Bump lz4_flex to prevent web viewer crashes

grtlr · web-flow · commit 9355dd8dc1c4 · 2026-03-17T11:12:52.000Z
### Related * Closes RR-4067. * PSeitz/lz4_flex#205 ### What This bumps `lz4_flex` to `0.13.0` which includes the PR linked above. ### Testing 1. Open web viewer 2. Open DICOM recording 3. Menu -> Save recording... 4. Should not crash Source-Ref: b09682616fc15c6299351d3e31dc2d9a0b3c99ac
diff --git a/Cargo.lock b/Cargo.lock
@@ -6229,6 +6229,15 @@ dependencies = [
  "twox-hash",
 ]
 
+[[package]]
+name = "lz4_flex"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db9a0d582c2874f68138a16ce1867e0ffde6c0bb0a0df85e1f36d04146db488a"
+dependencies = [
+ "twox-hash",
+]
+
 [[package]]
 name = "macaw"
 version = "0.30.0"
@@ -9207,7 +9216,7 @@ dependencies = [
  "insta",
  "itertools 0.14.0",
  "js-sys",
- "lz4_flex 0.12.0",
+ "lz4_flex 0.13.0",
  "mimalloc",
  "parking_lot",
  "re_arrow_util",
@@ -9394,7 +9403,7 @@ dependencies = [
  "arrow",
  "http",
  "jiff",
- "lz4_flex 0.12.0",
+ "lz4_flex 0.13.0",
  "pin-project-lite",
  "prost",
  "prost-types",
diff --git a/Cargo.toml b/Cargo.toml
@@ -290,7 +290,7 @@ libc = "0.2.182"
 linked-hash-map = { version = "0.5.6", default-features = false }
 log = "0.4.29"
 log-once = "0.4.1"
-lz4_flex = "0.12"
+lz4_flex = "0.13"
 macaw = "0.30.0"
 mcap = "0.24.0"
 memmap2 = "0.9.10"
diff --git a/deny.toml b/deny.toml
@@ -31,11 +31,12 @@ all-features = true
 [advisories]
 version = 2
 ignore = [
-  "RUSTSEC-2024-0436", # https://rustsec.org/advisories/RUSTSEC-2024-0436 - paste is unmaintained - https://github.com/dtolnay/paste
-  "RUSTSEC-2024-0014", # https://rustsec.org/advisories/RUSTSEC-2024-0014 - generational-arena is unmaintained
-  "RUSTSEC-2025-0141", # https://rustsec.org/advisories/RUSTSEC-2025-0141 - bincode is unmaintained - https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
+  { id = "RUSTSEC-2024-0436", reason = "paste is unmaintained — https://github.com/dtolnay/paste" },
+  { id = "RUSTSEC-2024-0014", reason = "generational-arena is unmaintained" },
+  { id = "RUSTSEC-2025-0141", reason = "bincode is unmaintained — https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md" },
   # TODO(quickwit-oss/tantivy#2796): Remove when changes trickle down to `lance`.
-  "RUSTSEC-2026-0002", # https://rustsec.org/advisories/RUSTSEC-2026-0002 - lance uses an old version of `lru`
+  { id = "RUSTSEC-2026-0002", reason = "lance uses an old version of `lru`" },
+  { id = "RUSTSEC-2026-0041", reason = "waiting for dependencies (puffin, arrow-ipc) to upgrade" },
 ]
 
 
