157 [57_maintenance] [regression] Error with adaptive predicate pushdown: "Invali...
See full diff in compare view

Updates arrow-schema from 57.2.0 to 57.3.0

Release notes

Sourced from arrow-schema's releases.

arrow 57.3.0

Changelog

57.3.0 (2026-02-02)

Full Changelog

Breaking changes:

Revert "Seal Array trait", mark Array as unsafe #9313 (alamb, gabotechs)

Mark BufferBuilder::new_from_buffer as unsafe #9312 (alamb, Jefffrey)

Fixed bugs:

Fix string array equality when the values buffer is the same and only the offsets to access it differ #9330 (alamb, jhorstmann)

Ensure BufferBuilder::truncate doesn't overset length #9311 (alamb, Jefffrey)

[parquet] Provide only encrypted column stats in plaintext footer #9310 (alamb, rok, adamreeve)

[regression] Error with adaptive predicate pushdown: "Invalid offset …" #9309 (alamb, erratic-pattern, sdf-jkl)

Changelog

Sourced from arrow-schema's changelog.

57.3.0 (2026-02-02)

Full Changelog

Breaking changes:

Revert "Seal Array trait", mark Array as unsafe #9313 (alamb, gabotechs)

Mark BufferBuilder::new_from_buffer as unsafe #9312 (alamb, Jefffrey)

Fixed bugs:

Fix string array equality when the values buffer is the same and only the offsets to access it differ #9330 (alamb, jhorstmann)

Ensure BufferBuilder::truncate doesn't overset length #9311 (alamb, Jefffrey)

[parquet] Provide only encrypted column stats in plaintext footer #9310 (alamb, rok, adamreeve)

[regression] Error with adaptive predicate pushdown: "Invalid offset …" #9309 (alamb, erratic-pattern, sdf-jkl)

Commits

7505005 [57_maintenance] Update version to 57.3.0, add changelog (#9333)
6bbfb99 [maintenance_57] Fix string array equality when the values buffer is the same...
505eb8e [57_maintenance] Revert "Seal Array trait (#9092)", mark Array as unsafe ...
74cf914 [57_maintenance] Mark BufferBuilder::new_from_buffer as unsafe (#9292) (#9312)
25cc1ac [57_maintenance] fix: ensure BufferBuilder::truncate doesn't overset length...
9fc2fbb [57_maintenance[Parquet] Provide only encrypted column stats in plaintext foo...
3df3157 [57_maintenance] [regression] Error with adaptive predicate pushdown: "Invali...
See full diff in compare view

Updates calamine from 0.32.0 to 0.33.0

Release notes

Sourced from calamine's releases.

v0.33.0 - 2026-02-04

Added

Added support for reading data from Pivot Tables, which involves reading data from the internal Pivot Cache. [PR #559].

[PR #559]: tafia/calamine#559

Changed

Update dependencies for release 0.33.0:

zip: 4.2.0 -> 7.0.

atoi_simd: 0.16 -> 0.17

Fixed

Fixed potential memory exhaustion issue in ODS files that could be triggered via repeated empty rows/columns.

The fix adds limits to prevent memory exhaustion from malicious ODS files that declare billions of repeated cells via table:number-rows-repeated and table:number-columns-repeated attributes.

The change adds the following protection layers:

Add cap for columns per row at MAX_COLUMNS (16,384).

Add cap for total row repeats at MAX_ROWS (1,048,576).

Add cap for total cells at MAX_CELLS (100 million) in get_range().

These limits match XLSX's existing row/column limits and prevent a 7KB malicious file from attempting to allocate memory for 17+ billion cells.

When MAX_CELLS is exceeded, return OdsError::CellLimitExceeded instead of silently returning an empty range. This ensures callers are properly informed of truncation rather than receiving silent data loss.

[Issue #594], [PR #596].

[Issue #594]: tafia/calamine#594 [PR #596]: tafia/calamine#596

Fixed an issue where XLSX files with tables that had the internal insertRow attribute set returned a Dimensions object where the end row was less than the start row. This caused an assert/panic when trying to create a Range object to return the table range. [Issue #589].

[Issue #589]: tafia/calamine#589

Fixed an issue with XLSX files where worksheet tables used the unusual, but

... (truncated)

Changelog

Sourced from calamine's changelog.

[0.33.0] - 2026-02-04

Added

Added support for reading data from Pivot Tables, which involves reading data from the internal Pivot Cache. [PR #559].

[PR #559]: tafia/calamine#559

Changed

Update dependencies for release 0.33.0:

zip: 4.2.0 -> 7.0.

atoi_simd: 0.16 -> 0.17

Fixed

Fixed potential memory exhaustion issue in ODS files that could be triggered via repeated empty rows/columns.

The fix adds limits to prevent memory exhaustion from malicious ODS files that declare billions of repeated cells via table:number-rows-repeated and table:number-columns-repeated attributes.

The change adds the following protection layers:

Add cap for columns per row at MAX_COLUMNS (16,384).

Add cap for total row repeats at MAX_ROWS (1,048,576).

Add cap for total cells at MAX_CELLS (100 million) in get_range().

These limits match XLSX's existing row/column limits and prevent a 7KB malicious file from attempting to allocate memory for 17+ billion cells.

