Skip to content

Remove upper-bound pin on pyarrow #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 29, 2025
Merged

Remove upper-bound pin on pyarrow #20

merged 2 commits into from
Apr 29, 2025

Conversation

dhirschfeld
Copy link
Contributor

@dhirschfeld dhirschfeld commented Feb 18, 2025
edited
Loading

Resolves #13
Closes #17

@dhirschfeld
Remove upper-bound pin on pyarrow
dfe1787 
Signed-off-by: Dave Hirschfeld <dave.hirschfeld@gmail.com>
@dhirschfeld
Regenerate lockfile
9ef3d7b 
Signed-off-by: Dave Hirschfeld <dave.hirschfeld@gmail.com>
@dhirschfeld dhirschfeld mentioned this pull request Feb 27, 2025
Merged
@dhirschfeld
Copy link
Contributor Author

ping @jprakash-db, @yinouya-db, @jackyhu-db, @benc-db, @gopalldb 🙏

@dhirschfeld
Copy link
Contributor Author

Bump!

@dhirschfeld
Copy link
Contributor Author

Could someone please approve the workflows?

@boyeah
Copy link

boyeah commented Mar 14, 2025

I would like this as well, but suggest to remove the dependency on pyarrow altogether. As far as I can see, pyarrow is not used at all by this library.

@dhirschfeld
Copy link
Contributor Author

I would like this as well, but suggest to remove the dependency on pyarrow altogether. As far as I can see, pyarrow is not used at all by this library.

Hmm, yeah - good catch. I've asked @jprakash-db why it has been added if it's not being used directly:

@jtmcn
Copy link

jtmcn commented Apr 4, 2025

Can this please be merged? It seems @jprakash-db has not responded to why the pin was added in the first place despite the package being unused. Meanwhile it is forcing Databricks customers to remain stuck on a version of pyarrow with a known critical vulnerability

@jprakash-db
Copy link
Collaborator

@jtmcn Didn't have time to look at it. Will just have a few checks done and update the status to merge. Will update the status this week. cc @deeksha-db

@jtmcn
Copy link

jtmcn commented Apr 15, 2025

@jprakash-db any updates? Or @benc-db can this be merged please?

@ruiyang2015
Copy link

also need this, please prioritize this PR thanks.

@jprakash-db jprakash-db merged commit 05f5b52 into databricks:main Apr 29, 2025
@dhirschfeld dhirschfeld deleted the relax-pyarrow-pin branch April 29, 2025 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yunbodeng-db yunbodeng-db Awaiting requested review from yunbodeng-db yunbodeng-db is a code owner

@jackyhu-db jackyhu-db Awaiting requested review from jackyhu-db jackyhu-db is a code owner

@benc-db benc-db Awaiting requested review from benc-db benc-db is a code owner

@jprakash-db jprakash-db Awaiting requested review from jprakash-db jprakash-db is a code owner

@gopalldb gopalldb Awaiting requested review from gopalldb gopalldb is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unpin pyarrow databricks-sqlalchemy depends on pyarrow versions with CVE-2024-52338
5 participants
@dhirschfeld @boyeah @jtmcn @jprakash-db @ruiyang2015