Include the hotfix for pyarrow for versions of pyarrow below 14.0.1

[mattijn]

The hotfix for pyarrow is required until our minimum supported pyarrow version is 14.0.1 as is documented here: https://github.com/pitrou/pyarrow-hotfix#readme

We generally recommend upgrading to PyArrow 14.0.1 or later, but if you cannot upgrade, this package disables the vulnerability on older versions.

Since our minimum supported version of pyarrow is version 11 within our altair["all"] (pypi), altair-all (conda), we should aim to import this hotfix for versions lower than 14.0.1,

altair/pyproject.toml

Lines 57 to 66 in f2ac0a1

	all = [
	"vega_datasets>=0.9.0",
	"vl-convert-python>=1.5.0",
	"pandas>=0.25.3",
	"numpy<2.0.0",
	"pyarrow>=11",
	"vegafusion[embed]>=1.6.6",
	"anywidget>=0.9.0",
	"altair_tiles>=0.3.0"
	]

[mattijn]

Or bump our minimum required version of pyarrow

[binste]

As 14.0.1 only came out in November 2023, just adding pyarrow-hotfix makes sense to me so that we don't unnecessarily exclude other users with dependencies on pyarrow < 14.