BUG: numexpr 2.8.5 causes ValueError

[vient]

Pandas version checks

• I have checked that this issue has not already been reported.

• I have confirmed this bug exists on the latest version of pandas.

• I have confirmed this bug exists on the main branch of pandas.

Reproducible Example

import pandas as pd

df = pd.DataFrame({"col": [1, 2, 3]})
key = 2
df.query("col == @key")

Issue Description

Yesterday numexpr released version 2.8.5 where they introduced security checks in expression compiler https://github.com/pydata/numexpr/blame/v2.8.5/numexpr/necompiler.py#L264-L274

Pandas uses names which do not pass these checks, in this particular case the __ check. This code produces

ValueError                                Traceback (most recent call last)
Cell In[1], line 4
      2 df = pd.DataFrame({"col": [1, 2, 3]})
      3 key = 2
----> 4 df.query("col == @key")

File ~/.local/lib/python3.11/site-packages/pandas/core/frame.py:4434, in DataFrame.query(self, expr, inplace, **kwargs)
   4432 kwargs["level"] = kwargs.pop("level", 0) + 1
   4433 kwargs["target"] = None
-> 4434 res = self.eval(expr, **kwargs)
   4436 try:
   4437     result = self.loc[res]

File ~/.local/lib/python3.11/site-packages/pandas/core/frame.py:4560, in DataFrame.eval(self, expr, inplace, **kwargs)
   4557     kwargs["target"] = self
   4558 kwargs["resolvers"] = tuple(kwargs.get("resolvers", ())) + resolvers
-> 4560 return _eval(expr, inplace=inplace, **kwargs)

File ~/.local/lib/python3.11/site-packages/pandas/core/computation/eval.py:357, in eval(expr, parser, engine, local_dict, global_dict, resolvers, level, target, inplace)
    355 eng = ENGINES[engine]
    356 eng_inst = eng(parsed_expr)
--> 357 ret = eng_inst.evaluate()
    359 if parsed_expr.assigner is None:
    360     if multi_line:

File ~/.local/lib/python3.11/site-packages/pandas/core/computation/engines.py:81, in AbstractEngine.evaluate(self)
     78     self.result_type, self.aligned_axes = align_terms(self.expr.terms)
     80 # make sure no names in resolvers and locals/globals clash
---> 81 res = self._evaluate()
     82 return reconstruct_object(
     83     self.result_type, res, self.aligned_axes, self.expr.terms.return_type
     84 )

File ~/.local/lib/python3.11/site-packages/pandas/core/computation/engines.py:121, in NumExprEngine._evaluate(self)
    119 scope = env.full_scope
    120 _check_ne_builtin_clash(self.expr)
--> 121 return ne.evaluate(s, local_dict=scope)

File ~/.local/lib/python3.11/site-packages/numexpr/necompiler.py:943, in evaluate(ex, local_dict, global_dict, out, order, casting, _frame_depth, **kwargs)
    941     return re_evaluate(local_dict=local_dict, _frame_depth=_frame_depth)
    942 else:
--> 943     raise e

File ~/.local/lib/python3.11/site-packages/numexpr/necompiler.py:851, in validate(ex, local_dict, global_dict, out, order, casting, _frame_depth, **kwargs)
    849 expr_key = (ex, tuple(sorted(context.items())))
    850 if expr_key not in _names_cache:
--> 851     _names_cache[expr_key] = getExprNames(ex, context)
    852 names, ex_uses_vml = _names_cache[expr_key]
    853 arguments = getArguments(names, local_dict, global_dict, _frame_depth=_frame_depth)

File ~/.local/lib/python3.11/site-packages/numexpr/necompiler.py:714, in getExprNames(text, context)
    713 def getExprNames(text, context):
--> 714     ex = stringToExpression(text, {}, context)
    715     ast = expressionToAST(ex)
    716     input_order = getInputOrder(ast, None)

File ~/.local/lib/python3.11/site-packages/numexpr/necompiler.py:274, in stringToExpression(s, types, context)
    272 no_whitespace = re.sub(r'\s+', '', s)
    273 if _forbidden_re.search(no_whitespace) is not None:
--> 274     raise ValueError(f'Expression {s} has forbidden control characters.')
    276 old_ctx = expressions._context.get_current_context()
    277 try:

ValueError: Expression (col) == (__pd_eval_local_key) has forbidden control characters.

Since pandas depends on numexpr>=2.8.0, 2.8.5 is automatically installed on new installations since yesterday.

Expected Behavior

Code works, no exception

Installed Versions

``` INSTALLED VERSIONS ------------------ commit : c2a7f1a python : 3.11.4.final.0 python-bits : 64 OS : Linux OS-release : 5.15.15-051515-generic Version : #202201160435 SMP Sun Jan 16 10:02:59 UTC 2022 machine : x86_64 processor : x86_64 byteorder : little LC_ALL : None LANG : en_US.UTF-8 LOCALE : en_US.UTF-8

pandas : 2.0.0rc1
numpy : 1.23.4
pytz : 2020.4
dateutil : 2.8.2
setuptools : 66.0.0
pip : 22.0.4
Cython : 3.0.0b1
pytest : 7.1.2
hypothesis : None
sphinx : None
blosc : None
feather : None
xlsxwriter : None
lxml.etree : None
html5lib : None
pymysql : None
psycopg2 : 2.9.5
jinja2 : 3.0.3
IPython : 8.14.0
pandas_datareader: None
bs4 : 4.12.2
bottleneck : None
brotli : None
fastparquet : None
fsspec : 2023.6.0
gcsfs : None
matplotlib : 3.7.1
numba : None
numexpr : 2.8.5
odfpy : None
openpyxl : 3.0.7
pandas_gbq : None
pyarrow : 10.0.1
pyreadstat : None
pyxlsb : None
s3fs : None
scipy : 1.9.3
snappy :
sqlalchemy : 1.4.48
tables : 3.8.0
tabulate : 0.9.0
xarray : None
xlrd : 1.2.0
zstandard : 0.20.0
tzdata : None
qtpy : None
pyqt5 : None

</details>

[mroeschke]

Thanks for the report. This looks like a duplicate of #54449

[vient]

Yeah sorry, did not notice that one