Skip to content

Commit 052182b

Browse files
shuchuachals
shuchu
authored and
achals
committed
fix: upgrade the pyarrow to latest v14.0.1 for CVE-2023-47248.
Signed-off-by: Shuchu Han <shuchu.han@gmail.com>
1 parent 77d7eb0 commit 052182b

9 files changed

+188
-136
lines changed

sdk/python/feast/infra/offline_stores/bigquery.py

+10-2
Original file line numberDiff line numberDiff line change
@@ -353,7 +353,11 @@ def write_logged_features(
353353
return
354354

355355
with tempfile.TemporaryFile() as parquet_temp_file:
356-
pyarrow.parquet.write_table(table=data, where=parquet_temp_file)
356+
# In Pyarrow v13.0, the parquet version was upgraded to v2.6 from v2.4.
357+
# Set the coerce_timestamps to "us"(microseconds) for backward compatibility.
358+
pyarrow.parquet.write_table(
359+
table=data, where=parquet_temp_file, coerce_timestamps="us"
360+
)
357361

358362
parquet_temp_file.seek(0)
359363

@@ -400,7 +404,11 @@ def offline_write_batch(
400404
)
401405

402406
with tempfile.TemporaryFile() as parquet_temp_file:
403-
pyarrow.parquet.write_table(table=table, where=parquet_temp_file)
407+
# In Pyarrow v13.0, the parquet version was upgraded to v2.6 from v2.4.
408+
# Set the coerce_timestamps to "us"(microseconds) for backward compatibility.
409+
pyarrow.parquet.write_table(
410+
table=table, where=parquet_temp_file, coerce_timestamps="us"
411+
)
404412

405413
parquet_temp_file.seek(0)
406414

sdk/python/feast/infra/utils/aws_utils.py

+3-1
Original file line numberDiff line numberDiff line change
@@ -351,7 +351,9 @@ def upload_arrow_table_to_redshift(
351351
else:
352352
# Write the PyArrow Table on disk in Parquet format and upload it to S3
353353
with tempfile.TemporaryFile(suffix=".parquet") as parquet_temp_file:
354-
pq.write_table(table, parquet_temp_file)
354+
# In Pyarrow v13.0, the parquet version was upgraded to v2.6 from v2.4.
355+
# Set the coerce_timestamps to "us"(microseconds) for backward compatibility.
356+
pq.write_table(table, parquet_temp_file, coerce_timestamps="us")
355357
parquet_temp_file.seek(0)
356358
s3_resource.Object(bucket, key).put(Body=parquet_temp_file)
357359

