Update pyarrow version range to address vulnerability CVE-2023-47248
serhio-k opened this issue · comments
Sergio commented
Hi,
current pyarrow dependency version is set to pyarrow>=10,<11
. However, there is a known vulnerability in pyarrow with the CVE-2023-47248.
I'd like to propose bumping the pyarrow version to a range of pyarrow>=14.0.1,<15
, which should include the necessary fix for the aforementioned vulnerability. This version range should not introduce compatibility issues while ensuring we are using a secure version of the library.
Niraj Singh commented
Thank you for bringing up this feature request. We will discuss on updating the pyarrow version dependency internally and update this thread. Thank you!