Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency numpy to v1.22.0 [security] - autoclosed #166

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 16, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
numpy (changelog) 1.21.6 -> 1.22.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-33430

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.

NOTE: The vendor does not agree this is a vulnerability; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.

CVE-2021-34141

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.


Release Notes

numpy/numpy (numpy)

v1.22.0

Compare Source

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors
spread over 609 pull requests. There have been many improvements,
highlights are:

  • Annotations of the main namespace are essentially complete. Upstream
    is a moving target, so there will likely be further improvements,
    but the major work is done. This is probably the most user visible
    enhancement in this release.
  • A preliminary version of the proposed Array-API is provided. This is
    a step in creating a standard collection of functions that can be
    used across application such as CuPy and JAX.
  • NumPy now has a DLPack backend. DLPack provides a common interchange
    format for array (tensor) data.
  • New methods for quantile, percentile, and related functions. The
    new methods provide a complete set of the methods commonly found in
    the literature.
  • A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for
commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7
has been dropped. Note that 32 bit wheels are only provided for Python
3.8 and 3.9 on Windows, all other wheels are 64 bits on account of
Ubuntu, Fedora, and other Linux distributions dropping 32 bit support.
All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix
the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32",
and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that
users use pickle.loads instead. ndfromtxt and mafromtxt were both
deprecated in v1.17 - users should use numpy.genfromtxt instead with
the appropriate value for the usemask parameter.

(gh-19615)

Deprecations

Use delimiter rather than delimitor as kwarg in mrecords

The misspelled keyword argument delimitor of
numpy.ma.mrecords.fromtextfile() has been changed to delimiter,
using it will emit a deprecation warning.

(gh-19921)

Passing boolean kth values to (arg-)partition has been deprecated

numpy.partition and numpy.argpartition would previously accept
boolean values for the kth parameter, which would subsequently be
converted into integers. This behavior has now been deprecated.

(gh-20000)

The np.MachAr class has been deprecated

The numpy.MachAr class and finfo.machar <numpy.finfo> attribute have
been deprecated. Users are encouraged to access the property if interest
directly from the corresponding numpy.finfo attribute.

(gh-20201)

Compatibility notes

Distutils forces strict floating point model on clang

NumPy now sets the -ftrapping-math option on clang to enforce correct
floating point error handling for universal functions. Clang defaults to
non-IEEE and C99 conform behaviour otherwise. This change (using the
equivalent but newer -ffp-exception-behavior=strict) was attempted in
NumPy 1.21, but was effectively never used.

(gh-19479)

Removed floor division support for complex types

Floor division of complex types will now result in a TypeError

>>> a = np.arange(10) + 1j* np.arange(10)
>>> a // 1
TypeError: ufunc 'floor_divide' not supported for the input types...

(gh-19135)

numpy.vectorize functions now produce the same output class as the base function

When a function that respects numpy.ndarray subclasses is vectorized
using numpy.vectorize, the vectorized function will now be
subclass-safe also for cases that a signature is given (i.e., when
creating a gufunc): the output class will be the same as that returned
by the first call to the underlying function.

(gh-19356)

Python 3.7 is no longer supported

Python support has been dropped. This is rather strict, there are
changes that require Python >= 3.8.

(gh-19665)

str/repr of complex dtypes now include space after punctuation

The repr of
np.dtype({"names": ["a"], "formats": [int], "offsets": [2]}) is now
dtype({'names': ['a'], 'formats': ['<i8'], 'offsets': [2], 'itemsize': 10}),
whereas spaces where previously omitted after colons and between fields.

The old behavior can be restored via
np.set_printoptions(legacy="1.21").

(gh-19687)

Corrected advance in PCG64DSXM and PCG64

Fixed a bug in the advance method of PCG64DSXM and PCG64. The bug
only affects results when the step was larger than $2^{64}$ on platforms
that do not support 128-bit integers(e.g., Windows and 32-bit Linux).

(gh-20049)

Change in generation of random 32 bit floating point variates

There was bug in the generation of 32 bit floating point values from the
uniform distribution that would result in the least significant bit of
the random variate always being 0. This has been fixed.

This change affects the variates produced by the random.Generator
methods random, standard_normal, standard_exponential, and
standard_gamma, but only when the dtype is specified as
numpy.float32.

(gh-20314)

C API changes

Masked inner-loops cannot be customized anymore

The masked inner-loop selector is now never used. A warning will be
given in the unlikely event that it was customized.

We do not expect that any code uses this. If you do use it, you must
unset the selector on newer NumPy version. Please also contact the NumPy
developers, we do anticipate providing a new, more specific, mechanism.

The customization was part of a never-implemented feature to allow for
faster masked operations.

