singhniraj08
commented
1 year ago @serhio-k,
Thank you for bringing up this feature request. We will discuss on updating the pyarrow version dependency internally and update this thread. Thank you!
Open serhio-k opened 1 year ago
singhniraj08
commented
1 year ago @serhio-k,
Thank you for bringing up this feature request. We will discuss on updating the pyarrow version dependency internally and update this thread. Thank you!
Natielle
commented
4 months ago Is there some update about this? Can I help in any way with this issue?
dev-pinheiro
commented
4 months ago Is there some update?
Hi,
current pyarrow dependency version is set to
pyarrow>=10,<11. However, there is a known vulnerability in pyarrow with the CVE-2023-47248. I'd like to propose bumping the pyarrow version to a range ofpyarrow>=14.0.1,<15, which should include the necessary fix for the aforementioned vulnerability. This version range should not introduce compatibility issues while ensuring we are using a secure version of the library.