| Name | pyarrow-hotfix JSON |
| Version |
0.6
JSON |
| download |
| home_page | |
| Summary | |
| upload_time | 2023-11-21 17:46:03 |
| maintainer | |
| docs_url | None |
| author | |
| requires_python | >=3.5 |
| license | Apache License, Version 2.0 |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
PyArrow Hotfix
==============
.. image:: https://img.shields.io/pypi/v/pyarrow-hotfix.svg
:alt: pyarrow_hotfix package on PyPI
:target: https://pypi.org/project/pyarrow-hotfix
.. image:: https://img.shields.io/pypi/pyversions/pyarrow-hotfix.svg
:alt: pyarrow_hotfix supported Python versions
:target: https://pypi.org/project/pyarrow-hotfix
.. image:: https://github.com/pitrou/pyarrow-hotfix/actions/workflows/tests.yml/badge.svg
:alt: latest unit test results
:target: https://github.com/pitrou/pyarrow-hotfix/actions/workflows/tests.yml
Description
-----------
This is a hotfix for the PyArrow security vulnerability
`CVE-2023-47248 <https://www.cve.org/CVERecord?id=CVE-2023-47248>`__.
We generally recommend upgrading to PyArrow 14.0.1 or later, but if you
cannot upgrade, this package disables the vulnerability on older versions.
Installation
------------
Use ``pip`` to install:
.. code-block:: console
pip install pyarrow_hotfix
.. note::
Both ``pyarrow-hotfix`` and ``pyarrow_hotfix`` are accepted and point to
the same package.
Usage
-----
``pyarrow_hotfix`` must be imported in your application or library code for
it to take effect:
.. code-block:: python
import pyarrow_hotfix
Supported versions
------------------
``pyarrow_hotfix`` supports all Python versions starting from Python 3.5,
and all PyArrow versions starting from 0.14.0.
Dependencies
------------
``pyarrow_hotfix`` is a pure Python package that does not have any explicit
dependencies, and assumes you have installed ``pyarrow`` through other means
(such as ``pip`` or ``conda``).
Example
-------
.. code-block:: pycon
>>> import pyarrow as pa
>>> import pyarrow_hotfix
>>>
>>> pa.ipc.open_file('data.arrow')
Traceback (most recent call last):
[ ... ]
RuntimeError: forbidden deserialization of 'arrow.py_extension_type': storage_type = null, serialized = b"\x80\x03cbuiltins\neval\nq\x00X\x15\x00\x00\x00print('hello world!')q\x01\x85q\x02Rq\x03.", pickle disassembly:
0: \x80 PROTO 3
2: c GLOBAL 'builtins eval'
17: q BINPUT 0
19: X BINUNICODE "print('hello world!')"
45: q BINPUT 1
47: \x85 TUPLE1
48: q BINPUT 2
50: R REDUCE
51: q BINPUT 3
53: . STOP
highest protocol among opcodes = 2
License
-------
Like ``pyarrow``, ``pyarrow_hotfix`` is distributed under the terms of the
`Apache License, version 2.0 <https://www.apache.org/licenses/LICENSE-2.0>`_.
Raw data
{
"_id": null,
"home_page": "",
"name": "pyarrow-hotfix",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.5",
"maintainer_email": "",
"keywords": "",
"author": "",
"author_email": "Antoine Pitrou <antoine@python.org>",
"download_url": "https://files.pythonhosted.org/packages/70/0a/71da7b0db0c7078d4cf34ecf0c70ded5ed29decc06612097474e0114f4cc/pyarrow_hotfix-0.6.tar.gz",
"platform": null,
"description": "PyArrow Hotfix\n==============\n\n.. image:: https://img.shields.io/pypi/v/pyarrow-hotfix.svg\n :alt: pyarrow_hotfix package on PyPI\n :target: https://pypi.org/project/pyarrow-hotfix\n\n.. image:: https://img.shields.io/pypi/pyversions/pyarrow-hotfix.svg\n :alt: pyarrow_hotfix supported Python versions\n :target: https://pypi.org/project/pyarrow-hotfix\n\n.. image:: https://github.com/pitrou/pyarrow-hotfix/actions/workflows/tests.yml/badge.svg\n :alt: latest unit test results\n :target: https://github.com/pitrou/pyarrow-hotfix/actions/workflows/tests.yml\n\n\nDescription\n-----------\n\nThis is a hotfix for the PyArrow security vulnerability\n`CVE-2023-47248 <https://www.cve.org/CVERecord?id=CVE-2023-47248>`__.