(gh-19259)

New Features

NEP 49 configurable allocators

As detailed in NEP 49, the
function used for allocation of the data segment of a ndarray can be
changed. The policy can be set globally or in a context. For more
information see the NEP and the data_memory{.interpreted-text
role="ref"} reference docs. Also add a NUMPY_WARN_IF_NO_MEM_POLICY
override to warn on dangerous use of transfering ownership by setting
NPY_ARRAY_OWNDATA.

(gh-17582)

Implementation of the NEP 47 (adopting the array API standard)

An initial implementation of NEP47, adoption
of the array API standard, has been added as numpy.array_api. The
implementation is experimental and will issue a UserWarning on import,
as the array API standard is still in
draft state. numpy.array_api is a conforming implementation of the
array API standard, which is also minimal, meaning that only those
functions and behaviors that are required by the standard are
implemented (see the NEP for more info). Libraries wishing to make use
of the array API standard are encouraged to use numpy.array_api to
check that they are only using functionality that is guaranteed to be
present in standard conforming implementations.

(gh-18585)

Generate C/C++ API reference documentation from comments blocks is now possible

This feature depends on Doxygen in
the generation process and on
Breathe to integrate it
with Sphinx.

(gh-18884)

Assign the platform-specific c_intp precision via a mypy plugin

The mypy plugin, introduced in
numpy/numpy#17843, has
again been expanded: the plugin now is now responsible for setting the
platform-specific precision of numpy.ctypeslib.c_intp, the latter
being used as data type for various numpy.ndarray.ctypes attributes.

Without the plugin, aforementioned type will default to
ctypes.c_int64.

To enable the plugin, one must add it to their mypy configuration
file
:

[mypy]
plugins = numpy.typing.mypy_plugin

(gh-19062)

Add NEP 47-compatible dlpack support

Add a ndarray.__dlpack__() method which returns a dlpack C structure
wrapped in a PyCapsule. Also add a np._from_dlpack(obj) function,
where obj supports __dlpack__(), and returns an ndarray.

(gh-19083)

keepdims optional argument added to numpy.argmin, numpy.argmax

keepdims argument is added to numpy.argmin, numpy.argmax. If set
to True, the axes which are reduced are left in the result as
dimensions with size one. The resulting array has the same number of
dimensions and will broadcast with the input array.

(gh-19211)

bit_count to compute the number of 1-bits in an integer

Computes the number of 1-bits in the absolute value of the input. This
works on all the numpy integer types. Analogous to the builtin
int.bit_count or popcount in C++.

>>> np.uint32(1023).bit_count()
10
>>> np.int32(-127).bit_count()
7

(gh-19355)

The ndim and axis attributes have been added to numpy.AxisError

The ndim and axis parameters are now also stored as attributes
within each numpy.AxisError instance.

(gh-19459)

Preliminary support for windows/arm64 target

numpy added support for windows/arm64 target. Please note OpenBLAS
support is not yet available for windows/arm64 target.

(gh-19513)

Added support for LoongArch

LoongArch is a new instruction set, numpy compilation failure on
LoongArch architecture, so add the commit.

(gh-19527)

A .clang-format file has been added

Clang-format is a C/C++ code formatter, together with the added
.clang-format file, it produces code close enough to the NumPy
C_STYLE_GUIDE for general use. Clang-format version 12+ is required
due to the use of several new features, it is available in Fedora 34 and
Ubuntu Focal among other distributions.

(gh-19754)

is_integer is now available to numpy.floating and numpy.integer

Based on its counterpart in Python float and int, the numpy floating
point and integer types now support float.is_integer. Returns True
if the number is finite with integral value, and False otherwise.

>>> np.float32(-2.0).is_integer()
True
>>> np.float64(3.2).is_integer()
False
>>> np.int32(-2).is_integer()
True

(gh-19803)

Symbolic parser for Fortran dimension specifications

A new symbolic parser has been added to f2py in order to correctly parse
dimension specifications. The parser is the basis for future
improvements and provides compatibility with Draft Fortran 202x.

(gh-19805)

ndarray, dtype and number are now runtime-subscriptable

Mimicking PEP-585, the numpy.ndarray,
numpy.dtype and numpy.number classes are now subscriptable for
python 3.9 and later. Consequently, expressions that were previously
only allowed in .pyi stub files or with the help of
from __future__ import annotations are now also legal during runtime.

>>> import numpy as np
>>> from typing import Any

>>> np.ndarray[Any, np.dtype[np.float64]]
numpy.ndarray[typing.Any, numpy.dtype[numpy.float64]]

(gh-19879)

Improvements

ctypeslib.load_library can now take any path-like object

All parameters in the can now take any
python:path-like object{.interpreted-text role="term"}. This includes
the likes of strings, bytes and objects implementing the
__fspath__<os.PathLike.__fspath__>{.interpreted-text role="meth"}
protocol.

