dependencies?

[feefladder]

Currently, dependabot has a lot of dependencies that are majorly outdated. Is there any plans to update them or a better library to use?

[kylebarron]

I'd accept a PR to update dependencies. The problem is that arrow1 release a new major version every month or so and it's a total pain to keep up with their breaking changes. Arrow2 has fewer breaking changes but enough that I haven't looked into what needs to be changed here.

[feefladder]

Thanks a lot for the super quick reply!

Ah, ok that's fair! But this does mean that there is no security issues with the current version?
Actually, it would be very nice to have Parquet Modular Encryption somehow working on the client side (so that we can actually end-to-end encrypt columns of a parquet file). But I think this depends on this issue, after which this could be updated? (which would involve additional API, and then this should be a separate issue/PR.

[kylebarron]

But this does mean that there is no security issues with the current version?

No way to be sure but I don't know of any specific security vulnerabilities.

Actually, it would be very nice to have Parquet Modular Encryption somehow working on the client side

I've never worked with encrypted parquet files. Similarly it's not implemented in arrow2/parquet2 jorgecarleitao/parquet2#154