fix(deps): update dependency numpy to v1.22.0 [security] - autoclosed #166
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.21.6
->1.22.0
GitHub Vulnerability Alerts
CVE-2021-33430
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.
NOTE: The vendor does not agree this is a vulnerability; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.
CVE-2021-34141
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.
Release Notes
numpy/numpy (numpy)
v1.22.0
Compare Source
NumPy 1.22.0 Release Notes
NumPy 1.22.0 is a big release featuring the work of 153 contributors
spread over 609 pull requests. There have been many improvements,
highlights are:
is a moving target, so there will likely be further improvements,
but the major work is done. This is probably the most user visible
enhancement in this release.
a step in creating a standard collection of functions that can be
used across application such as CuPy and JAX.
format for array (tensor) data.
quantile
,percentile
, and related functions. Thenew methods provide a complete set of the methods commonly found in
the literature.
These are in addition to the ongoing work to provide SIMD support for
commonly used functions, improvements to F2PY, and better documentation.
The Python versions supported in this release are 3.8-3.10, Python 3.7
has been dropped. Note that 32 bit wheels are only provided for Python
3.8 and 3.9 on Windows, all other wheels are 64 bits on account of
Ubuntu, Fedora, and other Linux distributions dropping 32 bit support.
All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix
the occasional problems encountered by folks using truly huge arrays.
Expired deprecations
Deprecated numeric style dtype strings have been removed
Using the strings
"Bytes0"
,"Datetime64"
,"Str0"
,"Uint32"
,and
"Uint64"
as a dtype will now raise aTypeError
.(gh-19539)
Expired deprecations for
loads
,ndfromtxt
, andmafromtxt
in npyionumpy.loads
was deprecated in v1.15, with the recommendation thatusers use
pickle.loads
instead.ndfromtxt
andmafromtxt
were bothdeprecated in v1.17 - users should use
numpy.genfromtxt
instead withthe appropriate value for the
usemask
parameter.(gh-19615)
Deprecations
Use delimiter rather than delimitor as kwarg in mrecords
The misspelled keyword argument
delimitor
ofnumpy.ma.mrecords.fromtextfile()
has been changed todelimiter
,using it will emit a deprecation warning.
(gh-19921)
Passing boolean
kth
values to (arg-)partition has been deprecatednumpy.partition
andnumpy.argpartition
would previously acceptboolean values for the
kth
parameter, which would subsequently beconverted into integers. This behavior has now been deprecated.
(gh-20000)
The
np.MachAr
class has been deprecatedThe
numpy.MachAr
class andfinfo.machar <numpy.finfo>
attribute havebeen deprecated. Users are encouraged to access the property if interest
directly from the corresponding
numpy.finfo
attribute.(gh-20201)
Compatibility notes
Distutils forces strict floating point model on clang
NumPy now sets the
-ftrapping-math
option on clang to enforce correctfloating point error handling for universal functions. Clang defaults to
non-IEEE and C99 conform behaviour otherwise. This change (using the
equivalent but newer
-ffp-exception-behavior=strict
) was attempted inNumPy 1.21, but was effectively never used.
(gh-19479)
Removed floor division support for complex types
Floor division of complex types will now result in a
TypeError
(gh-19135)
numpy.vectorize
functions now produce the same output class as the base functionWhen a function that respects
numpy.ndarray
subclasses is vectorizedusing
numpy.vectorize
, the vectorized function will now besubclass-safe also for cases that a signature is given (i.e., when
creating a
gufunc
): the output class will be the same as that returnedby the first call to the underlying function.
(gh-19356)
Python 3.7 is no longer supported
Python support has been dropped. This is rather strict, there are
changes that require Python >= 3.8.
(gh-19665)
str/repr of complex dtypes now include space after punctuation
The repr of
np.dtype({"names": ["a"], "formats": [int], "offsets": [2]})
is nowdtype({'names': ['a'], 'formats': ['<i8'], 'offsets': [2], 'itemsize': 10})
,whereas spaces where previously omitted after colons and between fields.
The old behavior can be restored via
np.set_printoptions(legacy="1.21")
.(gh-19687)
Corrected
advance
inPCG64DSXM
andPCG64
Fixed a bug in the$2^{64}$ on platforms
advance
method ofPCG64DSXM
andPCG64
. The bugonly affects results when the step was larger than
that do not support 128-bit integers(e.g., Windows and 32-bit Linux).
(gh-20049)
Change in generation of random 32 bit floating point variates
There was bug in the generation of 32 bit floating point values from the
uniform distribution that would result in the least significant bit of
the random variate always being 0. This has been fixed.
This change affects the variates produced by the
random.Generator
methods
random
,standard_normal
,standard_exponential
, andstandard_gamma
, but only when the dtype is specified asnumpy.float32
.(gh-20314)
C API changes
Masked inner-loops cannot be customized anymore
The masked inner-loop selector is now never used. A warning will be
given in the unlikely event that it was customized.
We do not expect that any code uses this. If you do use it, you must
unset the selector on newer NumPy version. Please also contact the NumPy
developers, we do anticipate providing a new, more specific, mechanism.
The customization was part of a never-implemented feature to allow for
faster masked operations.
(gh-19259)
New Features
NEP 49 configurable allocators
As detailed in NEP 49, the
function used for allocation of the data segment of a ndarray can be
changed. The policy can be set globally or in a context. For more
information see the NEP and the
data_memory
{.interpreted-textrole="ref"} reference docs. Also add a
NUMPY_WARN_IF_NO_MEM_POLICY
override to warn on dangerous use of transfering ownership by setting
NPY_ARRAY_OWNDATA
.(gh-17582)
Implementation of the NEP 47 (adopting the array API standard)
An initial implementation of NEP47, adoption
of the array API standard, has been added as
numpy.array_api
. Theimplementation is experimental and will issue a UserWarning on import,
as the array API standard is still in
draft state.
numpy.array_api
is a conforming implementation of thearray API standard, which is also minimal, meaning that only those
functions and behaviors that are required by the standard are
implemented (see the NEP for more info). Libraries wishing to make use
of the array API standard are encouraged to use
numpy.array_api
tocheck that they are only using functionality that is guaranteed to be
present in standard conforming implementations.
(gh-18585)
Generate C/C++ API reference documentation from comments blocks is now possible
This feature depends on Doxygen in
the generation process and on
Breathe to integrate it
with Sphinx.
(gh-18884)
Assign the platform-specific
c_intp
precision via a mypy pluginThe mypy plugin, introduced in
numpy/numpy#17843, has
again been expanded: the plugin now is now responsible for setting the
platform-specific precision of
numpy.ctypeslib.c_intp
, the latterbeing used as data type for various
numpy.ndarray.ctypes
attributes.Without the plugin, aforementioned type will default to
ctypes.c_int64
.To enable the plugin, one must add it to their mypy configuration
file:
(gh-19062)
Add NEP 47-compatible dlpack support
Add a
ndarray.__dlpack__()
method which returns adlpack
C structurewrapped in a
PyCapsule
. Also add anp._from_dlpack(obj)
function,where
obj
supports__dlpack__()
, and returns anndarray
.(gh-19083)
keepdims
optional argument added tonumpy.argmin
,numpy.argmax
keepdims
argument is added tonumpy.argmin
,numpy.argmax
. If setto
True
, the axes which are reduced are left in the result asdimensions with size one. The resulting array has the same number of
dimensions and will broadcast with the input array.
(gh-19211)
bit_count
to compute the number of 1-bits in an integerComputes the number of 1-bits in the absolute value of the input. This
works on all the numpy integer types. Analogous to the builtin
int.bit_count
orpopcount
in C++.(gh-19355)
The
ndim
andaxis
attributes have been added tonumpy.AxisError
The
ndim
andaxis
parameters are now also stored as attributeswithin each
numpy.AxisError
instance.(gh-19459)
Preliminary support for
windows/arm64
targetnumpy
added support for windows/arm64 target. Please noteOpenBLAS
support is not yet available for windows/arm64 target.
(gh-19513)
Added support for LoongArch
LoongArch is a new instruction set, numpy compilation failure on
LoongArch architecture, so add the commit.
