Fix pyarrow vulnerabilities -- b/349778190

Change-Id: I9ad41bb32393a2a63d637a6f524450bd6f7e988f
google-marketing-solutions · Jul 3, 2024 · 6aea54f · 6aea54f
1 parent 267a7ec
commit 6aea54f
Show file tree

Hide file tree

Showing 2 changed files with 131 additions and 26 deletions.
diff --git a/src/cfs/low_volume_skus_feed_generation/requirements.in b/src/cfs/low_volume_skus_feed_generation/requirements.in
@@ -0,0 +1,41 @@
+build==1.2.1
+cachetools==5.3.0
+certifi==2023.7.22
+charset-normalizer==3.0.1
+click==8.1.7
+db-dtypes==1.0.5
+google-api-core==2.11.0
+google-api-python-client==2.80.0
+google-auth==2.16.2
+google-auth-httplib2==0.1.0
+google-cloud-bigquery==3.6.0
+google-cloud-bigquery-datatransfer==3.11.0
+google-cloud-core==2.3.2
+google-crc32c==1.5.0
+google-resumable-media==2.4.1
+googleapis-common-protos==1.58.0
+grpcio==1.51.3
+grpcio-status==1.51.3
+httplib2==0.21.0
+idna==3.4
+importlib_metadata==7.1.0
+numpy==1.24.2
+packaging==23.0
+pandas==1.5.3
+pip-tools==7.4.1
+proto-plus==1.22.2
+protobuf==4.22.0
+pyarrow==14.0.1
+pyasn1==0.4.8
+pyasn1-modules==0.2.8
+pyparsing==3.0.9
+pyproject_hooks==1.1.0
+python-dateutil==2.8.2
+pytz==2022.7.1
+requests==2.28.2
+rsa==4.9
+six==1.16.0
+tomli==2.0.1
+uritemplate==4.1.1
+urllib3==1.26.14
+zipp==3.19.2
diff --git a/src/cfs/low_volume_skus_feed_generation/requirements.txt b/src/cfs/low_volume_skus_feed_generation/requirements.txt
@@ -4,6 +4,12 @@
 #
 #    pip-compile --generate-hashes requirements.in
 #
+build==1.2.1 \
+    --hash=sha256:526263f4870c26f26c433545579475377b2b7588b6f1eac76a001e873ae3e19d \
+    --hash=sha256:75e10f767a433d9a86e50d83f418e83efc18ede923ee5ff7df93b6cb0306c5d4
+    # via
+    #   -r requirements.in
+    #   pip-tools
 cachetools==5.3.0 \
     --hash=sha256:13dfddc7b8df938c21a940dfa6557ce6e94a2f1cdfa58eb90c805721d58f2c14 \
     --hash=sha256:429e1a1e845c008ea6c85aa35d4b98b65d6a9763eeef3e37e92728a12d1de9d4
@@ -108,6 +114,12 @@ charset-normalizer==3.0.1 \
     # via
     #   -r requirements.in
     #   requests
+click==8.1.7 \
+    --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
+    --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
+    # via
+    #   -r requirements.in
+    #   pip-tools
 db-dtypes==1.0.5 \
     --hash=sha256:ab6782bf7a414dd7289ce4ba8ddea5ec44c1339d189c7738d7098efdfd148266 \
     --hash=sha256:ee68f30cbccf343124ef0abebc7f8cc9a74ef8ed7ee4ff61f586117e8040a9d6
@@ -309,6 +321,12 @@ idna==3.4 \
     # via
     #   -r requirements.in
     #   requests
+importlib-metadata==7.1.0 \
+    --hash=sha256:30962b96c0c223483ed6cc7280e7f0199feb01a0e40cfae4d4450fc6fab1f570 \
+    --hash=sha256:b78938b926ee8d5f020fc4772d487045805a55ddbad2ecf21c6d60938dc7fcd2
+    # via
