As described by this article regarding CVE-2023-47248: https://securityonline.info/cve-2023-47248-pyarrow-arbitrary-code-execution-vulnerability-a-critical-threat-to-data-analysts/ https://osv.dev/vulnerability/GHSA-5wvp-7f3h-6wmm Current Pyarrow version in setup.py: "pyarrow>=4,<12", One conflict from a third-party lib: 1. Snowflake dependency: pyarrow<10.1.0,>=10.0.1 (from snowflake-connector-python[pandas]==3.4.1->feast (setup.py)). The Snowflake developers are fixing this: https://github.com/snowflakedb/snowflake-connector-python/issues/1802 We need to update the pyarrow version to 14.0.1 or apply the hotfix: https://pypi.org/project/pyarrow-hotfix/
As described by this article regarding CVE-2023-47248: https://securityonline.info/cve-2023-47248-pyarrow-arbitrary-code-execution-vulnerability-a-critical-threat-to-data-analysts/
https://osv.dev/vulnerability/GHSA-5wvp-7f3h-6wmm
Current Pyarrow version in setup.py: "pyarrow>=4,<12",
One conflict from a third-party lib:
pyarrow<14.0.1snowflakedb/snowflake-connector-python#1802We need to update the pyarrow version to 14.0.1
or apply the hotfix: https://pypi.org/project/pyarrow-hotfix/