Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
211: build(deps): bump joblib from 0.14.0 to 1.2.0 in /riotbuild r=kaspar030 a=dependabot[bot] Bumps [joblib](https://github.com/joblib/joblib) from 0.14.0 to 1.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/joblib/joblib/blob/master/CHANGES.rst">joblib's changelog</a>.</em></p> <blockquote> <h2>Release 1.2.0</h2> <ul> <li> <p>Fix a security issue where <code>eval(pre_dispatch)</code> could potentially run arbitrary code. Now only basic numerics are supported. <a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1327">joblib/joblib#1327</a></p> </li> <li> <p>Make sure that joblib works even when multiprocessing is not available, for instance with Pyodide <a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1256">joblib/joblib#1256</a></p> </li> <li> <p>Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrently. <a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1263">joblib/joblib#1263</a></p> </li> <li> <p>Fix memory alignment bug for pickles containing numpy arrays. This is especially important when loading the pickle with <code>mmap_mode != None</code> as the resulting <code>numpy.memmap</code> object would not be able to correct the misalignment without performing a memory copy. This bug would cause invalid computation and segmentation faults with native code that would directly access the underlying data buffer of a numpy array, for instance C/C++/Cython code compiled with older GCC versions or some old OpenBLAS written in platform specific assembly. <a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1254">joblib/joblib#1254</a></p> </li> <li> <p>Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.</p> </li> <li> <p>Vendor loky 3.3.0 which fixes several bugs including:</p> <ul> <li> <p>robustly forcibly terminating worker processes in case of a crash (<a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1269">joblib/joblib#1269</a>);</p> </li> <li> <p>avoiding leaking worker processes in case of nested loky parallel calls;</p> </li> <li> <p>reliability spawn the correct number of reusable workers.</p> </li> </ul> </li> </ul> <h2>Release 1.1.0</h2> <ul> <li> <p>Fix byte order inconsistency issue during deserialization using joblib.load in cross-endian environment: the numpy arrays are now always loaded to use the system byte order, independently of the byte order of the system that serialized the pickle. <a href="https://github-redirect.dependabot.com/joblib/joblib/pull/1181">joblib/joblib#1181</a></p> </li> <li> <p>Fix joblib.Memory bug with the <code>ignore</code> parameter when the cached function is a decorated function.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/joblib/joblib/commit/5991350e03493fbf27bb596429a935e0c40fb536"><code>5991350</code></a> Release 1.2.0</li> <li><a href="https://github.com/joblib/joblib/commit/3fa218887770467695573e37e1c7179fd1b5065d"><code>3fa2188</code></a> MAINT cleanup numpy warnings related to np.matrix in tests (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1340">#1340</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/cea26ff2080dc4e9b51957e57994f48351086193"><code>cea26ff</code></a> CI test the future loky-3.3.0 branch (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1338">#1338</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/8aca6f4fc29c36e011201bbfe2da227b58da55e3"><code>8aca6f4</code></a> MAINT: remove pytest.warns(None) warnings in pytest 7 (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1264">#1264</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/067ed4f7cc88aef0f4160d6ef7155d40767fee08"><code>067ed4f</code></a> XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1339">#1339</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/ac4ebd540840f92f2c12f47ad001b555d2bb1ce2"><code>ac4ebd5</code></a> MAINT add back pytest warnings plugin (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1337">#1337</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/a23427d1700e32d4fc5d49c16d72e3f3c24f65f9"><code>a23427d</code></a> Test child raises parent exits cleanly more reliable on macos (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1335">#1335</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/ac0969194aea9c9282a7532cfcda9746bc3b379b"><code>ac09691</code></a> [MAINT] various test updates (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1334">#1334</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/4a314b152fe0b71b53b6092ed67be528ec81392e"><code>4a314b1</code></a> Vendor loky 3.2.0 (<a href="https://github-redirect.dependabot.com/joblib/joblib/issues/1333">#1333</a>)</li> <li><a href="https://github.com/joblib/joblib/commit/bdf47e95c7204499397f0cd9ef6b3198c71976ce"><code>bdf47e9</code></a> Make test_parallel_with_interactively_defined_functions_default_backend timeo...</li> <li>Additional commits viewable in <a href="https://github.com/joblib/joblib/compare/0.14.0...1.2.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=joblib&package-manager=pip&previous-version=0.14.0&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` use these labels` will set the current labels as the default for future PRs for this repo and language - ``@dependabot` use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - ``@dependabot` use these assignees` will set the current assignees as the default for future PRs for this repo and language - ``@dependabot` use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RIOT-OS/riotdocker/network/alerts). </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information