python-documentai-toolbox icon indicating copy to clipboard operation
python-documentai-toolbox copied to clipboard
verified publisher icon googleapis

Bump pyarrow to 17.0+

Open SimonDR-Boltzmann opened this issue 8 months ago • 1 comments

There is a vulnerability in pyarrow<17.0: https://osv.dev/vulnerability/PYSEC-2024-161

I didn't go through the security policy because it seems only R is affected, but nevertheless it appears in pip-audit reports for any repository that uses python-documentai-toolbox, so it's an annoyance.

Environment details

  • Python version: 3.11
  • pip version: 24.0
  • google-cloud-documentai-toolbox version: 0.14.2a0
  • pip-audit version: 2.8

Steps to reproduce

  1. install pip-audit in a repo with google-cloud-documentai-toolbox as a dependency
  2. run pip-audit

Code example

$ pip-audit
Found 1 known vulnerability in 1 package
Name    Version ID             Fix Versions
------- ------- -------------- ------------
pyarrow 15.0.2  PYSEC-2024-161 17.0.0

SimonDR-Boltzmann avatar Apr 14 '25 07:04 SimonDR-Boltzmann

+1

lgc0313 avatar Jul 01 '25 13:07 lgc0313