Audit-check fails in main branch

[xudong963]

cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 748 security advisories (from /Users/xudong/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (676 crate dependencies)
Crate:     pyo3
Version:   0.23.5
Title:     Risk of buffer overflow in `PyString::from_object`
Date:      2025-04-01
ID:        RUSTSEC-2025-0020
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0020
Solution:  Upgrade to >=0.24.1
Dependency tree:

[xudong963]

If upgrade pyo3 to 0.24.1, more info:

cargo build
    Updating crates.io index
error: failed to select a version for `pyo3-ffi`.
    ... required by package `pyo3 v0.23.3`
    ... which satisfies dependency `pyo3 = "^0.23"` of package `arrow v54.2.1`
    ... which satisfies dependency `arrow = "^54.2.1"` of package `datafusion-common v46.0.1 
    ... which satisfies path dependency `datafusion-common` of package `datafusion-benchmarks v46.0.1 
versions that meet the requirements `=0.23.3` are: 0.23.3

the package `pyo3-ffi` links to the native library `python`, but it conflicts with a previous package which links to `python` as well:
package `pyo3-ffi v0.24.1`
    ... which satisfies dependency `pyo3-ffi = "=0.24.1"` of package `pyo3 v0.24.1`
    ... which satisfies dependency `pyo3 = "^0.24.1"` of package `datafusion-common v46.0.1 
    ... which satisfies path dependency `datafusion-common` of package `datafusion-benchmarks v46.0.1 
Only one package in the dependency graph may specify the same links value. This helps ensure that only one copy of a native library is linked in the final binary. Try to adjust your dependencies so that only one package uses the `links = "python"` value. For more information, see https://doc.rust-lang.org/cargo/reference/resolver.html#links.

failed to select a version for `pyo3-ffi` which could resolve this conflict

[xudong963]

dup with #15571