arpitjain099 commented on PR #49965:
URL: https://github.com/apache/arrow/pull/49965#issuecomment-4452815854
Thanks for running crossbow @raulcd. Looked at the wheel-test failures: it's
the bump itself that's too low, not the change of approach.
The cp310 wheel-unittests hit:
```
E AttributeError: module 'numpy' has no attribute 'from_dlpack'.
Did you mean: '_from_dlpack'?
usr/local/lib/python3.10/site-packages/numpy/__init__.py:315: AttributeError
```
`numpy.from_dlpack` was added in numpy 1.23 ([release
notes](https://numpy.org/doc/stable/release/1.23.0-notes.html#numpy-from-dlpack)),
and pyarrow's tests now use it. The PR pinned the cp310 floor at
`numpy~=1.22.0`, which closes the advisory but is one minor short of what the
test suite needs.
I just pushed 3fcf3f4 to bump the cp310 entry to `numpy~=1.23.2`, which:
- still closes GHSA-fpfv-jqm9-f5jm / CVE-2021-34141 (fix landed in 1.22),
- matches the line already used for cp311 right below it, so the wheel-test
matrix collapses to two distinct numpy floors instead of three,
- gives `numpy.from_dlpack` to the test runtime.
Mind re-running crossbow on the new HEAD?
```
@github-actions crossbow submit wheel-*310*
```
And to your wider point: totally agree this is a low-priority fix given the
planned 3.10 drop. Happy to close if it's easier than carrying it through, but
if it goes green with 1.23.2 it should be a no-op merge.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
