danepitkin commented on issue #35846: URL: https://github.com/apache/arrow/issues/35846#issuecomment-1570854168
Hey @diegohavenstein, thanks for bringing this up. While I would definitely encourage users to install a numpy version w/o known vulnerabilities, I don't think we want to enforce it in this case given that numpy 1.22.2 was released just a little over a year ago (Feb 3, 2022)[1]. Snyk also reports the known vulnerabilities as low severity, so it's probably best to allow users additional time to upgrade their numpy version. [1]https://pypi.org/project/numpy/1.22.2/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
