Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore safety ID 44715 + add numpy dependency #361

Merged
merged 2 commits into from
Feb 3, 2022
Merged

Ignore safety ID 44715 + add numpy dependency #361

merged 2 commits into from
Feb 3, 2022

Conversation

CasperWA
Copy link
Contributor

@CasperWA CasperWA commented Feb 2, 2022

Description:

Fixes #359
Fixes #360

Add NumPy as an explicit dependency to be able to have version control.
Set the minimum version of NumPy to the latest supported version for Python 3.6+ (v1.19).

Ignore safety ID 44715 in CI.

Type of change:

  • Bug fix.
  • New feature.
  • Documentation update.

Checklist:

This checklist can be used as a help for the reviewer.

  • Is the code easy to read and understand?
  • Are comments for humans to read, not computers to disregard?
  • Does a new feature has an accompanying new test (in the CI or unit testing schemes)?
  • Has the documentation been updated as necessary?
  • Does this close the issue?
  • Is the change limited to the issue?
  • Are errors handled for all outcomes?
  • Does the new feature provide new restrictions on dependencies, and if so is this documented?

Comments:

@CasperWA
Copy link
Contributor Author

CasperWA commented Feb 2, 2022

To be able to accommodate these safety issues, one will need to require minimum Python 3.8 - which is a bit drastic in my opinion. I suggest to ignore these particular safety issues as well, since it is suggested by the NumPy developers in the issue referenced in #360 that these CVEs are not as crucial as safety makes it out to be.

@CasperWA CasperWA requested a review from francescalb February 2, 2022 14:01
jesper-friis
jesper-friis approved these changes Feb 2, 2022
View reviewed changes
Copy link
Collaborator

@jesper-friis jesper-friis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with your judgement

@CasperWA CasperWA merged commit 7ad524f into master Feb 3, 2022
@CasperWA CasperWA deleted the cwa/fix-359-360-numpy branch February 3, 2022 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jesper-friis jesper-friis jesper-friis approved these changes

@francescalb francescalb Awaiting requested review from francescalb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ignore NumPy safety warning Add NumPy as an explicit dependency
3 participants
@CasperWA @jesper-friis @francescalb