Conversation
…ing wrong version (apache#2277) (cherry picked from commit 4c08d35)
…r schemas with nested types (apache#2307) ## Which issue does this PR close? - Closes apache#2306. - Downstream issue: apache/datafusion-comet#3860 ## What changes are included in this PR? `build_fallback_field_id_map` iterated over Parquet leaf columns instead of top-level fields when building the field ID to column index mapping for migrated files (no embedded field IDs). When nested types (struct, list, map) precede a primitive column, they expand into multiple leaves, causing the mapping to diverge from `add_fallback_field_ids_to_arrow_schema` which correctly assigns ordinal IDs to top-level Arrow fields. This made predicates on columns after nested types resolve to a leaf inside the group, crashing with "Leaf column `id` in predicates isn't a root column in Parquet schema". The fix iterates `root_schema().get_fields()` directly, assigning ordinal IDs only to top-level fields. For non-primitive fields (struct/list/map), it uses `get_column_root_idx` to advance past their leaf columns. This mirrors iceberg-java's `ParquetSchemaUtil.addFallbackIds()`, which iterates `fileSchema.getFields()` assigning ordinal IDs to top-level fields. Also renames "Leave column" to "Leaf column" in error messages. ## Are these changes tested? - An integration test (`test_predicate_on_migrated_file_with_nested_types`) writes a Parquet file without field IDs containing struct, list, and map columns before an `id` column, then reads with a predicate on `id`. This reproduces the exact crash before the fix. Test data is constructed with `serde_arrow` for readability. - [Apache DataFusion Comet](https://github.com/apache/datafusion-comet) used the repro test in [apache/datafusion-comet#3860](apache/datafusion-comet#3860) and it passes with this change: apache/datafusion-comet#3872 --------- Co-authored-by: blackmwk <liurenjie1024@outlook.com> (cherry picked from commit 5ea6f4c)
…e#2301) ## Which issue does this PR close? - Closes apache#2299. ## What changes are included in this PR? - Add `coerce_int96_timestamps()` to patch the Arrow schema before reading, using arrow-rs's schema hint mechanism (`ArrowReaderOptions::with_schema`) to read INT96 columns at the resolution specified by the Iceberg table schema - `timestamp`/`timestamptz` → microsecond, `timestamp_ns`/`timestamptz_ns` → nanosecond, per the [Iceberg spec](https://iceberg.apache.org/spec/#primitive-types) - Falls back to microsecond when no field ID is available (matching Iceberg Java's `TimestampInt96Reader` behavior) - Applied after all three schema resolution branches (with field IDs, name mapping, positional fallback) so the fix covers both native and migrated tables - Handles INT96 inside nested types (structs, lists, maps) via `ArrowSchemaVisitor` traversal - Visitor and tests live in a standalone `arrow/int96.rs` module to keep `reader.rs` manageable - Made `visit_schema` in `arrow/schema.rs` `pub(crate)` so the coercion visitor can reuse the existing traversal ## Are these changes tested? - `test_read_int96_timestamps_with_field_ids` — files with embedded field IDs (branch 1) - `test_read_int96_timestamps_without_field_ids` — migrated files without field IDs (branches 2/3) - `test_read_int96_timestamps_in_struct` — INT96 inside a struct field - `test_read_int96_timestamps_in_list` — INT96 inside a list field (3-level Parquet LIST encoding) - `test_read_int96_timestamps_in_map` — INT96 as map values - All tests use dates outside the i64 nanosecond range (~1677-2262) to confirm the overflow is avoided - [Apache DataFusion Comet](https://github.com/apache/datafusion-comet) used the repro test in [apache/datafusion-comet#3856](apache/datafusion-comet#3856) and it passes with this change: apache/datafusion-comet#3857 (cherry picked from commit a2f067d)
## Which issue does this PR close? - Closes apache#2312 ## What changes are included in this PR? Changes the s3tables default scheme to "s3://" ## Are these changes tested? With this change, I can read files resolved through an s3table catalog now. (cherry picked from commit b06b573)
…atures (apache#2274) ## Which issue does this PR close? - Fix the audit check by updating `aws-lc-sys` and `rustls-webpki`. - Avoid pulling both the legacy `rustls` / Hyper 0.14 stack and the newer `default-https-client` stack through inherited AWS SDK defaults. ([AWS SDK announcement](awslabs/aws-sdk-rust#1257)) ## What changes are included in this PR? - Bump to `aws-lc-sys>=0.39.0` and `rustls-webpki>=0.103.10` to pass security audit. - Disable inherited AWS SDK default features for `aws-sdk-glue` and `aws-sdk-s3tables` - Explicitly enable `default-https-client` and `rt-tokio` - Bump the minimum `aws-sdk-glue` version to `1.85`, the first version that provides `default-https-client` ## Are these changes tested? --------- Co-authored-by: blackmwk <liurenjie1024@outlook.com> (cherry picked from commit 2820d47)
…python (apache#2278) Addresses the security advisory GHSA-pwjx-qhcg-rvj4 for rustls-webpki < 0.103.10 in the Python bindings lockfile. This is a rebase of apache#2268 onto main which already includes the root Cargo.lock audit fix from apache#2274 (aws-lc-sys >= 0.39.0). ## Which issue does this PR close? - Closes #. ## What changes are included in this PR? ## Are these changes tested? ci. (cherry picked from commit 1f1ba53)
## Which issue does this PR close? - Closes apache#2327 apache#2328 apache#2329 ## What changes are included in this PR? Upgrade rnd version, use recommended api. ## Are these changes tested? ut. (cherry picked from commit 3fe7be1)
## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes apache#123` indicates that this PR will close issue apache#123. --> - publish has to be done one by one, otherwise we may see failure like this: https://github.com/apache/iceberg-rust/actions/runs/23260056698 ## What changes are included in this PR? - Change publish parallism back to 1 <!-- Provide a summary of the modifications in this PR. List the main changes such as new features, bug fixes, refactoring, or any other updates. --> ## Are these changes tested? <!-- Specify what test covers (unit test, integration test, etc.). If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> (cherry picked from commit 7db4b01)
## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes apache#123` indicates that this PR will close issue apache#123. --> Relates to apache/iceberg#15742 Follow up to apache#2289 ## What changes are included in this PR? Fix github workflow based on zizmor recommendation for security best practice <!-- Provide a summary of the modifications in this PR. List the main changes such as new features, bug fixes, refactoring, or any other updates. --> ## Are these changes tested? <!-- Specify what test covers (unit test, integration test, etc.). If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> Yes ``` ➜ iceberg-rust git:(kevinjqliu/zizmor-fix) uvx --from zizmor zizmor --offline .github/ 🌈 zizmor v1.23.1 INFO audit: zizmor: 🌈 completed .github/actions/get-msrv/action.yml INFO audit: zizmor: 🌈 completed .github/actions/overwrite-package-version/action.yml INFO audit: zizmor: 🌈 completed .github/actions/setup-builder/action.yml INFO audit: zizmor: 🌈 completed .github/dependabot.yml INFO audit: zizmor: 🌈 completed .github/workflows/audit.yml INFO audit: zizmor: 🌈 completed .github/workflows/bindings_python_ci.yml INFO audit: zizmor: 🌈 completed .github/workflows/ci.yml INFO audit: zizmor: 🌈 completed .github/workflows/ci_typos.yml INFO audit: zizmor: 🌈 completed .github/workflows/codeql.yml INFO audit: zizmor: 🌈 completed .github/workflows/publish.yml INFO audit: zizmor: 🌈 completed .github/workflows/release_python.yml INFO audit: zizmor: 🌈 completed .github/workflows/release_python_nightly.yml INFO audit: zizmor: 🌈 completed .github/workflows/stale.yml INFO audit: zizmor: 🌈 completed .github/workflows/website.yml No findings to report. Good job! (1 ignored, 37 suppressed) ``` (cherry picked from commit 6ee5e71)
(cherry picked from commit dc3a2d5)
## Which issue does this PR close? - Closes apache#2323 . ## What changes are included in this PR? ## Are these changes tested? ci (cherry picked from commit 59c8f4b)
…pache#2333) ## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes apache#123` indicates that this PR will close issue apache#123. --> - Closes #. ## What changes are included in this PR? - update codeql version from 4.35.1 to 4.35.2 - update comment tag <!-- Provide a summary of the modifications in this PR. List the main changes such as new features, bug fixes, refactoring, or any other updates. --> ## Are these changes tested? <!-- Specify what test covers (unit test, integration test, etc.). If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> (cherry picked from commit 5334dcb)
Removed GitHub Actions dependency update configuration. ## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes apache#123` indicates that this PR will close issue apache#123. --> - Closes #. ## What changes are included in this PR? Related to apache/iceberg-python#3186 Dont auto update since we now depend on github action being allowlisted by asf-infra first, https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml <!-- Provide a summary of the modifications in this PR. List the main changes such as new features, bug fixes, refactoring, or any other updates. --> ## Are these changes tested? <!-- Specify what test covers (unit test, integration test, etc.). If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> (cherry picked from commit cb7f78a)
(cherry picked from commit e285c79)
## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes apache#123` indicates that this PR will close issue apache#123. --> - Closes #. ## What changes are included in this PR? Relates to apache/iceberg#15742 This PR - Add "ASF allowlist check" - Pin commit for codeql.yml (zizmor recommended) - Add back Github Action auto-update for dependabot (reverts apache#2267) - Add cooldown to dependabot (zizmor recommended) - `Swatinem/rust-cache@v2` -> `swatinem/rust-cache@v2` (fix case sensitivity) [asf infra allowlist uses lowercase](https://github.com/apache/infrastructure-actions/blob/fae466bc0d9821859a623cbc7648c750ff359ec6/approved_patterns.yml#L271) We can add back dependabot for github action because the "ASF allowlist check" will now alert when an action is not allowed (failures will no longer be silent) <!-- Provide a summary of the modifications in this PR. List the main changes such as new features, bug fixes, refactoring, or any other updates. --> ## Are these changes tested? <!-- Specify what test covers (unit test, integration test, etc.). If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> (cherry picked from commit aff502d)
…-0104 (apache#2356) ## Which issue does this PR close? <!-- We generally require a GitHub issue to be filed for all bug fixes and enhancements and this helps us generate change logs for our releases. You can link an issue to this PR using the GitHub syntax. For example `Closes apache#123` indicates that this PR will close issue apache#123. --> - Closes #. ## What changes are included in this PR? <!-- Provide a summary of the modifications in this PR. List the main changes such as new features, bug fixes, refactoring, or any other updates. --> ## Are these changes tested? <!-- Specify what test covers (unit test, integration test, etc.). If tests are not included in your PR, please explain why (for example, are they covered by existing tests)? --> (cherry picked from commit 4b4ffd0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Which issue does this PR close?
What changes are included in this PR?
Are these changes tested?