BUG: df.query error when using local variable substitution syntax with numexpr 2.8.5 (forbidden control characters)

[JosephWagner]

Pandas version checks

• I have checked that this issue has not already been reported.

• I have confirmed this bug exists on the latest version of pandas.

• I have confirmed this bug exists on the main branch of pandas.

Reproducible Example

conda create -n numexpr_repro python
conda activate numexpr_repro
pip install pandas numexpr
python -c "import pandas as pd; df = pd.DataFrame({'foo': [1]}); foo = 1; df.query('foo == @foo')"

Issue Description

I noticed that df.query raises an error when using local variable substitution syntax, if numexpr==2.8.5. The 2.8.5 version was released 18 hours ago so I think this is a pretty recent development.

The error from the repro is here:

Traceback (most recent call last): File "", line 1, in File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/pandas/core/frame.py", line 4440, in query res = self.eval(expr, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/pandas/core/frame.py", line 4566, in eval return _eval(expr, inplace=inplace, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/pandas/core/computation/eval.py", line 357, in eval ret = eng_inst.evaluate() ^^^^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/pandas/core/computation/engines.py", line 81, in evaluate res = self._evaluate() ^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/pandas/core/computation/engines.py", line 121, in _evaluate return ne.evaluate(s, local_dict=scope) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/numexpr/necompiler.py", line 943, in evaluate raise e File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/numexpr/necompiler.py", line 851, in validate _names_cache[expr_key] = getExprNames(ex, context) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/numexpr/necompiler.py", line 714, in getExprNames ex = stringToExpression(text, {}, context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ihme/code/test/joewag/miniconda/envs/numexpr_repro/lib/python3.11/site-packages/numexpr/necompiler.py", line 274, in stringToExpression raise ValueError(f'Expression {s} has forbidden control characters.') ValueError: Expression (foo) == (__pd_eval_local_foo) has forbidden control characters.

The error does not raise if you downgrade to numexpr 2.8.4. The error also does not raise if you don't install numexpr at all. I originally noticed this with a build using pandas 1.* and pytables -- pytables brings in numexpr so builds started failing starting yesterday (8/6/2023)

Expected Behavior

No error

Installed Versions

INSTALLED VERSIONS

commit : 0f43794
python : 3.11.4.final.0
python-bits : 64
OS : Linux
OS-release : 5.4.0-135-generic
Version : #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022
machine : x86_64
processor : x86_64
byteorder : little
LC_ALL : None
LANG : en_US.UTF-8
LOCALE : en_US.UTF-8

pandas : 2.0.3
numpy : 1.25.2
pytz : 2023.3
dateutil : 2.8.2
setuptools : 68.0.0
pip : 23.2.1
Cython : None
pytest : None
hypothesis : None
sphinx : None
blosc : None
feather : None
xlsxwriter : None
lxml.etree : None
html5lib : None
pymysql : None
psycopg2 : None
jinja2 : None
IPython : None
pandas_datareader: None
bs4 : None
bottleneck : None
brotli : None
fastparquet : None
fsspec : None
gcsfs : None
matplotlib : None
numba : None
numexpr : 2.8.5
odfpy : None
openpyxl : None
pandas_gbq : None
pyarrow : None
pyreadstat : None
pyxlsb : None
s3fs : None
scipy : None
snappy : None
sqlalchemy : None
tables : None
tabulate : None
xarray : None
xlrd : None
zstandard : None
tzdata : 2023.3
qtpy : None
pyqt5 : None