chore(deps): update rust crate pprof to 0.14 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
pprof	workspace.dependencies	minor	0.13 -> 0.14

GitHub Vulnerability Alerts

GHSA-gw5w-5j7f-jmjj

The library breaks the safety assumptions when using unsafe API std::slice::from_raw_parts. First, when using the API in iterator implementation (TempFdArrayIterator.next), generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the address, the code passed the type c_void, which could also be any type, leading to potential uninitialized memory exposure.

Two unsound usages here highlight the necessity for developers to perform type checks before doing type conversion with unsafe API.

The panic caused by the misalignment causes several downstream applications (e.g., greptimedb) to crash when using pprof::report::ReportBuilder::build.

This was patched in 0.14.0.

The developer also suggested moving to pprof2.

---

Release Notes

tikv/pprof-rs (pprof)

v0.14.0

Fixed

• Fix the alignment of the collector and validate function (#​255)

Changed

• Bump the MSRV to 1.66.0 (#​255)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.