(fix): Update dependencies for dependabot alerts

[desmondcheongzx]

Changes Made

Related Issues

[greptile-apps]

Greptile Overview

Greptile Summary

Updates critical dependencies to address Dependabot security alerts. Upgrades lexical-core from 0.8 to 1.0.6 and AWS SDK packages (aws-config, aws-sdk-s3) to their latest patch versions. Also adds lru crate to workspace dependencies.

Confidence Score: 5/5

• Safe to merge - security-focused dependency updates with no breaking changes
• This PR exclusively updates dependencies to address security vulnerabilities flagged by Dependabot. The changes include: lexical-core major version upgrade (0.8→1.0.6) which maintains backward compatibility, AWS SDK minor/patch version bumps that are backward compatible, and addition of lru crate to workspace. All changes are in dependency manifests with no code modifications, and the lock file updates show only version bumps for the target dependencies and their transitive dependencies. No logic changes, no breaking API changes, and the updates specifically address known security issues.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
src/arrow2/Cargo.toml	5/5	Updates lexical-core from 0.8 to 1.0.6 to address security vulnerabilities
src/daft-io/Cargo.toml	5/5	Updates AWS SDK dependencies (aws-config 1.8.1→1.8.12, aws-sdk-s3 1.96.0→1.119.0) for security patches

Sequence Diagram

sequenceDiagram
    participant D as Dependabot
    participant C as Cargo.toml
    participant L as Cargo.lock
    D->>C: Alert: lexical-core 0.8 vulnerable
    D->>C: Alert: aws-config 1.8.1 vulnerable
    D->>C: Alert: aws-sdk-s3 1.96.0 vulnerable
    C->>C: Update lexical-core to 1.0.6
    C->>C: Update aws-config to 1.8.12
    C->>C: Update aws-sdk-s3 to 1.119.0
    C->>L: cargo update
    L->>L: Resolve transitive dependencies
    L-->>D: Security vulnerabilities resolved

Loading

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}