chore: patch pyarrow cve

docker/1.7-1/base/Dockerfile.cpu

@@ -9,7 +9,7 @@ ARG CONDA_CHECKSUM=2006a61abc8b4fd04de5eb92620e1f72bada713cc84b5b4899463095e1210
 ARG CONDA_PY_VERSION=39
 ARG CONDA_PKG_VERSION=24.7.1
 ARG PYTHON_VERSION=3.9
-ARG PYARROW_VERSION=14.0.1
+ARG PYARROW_VERSION=17.0.0
 ARG MLIO_VERSION=0.9.0
 ARG XGBOOST_VERSION=1.7.4
 
@@ -80,6 +80,7 @@ RUN apt-key del 7fa2af80 && \
         && \
     python3 -m pip install --upgrade pip && \
     python3 -m pip install --upgrade certifi && \
+    python3 -m pip install --upgrade pyarrow && \
     apt-get clean && \
     # Node.js setup
     mkdir -p /etc/apt/keyrings && \
@@ -130,6 +131,7 @@ RUN echo "conda ${CONDA_PKG_VERSION}" >> /miniconda3/conda-meta/pinned && \
     cd /tmp && \
     git clone --branch v${MLIO_VERSION} https://github.com/awslabs/ml-io.git mlio && \
     cd mlio && \
+    sed -i 's/find_package(Arrow 14.0.1 REQUIRED)/find_package(Arrow 17.0.0 REQUIRED)/' CMakeLists.txt && \
     build-tools/build-dependency build/third-party all && \
     mkdir -p build/release && \
     cd build/release && \
@@ -150,4 +152,5 @@ RUN echo "conda ${CONDA_PKG_VERSION}" >> /miniconda3/conda-meta/pinned && \
     rm -rf /tmp/mlio
 
 # Install latest version of XGBoost
-RUN python3 -m pip install --no-cache -I xgboost==${XGBOOST_VERSION}
+RUN python3 -m pip install --no-cache -I xgboost==${XGBOOST_VERSION} && \
+    python3 -m pip install --no-cache 'werkzeug>=2.1.1'