(gh-17530)

Add smallest_normal and smallest_subnormal attributes to finfo

The attributes smallest_normal and smallest_subnormal are available
as an extension of finfo class for any floating-point data type. To
use these new attributes, write np.finfo(np.float64).smallest_normal
or np.finfo(np.float64).smallest_subnormal.

(gh-18536)

numpy.linalg.qr accepts stacked matrices as inputs

numpy.linalg.qr is able to produce results for stacked matrices as
inputs. Moreover, the implementation of QR decomposition has been
shifted to C from Python.

(gh-19151)

numpy.fromregex now accepts os.PathLike implementations

numpy.fromregex now accepts objects implementing the
__fspath__<os.PathLike> protocol, e.g. pathlib.Path.

(gh-19680)

Add new methods for quantile and percentile

quantile and percentile now have have a method= keyword argument
supporting 13 different methods. This replaces the interpolation=
keyword argument.

The methods are now aligned with nine methods which can be found in
scientific literature and the R language. The remaining methods are the
previous discontinuous variations of the default "linear" one.

Please see the documentation of numpy.percentile for more information.

(gh-19857)

Missing parameters have been added to the nan<x> functions

A number of the nan<x> functions previously lacked parameters that
were present in their <x>-based counterpart, e.g. the where
parameter was present in numpy.mean but absent from numpy.nanmean.

The following parameters have now been added to the nan<x> functions:

  • nanmin: initial & where
  • nanmax: initial & where
  • nanargmin: keepdims & out
  • nanargmax: keepdims & out
  • nansum: initial & where
  • nanprod: initial & where
  • nanmean: where
  • nanvar: where
  • nanstd: where

(gh-20027)

Annotating the main Numpy namespace

Starting from the 1.20 release, PEP 484 type annotations have been
included for parts of the NumPy library; annotating the remaining
functions being a work in progress. With the release of 1.22 this
process has been completed for the main NumPy namespace, which is now
fully annotated.

Besides the main namespace, a limited number of sub-packages contain
annotations as well. This includes, among others, numpy.testing,
numpy.linalg and numpy.random (available since 1.21).

(gh-20217)

Vectorize umath module using AVX-512

By leveraging Intel Short Vector Math Library (SVML), 18 umath functions
(exp2, log2, log10, expm1, log1p, cbrt, sin, cos, tan,
arcsin, arccos, arctan, sinh, cosh, tanh, arcsinh,
arccosh, arctanh) are vectorized using AVX-512 instruction set for
both single and double precision implementations. This change is
currently enabled only for Linux users and on processors with AVX-512
instruction set. It provides an average speed up of 32x and 14x for
single and double precision functions respectively.

(gh-19478)

OpenBLAS v0.3.18

Update the OpenBLAS used in testing and in wheels to v0.3.18

(gh-20058)

