Skip to content

Address warnings from dependencies #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jnkh merged 9 commits into from
Oct 10, 2019
Merged

Address warnings from dependencies #38

jnkh merged 9 commits into from
Oct 10, 2019

Conversation

@felker
Copy link
Member

@felker felker commented Oct 9, 2019

Trying to prevent the noise in stdout from the following packages:

  • matplotlib: from calling matplotlib.use() after certain import statements
  • numpy: from versions >= 1.6.3 from np.load() changes in response to https://nvd.nist.gov/vuln/detail/CVE-2019-6446
  • yaml: also a change in default loading behavior for security reasons

felker added 8 commits October 3, 2019 17:17
@felker
Address PyYAML deprecation warning with yaml.load() default
eed4975 
See https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
about the CVE about RCE (similar to Pickle)
@felker
Ignore 2x more types of local Emacs config files
6563d66
@felker
Explicitly add allow_pickle=False (default) to all np.load() calls
1b88161 
Will change to True only for the calls that may possibly load trusted
Pickles, not only generic .npz files.

https://docs.scipy.org/doc/numpy/reference/generated/numpy.load.html
Changed in version 1.16.3: Made default False in response to CVE-2019-6446.

Reported by @Wouter-VDP via Slack on 2019-08-08.
@felker
Clean up style of preprocess.py
cc71f3e
@felker
Start switching np.load(...,allow_pickle=True) as needed
67c5622 
Even though these 2x calls load .npz files, they contain NumPy object
arrays of ShotList class objects that are implicitly serialized by
Pickle via np.savez() calls.

Also, fix bug with sorted(ShotList) being converted to a List instead of
a ShotList.
@felker
Re-order matplotlib.use() calls (before plt import)
aae1536 
Addressing warning:

This call to matplotlib.use() has no effect because the backend has
already been chosen; matplotlib.use() must be called *before* pylab,
matplotlib.pyplot, or matplotlib.backends is imported for the first
time.
@felker
Suppress flake8 warnings from the change in the parent commit
52d4971
@felker
Let normalize.py load pickles with np.load()
f34c9b1
@buildbot-princeton
Copy link
Collaborator

buildbot-princeton commented Oct 9, 2019

Can one of the admins verify this patch?

@jnkh jnkh merged commit 0b76c9a into master Oct 10, 2019
@felker felker deleted the hotfix/package-deprecations branch October 10, 2019 19:54
@ASvyatkovskiy
Copy link
Contributor

ASvyatkovskiy commented Oct 12, 2019

Add to whitelist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@felker @buildbot-princeton @ASvyatkovskiy @jnkh