Consider upgrading polars-arrow due to fast-float dependency soundness issues #78
Description
Hi all,
Many thanks for the great work on this project!
We're using hypersync-schema v0.3.0 which depends on polars-arrow v0.42.0. This pulls in the fast-float v0.2.0 crate as a transitive dependency, which hasn't been maintained for over 4 years and has known soundness issues.
The good news is that the Polars team has already addressed this by replacing fast-float with the maintained fast-float2 fork in pola-rs/polars#19578. This fix is available in polars-arrow v0.44.2 and later.
Would it be possible to update hypersync-schema's dependency from polars-arrow = "0.42" to "0.44" or later? This would resolve the security warnings we're seeing in our dependency audits.
Our dependabot alert for reference:
https://github.com/nautechsystems/nautilus_trader/security/dependabot/64