Skip to content

Commit

Permalink
Merge #211
Browse files Browse the repository at this point in the history
211: build(deps): bump joblib from 0.14.0 to 1.2.0 in /riotbuild r=kaspar030 a=dependabot[bot]

Bumps [joblib](https://github.com/joblib/joblib) from 0.14.0 to 1.2.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/joblib/joblib/blob/master/CHANGES.rst">joblib's changelog</a>.</em></p>
<blockquote>
<h2>Release 1.2.0</h2>
<ul>
<li>
<p>Fix a security issue where <code>eval(pre_dispatch)</code> could potentially run
arbitrary code. Now only basic numerics are supported.
<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1327">joblib/joblib#1327</a></p>
</li>
<li>
<p>Make sure that joblib works even when multiprocessing is not available,
for instance with Pyodide
<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1256">joblib/joblib#1256</a></p>
</li>
<li>
<p>Avoid unnecessary warnings when workers and main process delete
the temporary memmap folder contents concurrently.
<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1263">joblib/joblib#1263</a></p>
</li>
<li>
<p>Fix memory alignment bug for pickles containing numpy arrays.
This is especially important when loading the pickle with
<code>mmap_mode != None</code> as the resulting <code>numpy.memmap</code> object
would not be able to correct the misalignment without performing
a memory copy.
This bug would cause invalid computation and segmentation faults
with native code that would directly access the underlying data
buffer of a numpy array, for instance C/C++/Cython code compiled
with older GCC versions or some old OpenBLAS written in platform
specific assembly.
<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1254">joblib/joblib#1254</a></p>
</li>
<li>
<p>Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.</p>
</li>
<li>
<p>Vendor loky 3.3.0 which fixes several bugs including:</p>
<ul>
<li>
<p>robustly forcibly terminating worker processes in case of a crash
(<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1269">joblib/joblib#1269</a>);</p>
</li>
<li>
<p>avoiding leaking worker processes in case of nested loky parallel
calls;</p>
</li>
<li>
<p>reliability spawn the correct number of reusable workers.</p>
</li>
</ul>
</li>
</ul>
<h2>Release 1.1.0</h2>
<ul>
<li>
<p>Fix byte order inconsistency issue during deserialization using joblib.load
in cross-endian environment: the numpy arrays are now always loaded to
use the system byte order, independently of the byte order of the system
that serialized the pickle.
<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1181">joblib/joblib#1181</a></p>
</li>
<li>
<p>Fix joblib.Memory bug with the <code>ignore</code> parameter when the cached function
is a decorated function.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/joblib/joblib/commit/5991350e03493fbf27bb596429a935e0c40fb536"><code>5991350</code></a> Release 1.2.0</li>
<li><a href="https://github.com/joblib/joblib/commit/3fa218887770467695573e37e1c7179fd1b5065d"><code>3fa2188</code></a> MAINT cleanup numpy warnings related to np.matrix in tests (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1340">#1340</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/cea26ff2080dc4e9b51957e57994f48351086193"><code>cea26ff</code></a> CI test the future loky-3.3.0 branch (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1338">#1338</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/8aca6f4fc29c36e011201bbfe2da227b58da55e3"><code>8aca6f4</code></a> MAINT: remove pytest.warns(None) warnings in pytest 7 (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1264">#1264</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/067ed4f7cc88aef0f4160d6ef7155d40767fee08"><code>067ed4f</code></a> XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1339">#1339</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/ac4ebd540840f92f2c12f47ad001b555d2bb1ce2"><code>ac4ebd5</code></a> MAINT add back pytest warnings plugin (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1337">#1337</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/a23427d1700e32d4fc5d49c16d72e3f3c24f65f9"><code>a23427d</code></a> Test child raises parent exits cleanly more reliable on macos (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1335">#1335</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/ac0969194aea9c9282a7532cfcda9746bc3b379b"><code>ac09691</code></a> [MAINT] various test updates (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1334">#1334</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/4a314b152fe0b71b53b6092ed67be528ec81392e"><code>4a314b1</code></a> Vendor loky 3.2.0 (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1333">#1333</a>)</li>
<li><a href="https://github.com/joblib/joblib/commit/bdf47e95c7204499397f0cd9ef6b3198c71976ce"><code>bdf47e9</code></a> Make test_parallel_with_interactively_defined_functions_default_backend timeo...</li>
<li>Additional commits viewable in <a href="https://github.com/joblib/joblib/compare/0.14.0...1.2.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joblib&package-manager=pip&previous-version=0.14.0&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` use these labels` will set the current labels as the default for future PRs for this repo and language
- ``@dependabot` use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- ``@dependabot` use these assignees` will set the current assignees as the default for future PRs for this repo and language
- ``@dependabot` use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RIOT-OS/riotdocker/network/alerts).

</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
bors[bot] and dependabot[bot] authored Oct 12, 2022
2 parents 7bb4d7f + 3c56657 commit 3b65b35
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion riotbuild/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ cryptography==3.3.2
scapy>=2.4.3
protobuf==3.18.3
scikit-learn==0.22.1
joblib==0.14.0
joblib==1.2.0
emlearn==0.10.1
jinja2==2.11.3
riotctrl[rapidjson]>=0.4.0
Expand Down

0 comments on commit 3b65b35

Please sign in to comment.