From a95b58aba0455b4de7e87b0839c4fe6e6dcd5791 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 May 2026 15:53:23 +0000
Subject: [PATCH] chore(deps): bump pyarrow from 20.0.0 to 24.0.0

Bumps [pyarrow](https://github.com/apache/arrow) from 20.0.0 to 24.0.0.
- [Release notes](https://github.com/apache/arrow/releases)
- [Commits](https://github.com/apache/arrow/compare/apache-arrow-20.0.0...apache-arrow-24.0.0)

---
updated-dependencies:
- dependency-name: pyarrow
  dependency-version: 24.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pyproject.toml       | 2 +-
 requirements/base.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 933e51759718..0cdd5dab15cc 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -89,7 +89,7 @@ dependencies = [
     "python-dateutil",
     "python-dotenv", # optional dependencies for Flask but required for Superset, see https://flask.palletsprojects.com/en/stable/installation/#optional-dependencies
     "pygeohash",
-    "pyarrow>=16.1.0, <21", # before upgrading pyarrow, check that all db dependencies support this, see e.g. https://github.com/apache/superset/pull/34693
+    "pyarrow>=16.1.0, <25", # before upgrading pyarrow, check that all db dependencies support this, see e.g. https://github.com/apache/superset/pull/34693
     "pyyaml>=6.0.0, <7.0.0",
     "PyJWT>=2.4.0, <3.0",
     "redis>=5.0.0, <6.0",
diff --git a/requirements/base.in b/requirements/base.in
index cad39dc543c9..812c367e43e6 100644
--- a/requirements/base.in
+++ b/requirements/base.in
@@ -30,7 +30,7 @@ cryptography>=46.0.7,<47.0.0
 # Security: Snyk - XSS vulnerability in Mako templates
 mako>=1.3.11,<2.0.0
 # Security: CVE-2024-52338 (CRITICAL) - Deserialization of untrusted data in IPC/Parquet readers
-pyarrow>=20.0.0,<21.0.0
+pyarrow>=20.0.0,<25.0.0
 # Security: CVE-2026-27459 - pyopenssl certificate validation
 pyopenssl>=26.0.0,<27.0.0
 # Security: CVE-2026-25645 (MEDIUM) - Insecure Temporary File