(gh-19527)
A
.clang-format
file has been addedClang-format is a C/C++ code formatter, together with the added
.clang-format
file, it produces code close enough to the NumPyC_STYLE_GUIDE for general use. Clang-format version 12+ is required
due to the use of several new features, it is available in Fedora 34 and
Ubuntu Focal among other distributions.
(gh-19754)
is_integer
is now available tonumpy.floating
andnumpy.integer
Based on its counterpart in Python
float
andint
, the numpy floatingpoint and integer types now support
float.is_integer
. ReturnsTrue
if the number is finite with integral value, and
False
otherwise.(gh-19803)
Symbolic parser for Fortran dimension specifications
A new symbolic parser has been added to f2py in order to correctly parse
dimension specifications. The parser is the basis for future
improvements and provides compatibility with Draft Fortran 202x.
(gh-19805)
ndarray
,dtype
andnumber
are now runtime-subscriptableMimicking PEP-585, the
numpy.ndarray
,numpy.dtype
andnumpy.number
classes are now subscriptable forpython 3.9 and later. Consequently, expressions that were previously
only allowed in .pyi stub files or with the help of
from __future__ import annotations
are now also legal during runtime.(gh-19879)
Improvements
ctypeslib.load_library
can now take any path-like objectAll parameters in the can now take any
python:path-like object
{.interpreted-text role="term"}. This includesthe likes of strings, bytes and objects implementing the
__fspath__<os.PathLike.__fspath__>
{.interpreted-text role="meth"}protocol.
(gh-17530)
Add
smallest_normal
andsmallest_subnormal
attributes tofinfo
The attributes
smallest_normal
andsmallest_subnormal
are availableas an extension of
finfo
class for any floating-point data type. Touse these new attributes, write
np.finfo(np.float64).smallest_normal
or
np.finfo(np.float64).smallest_subnormal
.(gh-18536)
numpy.linalg.qr
accepts stacked matrices as inputsnumpy.linalg.qr
is able to produce results for stacked matrices asinputs. Moreover, the implementation of QR decomposition has been
shifted to C from Python.
(gh-19151)
numpy.fromregex
now acceptsos.PathLike
implementationsnumpy.fromregex
now accepts objects implementing the__fspath__<os.PathLike>
protocol, e.g.pathlib.Path
.(gh-19680)
Add new methods for
quantile
andpercentile
quantile
andpercentile
now have have amethod=
keyword argumentsupporting 13 different methods. This replaces the
interpolation=
keyword argument.
The methods are now aligned with nine methods which can be found in
scientific literature and the R language. The remaining methods are the
previous discontinuous variations of the default "linear" one.
Please see the documentation of
numpy.percentile
for more information.(gh-19857)
Missing parameters have been added to the
nan<x>
functionsA number of the
nan<x>
functions previously lacked parameters thatwere present in their
<x>
-based counterpart, e.g. thewhere
parameter was present in
numpy.mean
but absent fromnumpy.nanmean
.The following parameters have now been added to the
nan<x>
functions:initial
&where
initial
&where
keepdims
&out
keepdims
&out
initial
&where
initial
&where
where
where
where
(gh-20027)
Annotating the main Numpy namespace
Starting from the 1.20 release, PEP 484 type annotations have been
included for parts of the NumPy library; annotating the remaining
functions being a work in progress. With the release of 1.22 this
process has been completed for the main NumPy namespace, which is now
fully annotated.
Besides the main namespace, a limited number of sub-packages contain
annotations as well. This includes, among others,
numpy.testing
,numpy.linalg
andnumpy.random
(available since 1.21).(gh-20217)
Vectorize umath module using AVX-512
By leveraging Intel Short Vector Math Library (SVML), 18 umath functions
(
exp2
,log2
,log10
,expm1
,log1p
,cbrt
,sin
,cos
,tan
,arcsin
,arccos
,arctan
,sinh
,cosh
,tanh
,arcsinh
,arccosh
,arctanh
) are vectorized using AVX-512 instruction set forboth single and double precision implementations. This change is
currently enabled only for Linux users and on processors with AVX-512
instruction set. It provides an average speed up of 32x and 14x for
single and double precision functions respectively.
(gh-19478)
OpenBLAS v0.3.18
Update the OpenBLAS used in testing and in wheels to v0.3.18
(gh-20058)
Checksums
MD5
SHA256
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.