sdk/python/requirements/py3.10-ci-requirements.txt

+42-32
Original file line numberDiff line numberDiff line change
@@ -57,11 +57,11 @@ black==22.12.0
5757
# via feast (setup.py)
5858
bleach==6.1.0
5959
# via nbconvert
60-
boto3==1.28.80
60+
boto3==1.29.2
6161
# via
6262
# feast (setup.py)
6363
# moto
64-
botocore==1.31.80
64+
botocore==1.32.2
6565
# via
6666
# boto3
6767
# moto
@@ -121,7 +121,9 @@ comm==0.2.0
121121
# ipykernel
122122
# ipywidgets
123123
coverage[toml]==7.3.2
124-
# via pytest-cov
124+
# via
125+
# coverage
126+
# pytest-cov
125127
cryptography==41.0.5
126128
# via
127129
# azure-identity
@@ -135,7 +137,7 @@ cryptography==41.0.5
135137
# snowflake-connector-python
136138
# types-pyopenssl
137139
# types-redis
138-
dask==2023.10.1
140+
dask==2023.11.0
139141
# via feast (setup.py)
140142
db-dtypes==1.1.1
141143
# via google-cloud-bigquery
@@ -177,7 +179,7 @@ fastavro==1.9.0
177179
# via
178180
# feast (setup.py)
179181
# pandavro
180-
fastjsonschema==2.18.1
182+
fastjsonschema==2.19.0
181183
# via nbformat
182184
filelock==3.13.1
183185
# via
@@ -199,7 +201,7 @@ geojson==2.5.0
199201
# via rockset
200202
geomet==0.2.1.post1
201203
# via cassandra-driver
202-
google-api-core[grpc]==2.13.0
204+
google-api-core[grpc]==2.14.0
203205
# via
204206
# feast (setup.py)
205207
# firebase-admin
@@ -211,7 +213,7 @@ google-api-core[grpc]==2.13.0
211213
# google-cloud-datastore
212214
# google-cloud-firestore
213215
# google-cloud-storage
214-
google-api-python-client==2.107.0
216+
google-api-python-client==2.108.0
215217
# via firebase-admin
216218
google-auth==2.23.4
217219
# via
@@ -224,7 +226,9 @@ google-auth==2.23.4
224226
google-auth-httplib2==0.1.1
225227
# via google-api-python-client
226228
google-cloud-bigquery[pandas]==3.12.0
227-
# via feast (setup.py)
229+
# via
230+
# feast (setup.py)
231+
# google-cloud-bigquery
228232
google-cloud-bigquery-storage==2.22.0
229233
# via feast (setup.py)
230234
google-cloud-bigtable==2.21.0
@@ -262,7 +266,7 @@ great-expectations==0.15.50
262266
# via feast (setup.py)
263267
greenlet==3.0.1
264268
# via sqlalchemy
265-
grpc-google-iam-v1==0.12.6
269+
grpc-google-iam-v1==0.12.7
266270
# via google-cloud-bigtable
267271
grpcio==1.59.2
268272
# via
@@ -298,7 +302,7 @@ hazelcast-python-client==5.3.0
298302
# via feast (setup.py)
299303
hiredis==2.2.3
300304
# via feast (setup.py)
301-
httpcore==1.0.1
305+
httpcore==1.0.2
302306
# via httpx
303307
httplib2==0.22.0
304308
# via
@@ -368,15 +372,15 @@ jsonpointer==2.4
368372
# via
369373
# jsonpatch
370374
# jsonschema
371-
jsonschema[format-nongpl]==4.19.2
375+
jsonschema[format-nongpl]==4.20.0
372376
# via
373377
# altair
374378
# feast (setup.py)
375379
# great-expectations
376380
# jupyter-events
377381
# jupyterlab-server
378382
# nbformat
379-
jsonschema-specifications==2023.7.1
383+
jsonschema-specifications==2023.11.1
380384
# via jsonschema
381385
jupyter-client==8.6.0
382386
# via
@@ -396,7 +400,7 @@ jupyter-events==0.9.0
396400
# via jupyter-server
397401
jupyter-lsp==2.2.0
398402
# via jupyterlab
399-
jupyter-server==2.10.0
403+
jupyter-server==2.10.1
400404
# via
401405
# jupyter-lsp
402406
# jupyterlab
@@ -409,7 +413,7 @@ jupyterlab==4.0.8
409413
# via notebook
410414
jupyterlab-pygments==0.2.2
411415
# via nbconvert
412-
jupyterlab-server==2.25.0
416+
jupyterlab-server==2.25.1
413417
# via
414418
# jupyterlab
415419
# notebook
@@ -419,7 +423,7 @@ kubernetes==20.13.0
419423
# via feast (setup.py)
420424
locket==1.0.0
421425
# via partd
422-
makefun==1.15.1
426+
makefun==1.15.2
423427
# via great-expectations
424428
markupsafe==2.1.3
425429
# via
@@ -446,7 +450,7 @@ mock==2.0.0
446450
# via feast (setup.py)
447451
moreorless==0.4.0
448452