+    #   -r requirements.in
+    #   build
 numpy==1.24.2 \
     --hash=sha256:003a9f530e880cb2cd177cba1af7220b9aa42def9c4afc2a2fc3ee6be7eb2b22 \
     --hash=sha256:150947adbdfeceec4e5926d956a06865c1c690f2fd902efede4ca6fe2e657c3f \
@@ -348,6 +366,7 @@ packaging==23.0 \
     --hash=sha256:b6ad297f8907de0fa2fe1ccbd26fdaf387f5f47c7275fedf8cce89f99446cf97
     # via
     #   -r requirements.in
+    #   build
     #   db-dtypes
     #   google-cloud-bigquery
 pandas==1.5.3 \
@@ -381,6 +400,10 @@ pandas==1.5.3 \
     # via
     #   -r requirements.in
     #   db-dtypes
+pip-tools==7.4.1 \
+    --hash=sha256:4c690e5fbae2f21e87843e89c26191f0d9454f362d8acdbd695716493ec8b3a9 \
+    --hash=sha256:864826f5073864450e24dbeeb85ce3920cdfb09848a3d69ebf537b521f14bcc9
+    # via -r requirements.in
 proto-plus==1.22.2 \
     --hash=sha256:0e8cda3d5a634d9895b75c573c9352c16486cb75deb0e078b5fda34db4243165 \
     --hash=sha256:de34e52d6c9c6fcd704192f09767cb561bb4ee64e70eede20b0834d841f0be4d
@@ -410,32 +433,43 @@ protobuf==4.22.0 \
     #   googleapis-common-protos
     #   grpcio-status
     #   proto-plus
-pyarrow==11.0.0 \
-    --hash=sha256:1cbcfcbb0e74b4d94f0b7dde447b835a01bc1d16510edb8bb7d6224b9bf5bafc \
-    --hash=sha256:25aa11c443b934078bfd60ed63e4e2d42461682b5ac10f67275ea21e60e6042c \
-    --hash=sha256:2d53ba72917fdb71e3584ffc23ee4fcc487218f8ff29dd6df3a34c5c48fe8c06 \
-    --hash=sha256:2d942c690ff24a08b07cb3df818f542a90e4d359381fbff71b8f2aea5bf58841 \
-    --hash=sha256:2f51dc7ca940fdf17893227edb46b6784d37522ce08d21afc56466898cb213b2 \
-    --hash=sha256:362a7c881b32dc6b0eccf83411a97acba2774c10edcec715ccaab5ebf3bb0835 \
-    --hash=sha256:3e99be85973592051e46412accea31828da324531a060bd4585046a74ba45854 \
-    --hash=sha256:40bb42afa1053c35c749befbe72f6429b7b5f45710e85059cdd534553ebcf4f2 \
-    --hash=sha256:410624da0708c37e6a27eba321a72f29d277091c8f8d23f72c92bada4092eb5e \
-    --hash=sha256:41a1451dd895c0b2964b83d91019e46f15b5564c7ecd5dcb812dadd3f05acc97 \
-    --hash=sha256:5461c57dbdb211a632a48facb9b39bbeb8a7905ec95d768078525283caef5f6d \
-    --hash=sha256:69309be84dcc36422574d19c7d3a30a7ea43804f12552356d1ab2a82a713c418 \
-    --hash=sha256:7c28b5f248e08dea3b3e0c828b91945f431f4202f1a9fe84d1012a761324e1ba \
-    --hash=sha256:8f40be0d7381112a398b93c45a7e69f60261e7b0269cc324e9f739ce272f4f70 \
-    --hash=sha256:a37bc81f6c9435da3c9c1e767324ac3064ffbe110c4e460660c43e144be4ed85 \
-    --hash=sha256:aaee8f79d2a120bf3e032d6d64ad20b3af6f56241b0ffc38d201aebfee879d00 \
-    --hash=sha256:ad42bb24fc44c48f74f0d8c72a9af16ba9a01a2ccda5739a517aa860fa7e3d56 \
-    --hash=sha256:ad7c53def8dbbc810282ad308cc46a523ec81e653e60a91c609c2233ae407689 \
-    --hash=sha256:becc2344be80e5dce4e1b80b7c650d2fc2061b9eb339045035a1baa34d5b8f1c \
