Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[python] Update pyarrow dependency #1925

Merged
merged 6 commits into from
Dec 1, 2023
Merged

[python] Update pyarrow dependency #1925

merged 6 commits into from
Dec 1, 2023

Conversation

johnkerl
Copy link
Member

@johnkerl johnkerl commented Nov 17, 2023
edited
Loading

Issue and/or context: #1926

This is for the pyarrow CVE. @bkmartinjr has verified we don't use the vulnerable code path, but, it's good optics for us to update.

Changes:

Notes for Reviewer:

@johnkerl johnkerl marked this pull request as ready for review November 17, 2023 20:43
@codecov-commenter
Copy link

codecov-commenter commented Nov 17, 2023
edited
Loading

Codecov Report

Merging #1925 (2f3ee01) into main (69e0f30) will increase coverage by 26.64%.
The diff coverage is 100.00%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #1925       +/-   ##
===========================================
+ Coverage   63.09%   89.74%   +26.64%     
===========================================
  Files         106       34       -72     
  Lines       10050     3598     -6452     
===========================================
- Hits         6341     3229     -3112     
+ Misses       3709      369     -3340
Flag Coverage Δ
python 89.74% <100.00%> (-0.03%) ⬇️
r ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
python_api 89.74% <100.00%> (-0.03%) ⬇️
libtiledbsoma ∅ <ø> (∅)

@thetorpedodog
Copy link
Contributor

Is this from the pyarrow CVE? If so, it looks like we would want to eliminate everything <=v14.0.0 rather than specifically 14.0.0. For py3.7 our only option might be the hotfix?

@johnkerl johnkerl marked this pull request as draft November 17, 2023 22:16
@johnkerl johnkerl mentioned this pull request Nov 21, 2023
Closed
@johnkerl
Copy link
Member Author

Commit 9608859 implements the plan at #1926 (comment)

@johnkerl johnkerl marked this pull request as ready for review November 21, 2023 20:49
@johnkerl johnkerl force-pushed the kerl/pyarrow-dependency branch from ccfbc81 to cad6b80 Compare November 21, 2023 21:14
@johnkerl
Copy link
Member Author

R/Python interop is failing, and will continue to fail, until we have core 2.18 along all callpaths

@johnkerl johnkerl marked this pull request as draft November 21, 2023 21:33
@johnkerl johnkerl force-pushed the kerl/pyarrow-dependency branch from cad6b80 to 080b5c2 Compare November 21, 2023 22:38
@johnkerl johnkerl marked this pull request as ready for review November 30, 2023 23:09
@johnkerl johnkerl merged commit 2eb024e into main Dec 1, 2023
9 checks passed
@johnkerl johnkerl deleted the kerl/pyarrow-dependency branch December 1, 2023 00:35
@johnkerl
Copy link
Member Author

johnkerl commented Dec 1, 2023

Thanks @bkmartinjr !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bkmartinjr bkmartinjr bkmartinjr approved these changes

@thetorpedodog thetorpedodog Awaiting requested review from thetorpedodog

@nguyenv nguyenv Awaiting requested review from nguyenv

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnkerl @codecov-commenter @thetorpedodog @bkmartinjr