# via bowler
449-
moto==4.2.7
453+
moto==4.2.9
450454
# via feast (setup.py)
451455
msal==1.25.0
452456
# via
@@ -564,7 +568,7 @@ pre-commit==3.3.1
564568
# via feast (setup.py)
565569
prometheus-client==0.18.0
566570
# via jupyter-server
567-
prompt-toolkit==3.0.39
571+
prompt-toolkit==3.0.41
568572
# via ipython
569573
proto-plus==1.22.3
570574
# via
@@ -610,7 +614,7 @@ py-cpuinfo==9.0.0
610614
# via pytest-benchmark
611615
py4j==0.10.9.7
612616
# via pyspark
613-
pyarrow==10.0.1
617+
pyarrow==14.0.1
614618
# via
615619
# db-dtypes
616620
# feast (setup.py)
@@ -683,7 +687,7 @@ pytest-ordering==0.6
683687
# via feast (setup.py)
684688
pytest-timeout==1.4.2
685689
# via feast (setup.py)
686-
pytest-xdist==3.3.1
690+
pytest-xdist==3.4.0
687691
# via feast (setup.py)
688692
python-dateutil==2.8.2
689693
# via
@@ -723,7 +727,7 @@ pyzmq==25.1.1
723727
# jupyter-server
724728
redis==4.6.0
725729
# via feast (setup.py)
726-
referencing==0.30.2
730+
referencing==0.31.0
727731
# via
728732
# jsonschema
729733
# jsonschema-specifications
@@ -751,7 +755,7 @@ requests==2.31.0
751755
# trino
752756
requests-oauthlib==1.3.1
753757
# via kubernetes
754-
responses==0.24.0
758+
responses==0.24.1
755759
# via moto
756760
rfc3339-validator==0.1.4
757761
# via
@@ -763,7 +767,7 @@ rfc3986-validator==0.1.1
763767
# jupyter-events
764768
rockset==2.1.0
765769
# via feast (setup.py)
766-
rpds-py==0.12.0
770+
rpds-py==0.13.0
767771
# via
768772
# jsonschema
769773
# referencing
@@ -798,8 +802,10 @@ sniffio==1.3.0
798802
# httpx
799803
snowballstemmer==2.2.0
800804
# via sphinx
801-
snowflake-connector-python[pandas]==3.4.0
802-
# via feast (setup.py)
805+
snowflake-connector-python[pandas]==3.5.0
806+
# via
807+
# feast (setup.py)
808+
# snowflake-connector-python
803809
sortedcontainers==2.4.0
804810
# via snowflake-connector-python
805811
soupsieve==2.5
@@ -825,8 +831,10 @@ sphinxcontrib-qthelp==1.0.6
825831
sphinxcontrib-serializinghtml==1.1.9
826832
# via sphinx
827833
sqlalchemy[mypy]==1.4.50
828-
# via feast (setup.py)
829-
sqlalchemy2-stubs==0.0.2a36
834+
# via
835+
# feast (setup.py)
836+
# sqlalchemy
837+
sqlalchemy2-stubs==0.0.2a37
830838
# via sqlalchemy
831839
stack-data==0.6.3
832840
# via ipython
@@ -836,7 +844,7 @@ tabulate==0.9.0
836844
# via feast (setup.py)
837845
tenacity==8.2.3
838846
# via feast (setup.py)
839-
terminado==0.17.1
847+
terminado==0.18.0
840848
# via
841849
# jupyter-server
842850
# jupyter-server-terminals
@@ -858,7 +866,7 @@ tomli==2.0.1
858866
# pip-tools
859867
# pyproject-hooks
860868
# pytest
861-
tomlkit==0.12.2
869+
tomlkit==0.12.3
862870
# via snowflake-connector-python
863871
toolz==0.12.0
864872
# via
@@ -916,7 +924,7 @@ types-redis==4.6.0.10
916924
# via feast (setup.py)
917925
types-requests==2.30.0.0
918926
# via feast (setup.py)
919-
types-setuptools==68.2.0.0
927+
types-setuptools==68.2.0.1
920928
# via feast (setup.py)
921929
types-tabulate==0.9.0.3
922930
# via feast (setup.py)
@@ -955,7 +963,9 @@ urllib3==1.26.18
955963
# rockset
956964
# snowflake-connector-python
957965
uvicorn[standard]==0.24.0.post1
958-
# via feast (setup.py)
966+
# via
967+
# feast (setup.py)
968+
# uvicorn
959969
uvloop==0.19.0
960970
# via uvicorn
961971
virtualenv==20.23.0
@@ -966,7 +976,7 @@ volatile==2.1.0
966976
# via bowler
967977
watchfiles==0.21.0
968978
# via uvicorn
969-
wcwidth==0.2.9
979+
wcwidth==0.2.10
970980
# via prompt-toolkit
971981
webcolors==1.13
972982
# via jsonschema
@@ -987,7 +997,7 @@ wheel==0.41.3
987997
# via pip-tools
988998
widgetsnbextension==4.0.9
989999
# via ipywidgets
990-
wrapt==1.15.0
1000+
wrapt==1.16.0
9911001
# via testcontainers
9921002
xmltodict==0.13.0
9931003
# via moto

0 commit comments

Comments
 (0)