(arrow) branch main updated: GH-49967: [Python][CI] Raise oldest NumPy wheel-test requirement to a patched release (#49965)

Tue, 19 May 2026 00:40:26 -0700 

This is an automated email from the ASF dual-hosted git repository.

raulcd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git


The following commit(s) were added to refs/heads/main by this push:
     new 8b194490a5 GH-49967: [Python][CI] Raise oldest NumPy wheel-test 
requirement to a patched release (#49965)
8b194490a5 is described below

commit 8b194490a5876f84e959e99bc4d520cc408f7903
Author: Arpit Jain <[email protected]>
AuthorDate: Tue May 19 16:40:11 2026 +0900

    GH-49967: [Python][CI] Raise oldest NumPy wheel-test requirement to a 
patched release (#49965)
    
    ## Summary
    
    - Update `python/requirements-wheel-test.txt` for Python `<3.11` from 
`numpy~=1.21.3` to `numpy~=1.23.2`.
    
    (Previously this PR pinned to `numpy~=1.22.0`, which closes the advisory 
but is one minor short of what the wheel tests need: `numpy.from_dlpack` was 
added in numpy 1.23. After @ raulcd's crossbow run failed on `AttributeError: 
module 'numpy' has no attribute 'from_dlpack'`, the floor was bumped to 
`~=1.23.2`, matching the cp311 line right below it.)
    
    ## Why
    
    Dependabot flags `numpy < 1.22` in this requirements file 
(GHSA-fpfv-jqm9-f5jm / CVE-2021-34141, fixed in 1.22). `~=1.23.2` keeps that 
advisory closed and gives the wheel-test runtime `numpy.from_dlpack`, which 
arrow's test suite uses.
    
    ## Validation
    
    - `python3 -m pip install -r python/requirements-wheel-test.txt` locally.
    - The pin collapses to two distinct numpy floors across the matrix (cp310 + 
cp311 now share `~=1.23.2`).
    - Awaiting another crossbow run for cp310 wheels.
    
    * GitHub Issue: #49967
    
    Authored-by: Arpit Jain <[email protected]>
    Signed-off-by: Raúl Cumplido <[email protected]>
---
 python/requirements-wheel-test.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/requirements-wheel-test.txt 
b/python/requirements-wheel-test.txt
index b2ff4553b4..fb259db579 100644
--- a/python/requirements-wheel-test.txt
+++ b/python/requirements-wheel-test.txt
@@ -12,7 +12,7 @@ tzdata; sys_platform == 'win32'
 # version. However, there is no need to make this strictly the oldest version,
 # so it can be broadened to have a single version specification across 
platforms.
 # (`~=x.y.z` specifies a compatible release as `>=x.y.z, == x.y.*`)
-numpy~=1.21.3; python_version < "3.11"
+numpy~=1.23.2; python_version < "3.11"
 numpy~=1.23.2; python_version == "3.11"
 numpy~=1.26.0; python_version == "3.12"
 numpy~=2.1.0; python_version == "3.13"

Reply via email to