-    --hash=sha256:caad867121f182d0d3e1a0d36f197df604655d0b466f1bc9bafa903aa95083e4 \
-    --hash=sha256:ccbf29a0dadfcdd97632b4f7cca20a966bb552853ba254e874c66934931b9841 \
-    --hash=sha256:da93340fbf6f4e2a62815064383605b7ffa3e9eeb320ec839995b1660d69f89b \
-    --hash=sha256:e217d001e6389b20a6759392a5ec49d670757af80101ee6b5f2c8ff0172e02ca \
-    --hash=sha256:f010ce497ca1b0f17a8243df3048055c0d18dcadbcc70895d5baf8921f753de5 \
-    --hash=sha256:f12932e5a6feb5c58192209af1d2607d488cb1d404fbc038ac12ada60327fa34
+pyarrow==14.0.1 \
+    --hash=sha256:0140c7e2b740e08c5a459439d87acd26b747fc408bde0a8806096ee0baaa0c15 \
+    --hash=sha256:01e44de9749cddc486169cb632f3c99962318e9dacac7778315a110f4bf8a450 \
+    --hash=sha256:05fe7994745b634c5fb16ce5717e39a1ac1fac3e2b0795232841660aa76647cd \
+    --hash=sha256:06ca79080ef89d6529bb8e5074d4b4f6086143b2520494fcb7cf8a99079cde93 \
+    --hash=sha256:097828b55321897db0e1dbfc606e3ff8101ae5725673498cbfa7754ee0da80e4 \
+    --hash=sha256:0f6f053cb66dc24091f5511e5920e45c83107f954a21032feadc7b9e3a8e7851 \
+    --hash=sha256:11e045dfa09855b6d3e7705a37c42e2dc2c71d608fab34d3c23df2e02df9aec3 \
+    --hash=sha256:1a8ae88c0038d1bc362a682320112ee6774f006134cd5afc291591ee4bc06505 \
+    --hash=sha256:1daab52050a1c48506c029e6fa0944a7b2436334d7e44221c16f6f1b2cc9c510 \
+    --hash=sha256:2a145dab9ed7849fc1101bf03bcdc69913547f10513fdf70fc3ab6c0a50c7eee \
+    --hash=sha256:30d8494870d9916bb53b2a4384948491444741cb9a38253c590e21f836b01222 \
+    --hash=sha256:323cbe60210173ffd7db78bfd50b80bdd792c4c9daca8843ef3cd70b186649db \
+    --hash=sha256:32542164d905002c42dff896efdac79b3bdd7291b1b74aa292fac8450d0e4dcd \
+    --hash=sha256:33c1f6110c386464fd2e5e4ea3624466055bbe681ff185fd6c9daa98f30a3f9a \
+    --hash=sha256:3c76807540989fe8fcd02285dd15e4f2a3da0b09d27781abec3adc265ddbeba1 \
+    --hash=sha256:3f6d5faf4f1b0d5a7f97be987cf9e9f8cd39902611e818fe134588ee99bf0283 \
+    --hash=sha256:450e4605e3c20e558485f9161a79280a61c55efe585d51513c014de9ae8d393f \
+    --hash=sha256:470ae0194fbfdfbf4a6b65b4f9e0f6e1fa0ea5b90c1ee6b65b38aecee53508c8 \
+    --hash=sha256:4756a2b373a28f6166c42711240643fb8bd6322467e9aacabd26b488fa41ec23 \
+    --hash=sha256:58c889851ca33f992ea916b48b8540735055201b177cb0dcf0596a495a667b00 \
+    --hash=sha256:6263cffd0c3721c1e348062997babdf0151301f7353010c9c9a8ed47448f82ab \
+    --hash=sha256:78d4a77a46a7de9388b653af1c4ce539350726cd9af62e0831e4f2bd0c95a2f4 \
+    --hash=sha256:7a8089d7e77d1455d529dbd7cff08898bbb2666ee48bc4085203af1d826a33cc \
+    --hash=sha256:906b0dc25f2be12e95975722f1e60e162437023f490dbd80d0deb7375baf3171 \
+    --hash=sha256:922e8b49b88da8633d6cac0e1b5a690311b6758d6f5d7c2be71acb0f1e14cd61 \
