This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 2afbb0a8d1 Use `pyarrow-hotfix` to mitigate CVE-2023-47248 (#35650)
2afbb0a8d1 is described below
commit 2afbb0a8d133ccd99ceb39d8e199f763908d4ca1
Author: Ephraim Anierobi <[email protected]>
AuthorDate: Wed Nov 15 14:40:57 2023 +0100
Use `pyarrow-hotfix` to mitigate CVE-2023-47248 (#35650)
* Use `pyarrow-hotfix` to mitigate CVE-2023-47248
This is a temporary measure and we will remove it once
Apache Beam allows us to upgrade to pyarrow 14.0.1
---------
Co-authored-by: Jarek Potiuk <[email protected]>
---
setup.py | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index ad30baacd1..c826e3eb82 100644
--- a/setup.py
+++ b/setup.py
@@ -353,7 +353,13 @@ ldap = [
]
leveldb = ["plyvel"]
otel = ["opentelemetry-exporter-prometheus"]
-pandas = ["pandas>=0.17.1", "pyarrow>=9.0.0"]
+pandas = [
+ "pandas>=0.17.1",
+ # Use pyarrow-hotfix to fix
https://nvd.nist.gov/vuln/detail/CVE-2023-47248.
+ # We should remove it once Apache Beam frees us to upgrade to pyarrow
14.0.1
+ "pyarrow-hotfix",
+ "pyarrow>=9.0.0",
+]
password = [
"bcrypt>=2.0.0",
"flask-bcrypt>=0.7.1",