\n\nWe generally recommend upgrading to PyArrow 14.0.1 or later, but if you\ncannot upgrade, this package disables the vulnerability on older versions.\n\nInstallation\n------------\n\nUse ``pip`` to install:\n\n.. code-block:: console\n\n pip install pyarrow_hotfix\n\n.. note::\n Both ``pyarrow-hotfix`` and ``pyarrow_hotfix`` are accepted and point to\n the same package.\n\nUsage\n-----\n\n``pyarrow_hotfix`` must be imported in your application or library code for\nit to take effect:\n\n.. code-block:: python\n\n import pyarrow_hotfix\n\nSupported versions\n------------------\n\n``pyarrow_hotfix`` supports all Python versions starting from Python 3.5,\nand all PyArrow versions starting from 0.14.0.\n\nDependencies\n------------\n\n``pyarrow_hotfix`` is a pure Python package that does not have any explicit\ndependencies, and assumes you have installed ``pyarrow`` through other means\n(such as ``pip`` or ``conda``).\n\nExample\n-------\n\n.. code-block:: pycon\n\n >>> import pyarrow as pa\n >>> import pyarrow_hotfix\n >>>\n >>> pa.ipc.open_file('data.arrow')\n Traceback (most recent call last):\n [ ... ]\n RuntimeError: forbidden deserialization of 'arrow.py_extension_type': storage_type = null, serialized = b\"\\x80\\x03cbuiltins\\neval\\nq\\x00X\\x15\\x00\\x00\\x00print('hello world!')q\\x01\\x85q\\x02Rq\\x03.\", pickle disassembly:\n 0: \\x80 PROTO 3\n 2: c GLOBAL 'builtins eval'\n 17: q BINPUT 0\n 19: X BINUNICODE \"print('hello world!')\"\n 45: q BINPUT 1\n 47: \\x85 TUPLE1\n 48: q BINPUT 2\n 50: R REDUCE\n 51: q BINPUT 3\n 53: . STOP\n highest protocol among opcodes = 2\n\n\nLicense\n-------\n\nLike ``pyarrow``, ``pyarrow_hotfix`` is distributed under the terms of the\n`Apache License, version 2.0 <https://www.apache.org/licenses/LICENSE-2.0>`_.\n",
"bugtrack_url": null,
"license": "Apache License, Version 2.0",
"summary": "",
"version": "0.6",
"project_urls": {
"Documentation": "https://github.com/pitrou/pyarrow-hotfix#readme",
"Issues": "https://github.com/pitrou/pyarrow-hotfix/issues",
"Source": "https://github.com/pitrou/pyarrow-hotfix"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e4f49ec2222f5f5f8ea04f66f184caafd991a39c8782e31f5b0266f101cb68ca",
"md5": "0bfeb31c9fb98e580c84bf361cc391ed",
"sha256": "dcc9ae2d220dff0083be6a9aa8e0cdee5182ad358d4931fce825c545e5c89178"
},
"downloads": -1,
"filename": "pyarrow_hotfix-0.6-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0bfeb31c9fb98e580c84bf361cc391ed",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.5",
"size": 7888,
"upload_time": "2023-11-21T17:46:01",
"upload_time_iso_8601": "2023-11-21T17:46:01.123394Z",
"url": "https://files.pythonhosted.org/packages/e4/f4/9ec2222f5f5f8ea04f66f184caafd991a39c8782e31f5b0266f101cb68ca/pyarrow_hotfix-0.6-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "700a71da7b0db0c7078d4cf34ecf0c70ded5ed29decc06612097474e0114f4cc",
"md5": "601d58acc047a0020e14d4e8450033de",
"sha256": "79d3e030f7ff890d408a100ac16d6f00b14d44a502d7897cd9fc3e3a534e9945"
},
"downloads": -1,
"filename": "pyarrow_hotfix-0.6.tar.gz",
"has_sig": false,
"md5_digest": "601d58acc047a0020e14d4e8450033de",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.5",
"size": 9754,
"upload_time": "2023-11-21T17:46:03",
"upload_time_iso_8601": "2023-11-21T17:46:03.655322Z",
"url": "https://files.pythonhosted.org/packages/70/0a/71da7b0db0c7078d4cf34ecf0c70ded5ed29decc06612097474e0114f4cc/pyarrow_hotfix-0.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-11-21 17:46:03",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pitrou",
"github_project": "pyarrow-hotfix#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pyarrow-hotfix"
}