+    --hash=sha256:96d64e5ba7dceb519a955e5eeb5c9adcfd63f73a56aea4722e2cc81364fc567a \
+    --hash=sha256:981670b4ce0110d8dcb3246410a4aabf5714db5d8ea63b15686bce1c914b1f83 \
+    --hash=sha256:a8eeef015ae69d104c4c3117a6011e7e3ecd1abec79dc87fd2fac6e442f666ee \
+    --hash=sha256:b8b3f4fe8d4ec15e1ef9b599b94683c5216adaed78d5cb4c606180546d1e2ee1 \
+    --hash=sha256:be28e1a07f20391bb0b15ea03dcac3aade29fc773c5eb4bee2838e9b2cdde0cb \
+    --hash=sha256:c7331b4ed3401b7ee56f22c980608cf273f0380f77d0f73dd3c185f78f5a6220 \
+    --hash=sha256:cf87e2cec65dd5cf1aa4aba918d523ef56ef95597b545bbaad01e6433851aa10 \
+    --hash=sha256:d0351fecf0e26e152542bc164c22ea2a8e8c682726fce160ce4d459ea802d69c \
+    --hash=sha256:d264ad13605b61959f2ae7c1d25b1a5b8505b112715c961418c8396433f213ad \
+    --hash=sha256:e592e482edd9f1ab32f18cd6a716c45b2c0f2403dc2af782f4e9674952e6dd27 \
+    --hash=sha256:fada8396bc739d958d0b81d291cfd201126ed5e7913cb73de6bc606befc30226
     # via
     #   -r requirements.in
     #   db-dtypes
@@ -458,6 +492,13 @@ pyparsing==3.0.9 \
     # via
     #   -r requirements.in
     #   httplib2
+pyproject-hooks==1.1.0 \
+    --hash=sha256:4b37730834edbd6bd37f26ece6b44802fb1c1ee2ece0e54ddff8bfc06db86965 \
+    --hash=sha256:7ceeefe9aec63a1064c18d939bdc3adf2d8aa1988a510afec15151578b232aa2
+    # via
+    #   -r requirements.in
+    #   build
+    #   pip-tools
 python-dateutil==2.8.2 \
     --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
     --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
@@ -492,6 +533,13 @@ six==1.16.0 \
     #   google-auth
     #   google-auth-httplib2
     #   python-dateutil
+tomli==2.0.1 \
+    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+    # via
+    #   -r requirements.in
+    #   build
+    #   pip-tools
 uritemplate==4.1.1 \
     --hash=sha256:4346edfc5c3b79f694bccd6d6099a322bbeb628dbf2cd86eea55a456ce5124f0 \
     --hash=sha256:830c08b8d99bdd312ea4ead05994a38e8936266f84b9a7878232db50b044e02e
@@ -504,3 +552,19 @@ urllib3==1.26.14 \
     # via
     #   -r requirements.in
     #   requests
+wheel==0.43.0 \
+    --hash=sha256:465ef92c69fa5c5da2d1cf8ac40559a8c940886afcef87dcf14b9470862f1d85 \
+    --hash=sha256:55c570405f142630c6b9f72fe09d9b67cf1477fcf543ae5b8dcb1f5b7377da81
+    # via pip-tools
+zipp==3.19.2 \
+    --hash=sha256:bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19 \
+    --hash=sha256:f091755f667055f2d02b32c53771a7a6c8b47e1fdbc4b72a8b9072b3eef8015c
+    # via
+    #   -r requirements.in
+    #   importlib-metadata
+
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes and the requirement is not
+# satisfied by a package already installed. Consider using the --allow-unsafe flag.
+# pip
+# setuptools