chore: dependency updates and security fixes (#3116)

## Summary - Update dependencies across Rust, Python, Node.js, Java, Docker, and docs - Pin unpinned dependency lower bounds to prevent silent downgrades - Bump CI actions to current major versions 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-30 10:20:40 +00:00 · 2026-03-09 22:04:27 -05:00
parent b3fc9c444f
commit 6530d82690
12 changed files with 1909 additions and 3418 deletions
--- a/nodejs/Cargo.toml
+++ b/nodejs/Cargo.toml
@@ -25,12 +25,12 @@ napi = { version = "3.8.3", default-features = false, features = [
 ] }
 napi-derive = "3.5.2"
 # Prevent dynamic linking of lzma, which comes from datafusion
-lzma-sys = { version = "*", features = ["static"] }
+lzma-sys = { version = "0.1", features = ["static"] }
 log.workspace = true

-# Workaround for build failure until we can fix it.
-aws-lc-sys = "=0.28.0"
-aws-lc-rs = "=1.13.0"
+# Pin to resolve build failures; update periodically for security patches.
+aws-lc-sys = "=0.38.0"
+aws-lc-rs = "=1.16.1"

 [build-dependencies]
 napi-build = "2.3.1"