(gravitino) branch main updated: [MINOR] fix(build): Bump the dependency version to fix several security issues (#9340)

Tue, 02 Dec 2025 00:31:54 -0800 

This is an automated email from the ASF dual-hosted git repository.

yuqi4733 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git


The following commit(s) were added to refs/heads/main by this push:
     new 32e01e29ab [MINOR] fix(build): Bump the dependency version to fix 
several security issues (#9340)
32e01e29ab is described below

commit 32e01e29ab9f901a29e885a2f6e1377c5deb372b
Author: Jerry Shao <[email protected]>
AuthorDate: Tue Dec 2 16:31:45 2025 +0800

    [MINOR] fix(build): Bump the dependency version to fix several security 
issues (#9340)
    
    ### What changes were proposed in this pull request?
    
    Increase several Python dependency versions to fix the security issues
    mentioned in https://github.com/apache/gravitino/security.
    
    Note that the current LlamaIndex version is incompatible with Pandas
    version, so downgrading the Pandas version to be compatible with
    LlamaIndex.
    
    ### Why are the changes needed?
    
    To fix the security issues.
    
    ### Does this PR introduce _any_ user-facing change?
    
    No.
    
    ### How was this patch tested?
    
    Existing CIs.
---
 clients/client-python/requirements-dev.txt | 6 +++---
 clients/client-python/requirements.txt     | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/clients/client-python/requirements-dev.txt 
b/clients/client-python/requirements-dev.txt
index e9e569dea8..a39836b3f4 100644
--- a/clients/client-python/requirements-dev.txt
+++ b/clients/client-python/requirements-dev.txt
@@ -15,15 +15,15 @@
 # specific language governing permissions and limitations
 # under the License.
 
-requests==2.32.3
+requests==2.32.5
 dataclasses-json==0.6.7
 pylint==3.2.2
 black==24.4.2
 twine==5.1.1
 coverage==7.5.1
-pandas==2.3.3
+pandas==2.2.3
 pyarrow==15.0.2
-llama-index==0.12.41
+llama-index==0.13.0
 tenacity==8.3.0
 cachetools==6.2.1
 readerwriterlock==1.0.9
diff --git a/clients/client-python/requirements.txt 
b/clients/client-python/requirements.txt
index ba5087bb1d..638c51e0ee 100644
--- a/clients/client-python/requirements.txt
+++ b/clients/client-python/requirements.txt
@@ -17,7 +17,7 @@
 
 
 # the tools to publish the python client to Pypi
-requests==2.32.3
+requests==2.32.5
 dataclasses-json==0.6.7
 readerwriterlock==1.0.9
 fsspec==2024.3.1
@@ -29,4 +29,4 @@ ossfs==2023.12.0
 adlfs==2023.12.0
 black==24.4.2
 flake8==7.0.0
-pre-commit==3.5.0
\ No newline at end of file
+pre-commit==3.5.0

Reply via email to