Metadata-Version: 2.1 Name: pyarrow-hotfix Version: 0.6 Project-URL: Documentation, https://github.com/pitrou/pyarrow-hotfix#readme Project-URL: Issues, https://github.com/pitrou/pyarrow-hotfix/issues Project-URL: Source, https://github.com/pitrou/pyarrow-hotfix Author-email: Antoine Pitrou <antoine@python.org> License: Apache License, Version 2.0 License-File: LICENSE.txt Classifier: Development Status :: 4 - Beta Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: 3.12 Requires-Python: >=3.5 Description-Content-Type: text/x-rst PyArrow Hotfix ============== .. image:: https://img.shields.io/pypi/v/pyarrow-hotfix.svg :alt: pyarrow_hotfix package on PyPI :target: https://pypi.org/project/pyarrow-hotfix .. image:: https://img.shields.io/pypi/pyversions/pyarrow-hotfix.svg :alt: pyarrow_hotfix supported Python versions :target: https://pypi.org/project/pyarrow-hotfix .. image:: https://github.com/pitrou/pyarrow-hotfix/actions/workflows/tests.yml/badge.svg :alt: latest unit test results :target: https://github.com/pitrou/pyarrow-hotfix/actions/workflows/tests.yml Description ----------- This is a hotfix for the PyArrow security vulnerability `CVE-2023-47248 <https://www.cve.org/CVERecord?id=CVE-2023-47248>`__. We generally recommend upgrading to PyArrow 14.0.1 or later, but if you cannot upgrade, this package disables the vulnerability on older versions. Installation ------------ Use ``pip`` to install: .. code-block:: console pip install pyarrow_hotfix .. note:: Both ``pyarrow-hotfix`` and ``pyarrow_hotfix`` are accepted and point to the same package. Usage ----- ``pyarrow_hotfix`` must be imported in your application or library code for it to take effect: .. code-block:: python import pyarrow_hotfix Supported versions ------------------ ``pyarrow_hotfix`` supports all Python versions starting from Python 3.5, and all PyArrow versions starting from 0.14.0. Dependencies ------------ ``pyarrow_hotfix`` is a pure Python package that does not have any explicit dependencies, and assumes you have installed ``pyarrow`` through other means (such as ``pip`` or ``conda``). Example ------- .. code-block:: pycon >>> import pyarrow as pa >>> import pyarrow_hotfix >>> >>> pa.ipc.open_file('data.arrow') Traceback (most recent call last): [ ... ] RuntimeError: forbidden deserialization of 'arrow.py_extension_type': storage_type = null, serialized = b"\x80\x03cbuiltins\neval\nq\x00X\x15\x00\x00\x00print('hello world!')q\x01\x85q\x02Rq\x03.", pickle disassembly: 0: \x80 PROTO 3 2: c GLOBAL 'builtins eval' 17: q BINPUT 0 19: X BINUNICODE "print('hello world!')" 45: q BINPUT 1 47: \x85 TUPLE1 48: q BINPUT 2 50: R REDUCE 51: q BINPUT 3 53: . STOP highest protocol among opcodes = 2 License ------- Like ``pyarrow``, ``pyarrow_hotfix`` is distributed under the terms of the `Apache License, version 2.0 <https://www.apache.org/licenses/LICENSE-2.0>`_.