You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@arrow.apache.org by "danepitkin (via GitHub)" <gi...@apache.org> on 2023/05/31 19:55:58 UTC

[GitHub] [arrow] danepitkin commented on issue #35846: Minimum required numpy version (1.16.6) has security vulnerability

danepitkin commented on issue #35846:
URL: https://github.com/apache/arrow/issues/35846#issuecomment-1570854168

   Hey @diegohavenstein, thanks for bringing this up. While I would definitely encourage users to install a numpy version w/o known vulnerabilities, I don't think we want to enforce it in this case given that numpy 1.22.2 was released just a little over a year ago (Feb 3, 2022)[1]. Snyk also reports the known vulnerabilities as low severity, so it's probably best to allow users additional time to upgrade their numpy version.
   
   [1]https://pypi.org/project/numpy/1.22.2/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org