As described by this article regarding CVE-2023-47248: https://securityonline.info/cve-2023-47248-pyarrow-arbitrary-code-execution-vulnerability-a-critical-threat-to-data-analysts/

https://osv.dev/vulnerability/GHSA-5wvp-7f3h-6wmm

Current Pyarrow version in setup.py: "pyarrow>=4,<12",

One conflict from a third-party lib:

1. Snowflake dependency: pyarrow<10.1.0,>=10.0.1 (from snowflake-connector-python[pandas]==3.4.1->feast (setup.py)). The Snowflake developers are fixing this: SNOW-966491: Critical security vulnerability in pyarrow<14.0.1 snowflakedb/snowflake-connector-python#1802

We need to update the pyarrow version to 14.0.1

or apply the hotfix: https://pypi.org/project/pyarrow-hotfix/