parseable/1.5.3-r0: cve remediation

[octo-sts]

parseable/1.5.3-r0: fix GHSA-4jwc-w2hc-78qv/GHSA-2326-pfpj-vx3h/

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/parseable.advisories.yaml

[octo-sts]

Open AI suggestions to solve the build error:

The error message is: "Error: failed to parse the pom file: failed to run cargo update 'Updating crates.io index uses=rust/cargobump
error: failed to select a version for the requirement `lexical-core = "^0.8"`
candidate versions found which didn't match: 1.0.0
location searched: crates.io index
required by package `arrow-json v52.2.0`
... which satisfies dependency `arrow-json = "^52.1.0"` (locked to 52.2.0) of package `parseable v1.5.3 (/home/build/server)`' with error: 'exit status 101'"

1. Open `Cargo.toml` in the `parseable` project.
2. Update `lexical-core` dependency to a compatible version, e.g., `lexical-core = "1.0.0"`.
3. Run `cargo update` to refresh dependencies.
4. If issues persist, check for any other dependencies requiring `lexical-core` and update them accordingly.

[hectorj2f]

Both CVEs require entries on the advisory file as pending-upstream-fix. Trying to upgrade either of the two vulnerable version conflicts with other dependencies, so we cannot do much here for the moment.

[octo-sts]

Open AI suggestions to solve the build error:

The error message indicates a version conflict with the `lexical-core` dependency in the `parseable` project. To resolve this, update the `lexical-core` dependency in the `Cargo.toml` file to a compatible version, such as `^1.0`, and then run `cargo update` to refresh the dependencies. After making these changes, test the build to ensure everything is working correctly.

[mamccorm]

pending-upstream-fix advisory raised:

• parseable/1.5.3-r0: cve remediation #29873

[kranurag7]

closing given wolfi-dev/advisories#8563 is merged.