Update pyarrow version range to address vulnerability CVE-2023-47248
serhio-k opened this issue · comments
Sergio commented
Hi,
current pyarrow dependency version is set to pyarrow>=10,<11
. However, there is a known vulnerability in pyarrow with the CVE-2023-47248.
I'd like to propose bumping the pyarrow version to a range of pyarrow>=14.0.1,<15
, which should include the necessary fix for the aforementioned vulnerability. This version range should not introduce compatibility issues while ensuring we are using a secure version of the library.