Skip to content

fix(deps): bump pyarrow to 14.0.1 in poetry template#51

Merged
mitczach merged 1 commit into
mainfrom
fix/pyarrow-poetry-template-cve
Jun 24, 2026
Merged

fix(deps): bump pyarrow to 14.0.1 in poetry template#51
mitczach merged 1 commit into
mainfrom
fix/pyarrow-poetry-template-cve

Conversation

@mitczach

Copy link
Copy Markdown
Collaborator

Summary The poetry project template (src/emr_cli/templates/poetry/pyproject.toml) still pinned pyarrow = "8.0.0", which is vulnerable to CVE-2023-47248. The other manifests were updated in PRs #36 and #37, but this template was missed, keeping the Dependabot alert active. This bumps pyarrow to 14.0.1 to match the rest of the repo and fully resolve the alert. ## Changes - src/emr_cli/templates/poetry/pyproject.toml: pyarrow 8.0.014.0.1 ## Verification Confirmed all pyarrow references across the repo now point to 14.0.1: - requirements.txtpyarrow==14.0.1 - src/emr_cli/templates/pyspark/pyproject.tomlpyarrow==14.0.1 - src/emr_cli/templates/poetry/pyproject.tomlpyarrow = "14.0.1"

…ct template still pinned pyarrow 8.0.0, which is vulnerable to CVE-2023-47248. The other manifests were updated in PRs #36 and #37 but this template was missed, keeping the Dependabot alert active. Bump it to 14.0.1 to match the rest of the repo and fully resolve the alert.
@mitczach mitczach merged commit 36bff55 into main Jun 24, 2026
9 checks passed
@mitczach mitczach deleted the fix/pyarrow-poetry-template-cve branch June 24, 2026 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant