From bd2b3d6bb70ee09b9db4bc8b3d7f155c340bba28 Mon Sep 17 00:00:00 2001
From: Ephraim Anierobi <splendidzigy24@gmail.com>
Date: Wed, 15 Nov 2023 10:29:44 +0100
Subject: [PATCH 1/2] Use `pyarrow-hotfix` to mitigate CVE-2023-47248

This is a temporary measure and we will remove it once
Apache Beam allows us to upgrade to pyarrow 14.0.1
---
 dev/breeze/README.md | 2 +-
 setup.py             | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/dev/breeze/README.md b/dev/breeze/README.md
index 1421958fa9aee..bc3a4baceefa3 100644
--- a/dev/breeze/README.md
+++ b/dev/breeze/README.md
@@ -66,6 +66,6 @@ PLEASE DO NOT MODIFY THE HASH BELOW! IT IS AUTOMATICALLY UPDATED BY PRE-COMMIT.
 
 ---------------------------------------------------------------------------------------------------------
 
-Package config hash: 7b512fa3a81a967c22fc4ccccf052a4c4dbcafd5c014adea775d45f0034d03e1c63d7d1e3df723e93724924ed3cfa92a5848c994c247dfd326c0a6300e282f88
+Package config hash: 4cbf531fc1a3817c95640eb203a1187c8238c6282b1c604f62f68c5a7145750122c51aa7d4966b4dad9b0891e0fc905367d1a42c9048ae266533d0883ec7f5eb
 
 ---------------------------------------------------------------------------------------------------------
diff --git a/setup.py b/setup.py
index ad30baacd10be..c826e3eb828bd 100644
--- a/setup.py
+++ b/setup.py
@@ -353,7 +353,13 @@ def write_version(filename: str = str(AIRFLOW_SOURCES_ROOT / "airflow" / "git_ve
 ]
 leveldb = ["plyvel"]
 otel = ["opentelemetry-exporter-prometheus"]
-pandas = ["pandas>=0.17.1", "pyarrow>=9.0.0"]
+pandas = [
+    "pandas>=0.17.1",
+    # Use pyarrow-hotfix to fix https://nvd.nist.gov/vuln/detail/CVE-2023-47248.
+    # We should remove it once Apache Beam frees us to upgrade to pyarrow 14.0.1
+    "pyarrow-hotfix",
+    "pyarrow>=9.0.0",
+]
 password = [
     "bcrypt>=2.0.0",
     "flask-bcrypt>=0.7.1",

From 58f3e53469c5a279e257447bf8e3ed9fd43b9980 Mon Sep 17 00:00:00 2001
From: Ephraim Anierobi <splendidzigy24@gmail.com>
Date: Wed, 15 Nov 2023 11:01:09 +0100
Subject: [PATCH 2/2] Update dev/breeze/README.md

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
---
 dev/breeze/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev/breeze/README.md b/dev/breeze/README.md
index bc3a4baceefa3..1421958fa9aee 100644
--- a/dev/breeze/README.md
+++ b/dev/breeze/README.md
@@ -66,6 +66,6 @@ PLEASE DO NOT MODIFY THE HASH BELOW! IT IS AUTOMATICALLY UPDATED BY PRE-COMMIT.
 
 ---------------------------------------------------------------------------------------------------------
 
-Package config hash: 4cbf531fc1a3817c95640eb203a1187c8238c6282b1c604f62f68c5a7145750122c51aa7d4966b4dad9b0891e0fc905367d1a42c9048ae266533d0883ec7f5eb
+Package config hash: 7b512fa3a81a967c22fc4ccccf052a4c4dbcafd5c014adea775d45f0034d03e1c63d7d1e3df723e93724924ed3cfa92a5848c994c247dfd326c0a6300e282f88
 
 ---------------------------------------------------------------------------------------------------------