Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Bump pyarrow to 0.15.1 due to CVE #8583

Merged
merged 1 commit into from
Nov 15, 2019
Merged

[SECURITY] Bump pyarrow to 0.15.1 due to CVE #8583

merged 1 commit into from
Nov 15, 2019

Conversation

robdiciuccio
Copy link
Member

CATEGORY

Choose one

  • Bug Fix
  • Enhancement (new features, refinement)
  • Refactor
  • Add tests
  • Build / Development Environment
  • Documentation

SUMMARY

Updating PyArrow to latest version due to CVE: https://snyk.io/vuln/SNYK-PYTHON-PYARROW-483024

Note that the RESULTS_BACKEND_USE_MSGPACK config has been defaulted to False in #8060, but the intention is to re-enable this once #8225 is resolved.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TEST PLAN

CI

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

REVIEWERS

@mistercrunch
Copy link
Member

Looks like travis was having issues when this was pushed, restarted 2 builds in the matrix...

@mistercrunch mistercrunch merged commit fc12e53 into apache:master Nov 15, 2019
@mistercrunch mistercrunch deleted the rd/pyarrow-cve branch November 15, 2019 17:08
@dpgaspar dpgaspar added the v0.35 label Dec 2, 2019
@dpgaspar dpgaspar mentioned this pull request Dec 2, 2019
Closed
3 tasks
@ghost ghost mentioned this pull request Dec 16, 2019
Closed
3 tasks
villebro pushed a commit that referenced this pull request Jan 4, 2020
@robdiciuccio @villebro
Bump pyarrow to 0.15.1 due to CVE (#8583)
f92bc2c
@mistercrunch mistercrunch added 🍒 0.35.2 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.36.0 labels Feb 28, 2024
cccs-rc pushed a commit to CybercentreCanada/superset that referenced this pull request Mar 6, 2024
@robdiciuccio @villebro
Bump pyarrow to 0.15.1 due to CVE (apache#8583)
e1b3cb9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mistercrunch mistercrunch mistercrunch approved these changes

@willbarrett willbarrett willbarrett approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS v0.35 🍒 0.35.2 🚢 0.36.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@robdiciuccio @mistercrunch @willbarrett @dpgaspar