model-analysis icon indicating copy to clipboard operation
model-analysis copied to clipboard
verified publisher icon tensorflow

CVE in Pyarrow dependency

Open vanHavel opened this issue 2 years ago • 1 comments

System information

  • Have I written custom code: no
  • OS Platform and Distribution: N/A
  • TensorFlow Model Analysis installed from: binary
  • TensorFlow Model Analysis version: 0.45.0
  • Python version: N/A
  • Jupyter Notebook version: N/A
  • Exact command to reproduce: N/A

Describe the problem

pyarrow in versions less than 14.0.1 contains the critical security vulnerability CVE-2023-47248. If possible, please update the dependency of pyarrow to a version >= 14.0.1.

vanHavel avatar Dec 08 '23 12:12 vanHavel

@vanHavel, Thank you for raising this feature request. We have already received this issue in other TFX child library and are working actively on updating the pyarrow dependency. We will update this thread once pyarrow dependency is updated. Thank you!

singhniraj08 avatar Dec 12 '23 06:12 singhniraj08