Require R "arrow" >= 17.0 to address CVE-2024-52338. (#18)

* Require R "arrow" >= 17.0 to address CVE-2024-52338. https://www.cve.org/CVERecord?id=CVE-2024-52338 Also: * Update version of upload Actions used. * Hidden files no longer uploaded by Action. (see https://github.com/actions/upload-artifact?tab=readme-ov-file#uploading-hidden-files)
rpy2 · Nov 30, 2024 · 6fa5917 · 6fa5917
1 parent 3cae4d3
commit 6fa5917
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 10 deletions.
diff --git a/.github/workflows/webpages.yml b/.github/workflows/webpages.yml
@@ -56,9 +56,9 @@ jobs:
           python -m rpy2.situation
           cd doc
           make html
-          git rev-parse --short HEAD > _build/html/.revforbuild
+          git rev-parse --short HEAD > _build/html/_revforbuild
       - name: Archive documentation
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: html-doc
           path: doc/_build/html
@@ -73,7 +73,7 @@ jobs:
           ref: gh-pages
           fetch-depth: 2
       - name: download HTML build
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: html-doc
           path: html-doc
@@ -88,13 +88,13 @@ jobs:
           git rm -r --ignore-unmatch "${DOCPATH}"
           echo "Creating docpath."
           mkdir -p "${DOCPATH}"
-          mv html-doc/.revforbuild .
+          mv html-doc/_revforbuild .
           mv -T html-doc "${DOCPATH}"
           echo "Adding docpath to local repos"
           git add "${DOCPATH}"
           if [ -z $(git status -uno --porcelain) ]; then
             echo "No changes to be committed."  
           else
-            git commit -m "HTML Sphinx build for $(cat .revforbuild)" "${DOCPATH}";
+            git commit -m "HTML Sphinx build for $(cat _revforbuild)" "${DOCPATH}";
             git push;
           fi
diff --git a/rpy2_arrow/__init__.py b/rpy2_arrow/__init__.py
@@ -1 +1 @@
-__version__ = '0.1.1'
+__version__ = '0.1.2'
diff --git a/rpy2_arrow/arrow.py b/rpy2_arrow/arrow.py
@@ -12,21 +12,22 @@
 
 if rinterface.BoolSexpVector(
         rinterface.evalr("""
-        utils::packageVersion("arrow") < base::package_version("12.0")
+        utils::packageVersion("arrow") < base::package_version("17.0.0")
         """)
 )[0]:
-    warnings.warn('Segfaults may occur with the R package arrow < 12.0')
+    warnings.warn('Segfaults may occur with the R package arrow < 17.0.0')
 
 # make sure a version is installed with the C API
 _rarrow_has_c_api = rinterface.BoolSexpVector(
     rinterface.evalr("""
-    utils::packageVersion("arrow") >= base::package_version("5.0.0")
+    utils::packageVersion("arrow") >= base::package_version("17.0.0")
     """)
 )[0]
 
 if not _rarrow_has_c_api:
-    raise ValueError("rpy2_arrow requires R 'arrow' package version >= 5.0.0")
+    raise ValueError("rpy2_arrow requires R 'arrow' package version >= 17.0.0")
 
+# TODO: remove since we require 'arrow' >= 17.0
 # In arrow >= 7.0.0, pointers can be passed as externalptr,
 # bit64::integer64(), or string, all of which prevent possible
 # problems with the previous versions which required a double().