When MAX_CELLS is exceeded, return OdsError::CellLimitExceeded instead of silently returning an empty range. This ensures callers are properly informed of truncation rather than receiving silent data loss.

[Issue #594], [PR #596].

[Issue #594]: tafia/calamine#594 [PR #596]: tafia/calamine#596

Fixed an issue where XLSX files with tables that had the internal insertRow attribute set returned a Dimensions object where the end row was less than the start row. This caused an assert/panic when trying to create a Range object to return the table range. [Issue #589].

[Issue #589]: tafia/calamine#589

... (truncated)

Commits

203258c release: 0.33.0
778bd8b deps: update dependencies for release 0.33.0
b17b040 feat: add support for reading PivotTable/PivotCache (#559)
a1b5768 ods: fix DoS via repeated rows/columns (issue #594) (#596)
1dc58c6 xlsx: fix table issue when insertRow attribute is set
9111009 xlsx: fix issue with table reference ids
e76bcd7 docs: prep changelog for next release
See full diff in compare view

Updates anyhow from 1.0.100 to 1.0.101

Release notes

Sourced from anyhow's releases.

1.0.101

Add #[inline] to anyhow::Ok helper (#437, thanks @Ibitier)

Commits

80bfe29 Release 1.0.101
dff8c43 Merge pull request #437 from Ibitier/inline-ok-helper
85d9ea9 Add #[inline] to anyhow::Ok helper
54036cc Update ui test suite to nightly-2026-01-21
cce0579 Update actions/upload-artifact@v5 -> v6
f2c598c Update actions/upload-artifact@v4 -> v5
2c0bda4 Update to 2021 edition
0d82268 Remove rustc version requirement from readme
67df012 Merge pull request #436 from dtolnay/up
c898488 Raise required compiler to Rust 1.68
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the prod-deps group with 4 updates in the / directory: [arrow-array](https://github.com/apache/arrow-rs), [arrow-pyarrow](https://github.com/apache/arrow-rs), [calamine](https://github.com/tafia/calamine) and [anyhow](https://github.com/dtolnay/anyhow). Updates `arrow-array` from 57.2.0 to 57.3.0 - [Release notes](https://github.com/apache/arrow-rs/releases) - [Changelog](https://github.com/apache/arrow-rs/blob/main/CHANGELOG.md) - [Commits](apache/arrow-rs@57.2.0...57.3.0) Updates `arrow-pyarrow` from 57.2.0 to 57.3.0 - [Release notes](https://github.com/apache/arrow-rs/releases) - [Changelog](https://github.com/apache/arrow-rs/blob/main/CHANGELOG.md) - [Commits](apache/arrow-rs@57.2.0...57.3.0) Updates `arrow-schema` from 57.2.0 to 57.3.0 - [Release notes](https://github.com/apache/arrow-rs/releases) - [Changelog](https://github.com/apache/arrow-rs/blob/main/CHANGELOG.md) - [Commits](apache/arrow-rs@57.2.0...57.3.0) Updates `calamine` from 0.32.0 to 0.33.0 - [Release notes](https://github.com/tafia/calamine/releases) - [Changelog](https://github.com/tafia/calamine/blob/master/Changelog.md) - [Commits](tafia/calamine@v0.32.0...v0.33.0) Updates `anyhow` from 1.0.100 to 1.0.101 - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](dtolnay/anyhow@1.0.100...1.0.101) --- updated-dependencies: - dependency-name: arrow-array dependency-version: 57.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps - dependency-name: arrow-pyarrow dependency-version: 57.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps - dependency-name: arrow-schema dependency-version: 57.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps - dependency-name: calamine dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps - dependency-name: anyhow dependency-version: 1.0.101 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added 🦀 rust 🦀 Pull requests that edit Rust code dependencies Pull requests that update a dependency file labels Feb 9, 2026

lukapeschke enabled auto-merge (squash) February 12, 2026 10:39

lukapeschke approved these changes Feb 12, 2026

View reviewed changes

lukapeschke merged commit 158b5e8 into main Feb 12, 2026
31 checks passed

lukapeschke deleted the dependabot/cargo/prod-deps-f65f2ef608 branch February 12, 2026 10:40

lukapeschke mentioned this pull request Feb 12, 2026

Not enough information in the exception raised by read_excel if the file is locked #413

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the prod-deps group across 1 directory with 5 updates#451

chore(deps): bump the prod-deps group across 1 directory with 5 updates#451
lukapeschke merged 1 commit intomainfrom
dependabot/cargo/prod-deps-f65f2ef608

dependabot bot commented on behalf of github Feb 9, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

arrow 57.3.0

Changelog

57.3.0 (2026-02-02)

57.3.0 (2026-02-02)

arrow 57.3.0

Changelog

57.3.0 (2026-02-02)

57.3.0 (2026-02-02)

arrow 57.3.0

Changelog

57.3.0 (2026-02-02)

57.3.0 (2026-02-02)

v0.33.0 - 2026-02-04

Added

Changed

Fixed

[0.33.0] - 2026-02-04

Added

Changed

Fixed

1.0.101

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Feb 9, 2026 •

edited

Loading