Checksums

MD5
66757b963ad5835038b9a2a9df852c84  numpy-1.22.0-cp310-cp310-macosx_10_9_universal2.whl
86b7f3a94c09dbd6869614c4d7f9ba5e  numpy-1.22.0-cp310-cp310-macosx_10_9_x86_64.whl
5184db17d8e5e6ecdc53e2f0a6964c35  numpy-1.22.0-cp310-cp310-macosx_11_0_arm64.whl
6643e9a076cce736cfbe15face4db9db  numpy-1.22.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
6efef45bf63594703c094b2ad729e648  numpy-1.22.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
7a1a21bb0958a3eb920deeef9e745935  numpy-1.22.0-cp310-cp310-win_amd64.whl
45241fb5f31ea46e2b6f1321a63c8e1c  numpy-1.22.0-cp38-cp38-macosx_10_9_universal2.whl
472f24a5d35116634fcc57e9bda899bc  numpy-1.22.0-cp38-cp38-macosx_10_9_x86_64.whl
6c15cf7847b20101ae281ade6121b79e  numpy-1.22.0-cp38-cp38-macosx_11_0_arm64.whl
313f0fd99a899a7465511c1418e1031f  numpy-1.22.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
9ae6ecde0cbeadd2a9d7b8ae54285863  numpy-1.22.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
0f31a7b9e128b0cdafecf98cf1301fc0  numpy-1.22.0-cp38-cp38-win32.whl
f4b45579cf532ea632b890b1df387081  numpy-1.22.0-cp38-cp38-win_amd64.whl
2cb27112b11c16f700e6019f5fd36408  numpy-1.22.0-cp39-cp39-macosx_10_9_universal2.whl
4554a5797a4cb787b5169a8f5482fb95  numpy-1.22.0-cp39-cp39-macosx_10_9_x86_64.whl
3780decd94837da6f0816f2feaace9c2  numpy-1.22.0-cp39-cp39-macosx_11_0_arm64.whl
6e519dd5205510dfebcadc6f7fdf9738  numpy-1.22.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
89d455bf290f459a70c57620f02d5b69  numpy-1.22.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
6425f8d7dc779a54b8074e198cea43c9  numpy-1.22.0-cp39-cp39-win32.whl
1b5c670328146975b21b54fa5ef8ec4c  numpy-1.22.0-cp39-cp39-win_amd64.whl
05d842127ca85cca12fed3a26b0f5177  numpy-1.22.0-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
ab751b8d4195f91ae61a402184d16d18  numpy-1.22.0.tar.gz
252de134862a27bd66705d29622edbfe  numpy-1.22.0.zip
SHA256
3d22662b4b10112c545c91a0741f2436f8ca979ab3d69d03d19322aa970f9695  numpy-1.22.0-cp310-cp310-macosx_10_9_universal2.whl
11a1f3816ea82eed4178102c56281782690ab5993251fdfd75039aad4d20385f  numpy-1.22.0-cp310-cp310-macosx_10_9_x86_64.whl
5dc65644f75a4c2970f21394ad8bea1a844104f0fe01f278631be1c7eae27226  numpy-1.22.0-cp310-cp310-macosx_11_0_arm64.whl
42c16cec1c8cf2728f1d539bd55aaa9d6bb48a7de2f41eb944697293ef65a559  numpy-1.22.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
a97e82c39d9856fe7d4f9b86d8a1e66eff99cf3a8b7ba48202f659703d27c46f  numpy-1.22.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
e41e8951749c4b5c9a2dc5fdbc1a4eec6ab2a140fdae9b460b0f557eed870f4d  numpy-1.22.0-cp310-cp310-win_amd64.whl
bece0a4a49e60e472a6d1f70ac6cdea00f9ab80ff01132f96bd970cdd8a9e5a9  numpy-1.22.0-cp38-cp38-macosx_10_9_universal2.whl
818b9be7900e8dc23e013a92779135623476f44a0de58b40c32a15368c01d471  numpy-1.22.0-cp38-cp38-macosx_10_9_x86_64.whl
47ee7a839f5885bc0c63a74aabb91f6f40d7d7b639253768c4199b37aede7982  numpy-1.22.0-cp38-cp38-macosx_11_0_arm64.whl
a024181d7aef0004d76fb3bce2a4c9f2e67a609a9e2a6ff2571d30e9976aa383  numpy-1.22.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
f71d57cc8645f14816ae249407d309be250ad8de93ef61d9709b45a0ddf4050c  numpy-1.22.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
283d9de87c0133ef98f93dfc09fad3fb382f2a15580de75c02b5bb36a5a159a5  numpy-1.22.0-cp38-cp38-win32.whl
2762331de395739c91f1abb88041f94a080cb1143aeec791b3b223976228af3f  numpy-1.22.0-cp38-cp38-win_amd64.whl
76ba7c40e80f9dc815c5e896330700fd6e20814e69da9c1267d65a4d051080f1  numpy-1.22.0-cp39-cp39-macosx_10_9_universal2.whl
0cfe07133fd00b27edee5e6385e333e9eeb010607e8a46e1cd673f05f8596595  numpy-1.22.0-cp39-cp39-macosx_10_9_x86_64.whl
6ed0d073a9c54ac40c41a9c2d53fcc3d4d4ed607670b9e7b0de1ba13b4cbfe6f  numpy-1.22.0-cp39-cp39-macosx_11_0_arm64.whl
41388e32e40b41dd56eb37fcaa7488b2b47b0adf77c66154d6b89622c110dfe9  numpy-1.22.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
b55b953a1bdb465f4dc181758570d321db4ac23005f90ffd2b434cc6609a63dd  numpy-1.22.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
5a311ee4d983c487a0ab546708edbdd759393a3dc9cd30305170149fedd23c88  numpy-1.22.0-cp39-cp39-win32.whl
a97a954a8c2f046d3817c2bce16e3c7e9a9c2afffaf0400f5c16df5172a67c9c  numpy-1.22.0-cp39-cp39-win_amd64.whl
bb02929b0d6bfab4c48a79bd805bd7419114606947ec8284476167415171f55b  numpy-1.22.0-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
f2be14ba396780a6f662b8ba1a24466c9cf18a6a386174f614668e58387a13d7  numpy-1.22.0.tar.gz
a955e4128ac36797aaffd49ab44ec74a71c11d6938df83b1285492d277db5397  numpy-1.22.0.zip

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

Review changes with  SemanticDiff

Copy link

sourcery-ai bot commented Dec 16, 2024

🧙 Sourcery has finished reviewing your pull request!


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

@renovate renovate bot changed the title fix(deps): update dependency numpy to v1.22.0 [security] fix(deps): update dependency numpy to v1.22.0 [security] - autoclosed Dec 17, 2024
@renovate renovate bot closed this Dec 17, 2024
@renovate renovate bot deleted the renovate/pypi-numpy-vulnerability branch December 17, 2024 19:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants