-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update cfitsio to 4.2.0 #14020
Update cfitsio to 4.2.0 #14020
Conversation
Don't want this for 5.2? |
😱
|
Yeah probably better to backport, but I don't want to block the release. So it seems But we have another problem now:
I think due to setuptools v65.6.0, released 2 days ago with pypa/distutils#183. |
Also ref numpy/numpy#22623 |
Out of interest are we using this for anything other than cfitsio? |
It concerns only |
I am not sure if we can release anyway until we have a fix for #14025 ? |
Rebased on main, tests are passing except one new issue with numpy-dev. |
Has this been addressed elsewhere? Looks like it is
|
Do we dare to backport to v5.0.x? I am going to throw in the cron jobs too, just in case. |
Looks like this is ready to go and the CI failures are unrelated. I will go ahead and merge this and include in 5.2, but don't think we should backport to LTS? |
They are not very specific about what has changed, but the following note form the release notes indicates that this might be a candidate for backporting, if it can be done with a reasonable level of effort:
While I don't have a concrete example, it's not inconceivable that a web application that uses astropy might rely on an LTS release. Our LTS policy calls out "critical" security issues as something that we will backport (https://docs.astropy.org/en/stable/lts_policy.html). cfitsio does not use the word "critical" in their description, but "strongly encourage" sounds pretty close to "critical" to me. I'm not experienced enough in the classification system of security vulnerabilities to know the exact definition of "critical", but if this backports cleanly, it might be easier to just do that backport then to decide if the backport is absolutely needed. Of course, it's easy to say that for me, since I'm not the person doing the backporting... |
…020-on-v5.2.x Backport PR #14020 on branch v5.2.x (Update cfitsio to 4.2.0)
@meeseeksdev backport to v5.0.x |
Huh, what do you know... auto backport works. |
…020-on-v5.0.x Backport PR #14020 on branch v5.0.x (Update cfitsio to 4.2.0)
Also, update the bundled zlib to 1.2.13
Fix #14015
Description
This pull request is to address ...
Fixes #
Checklist for package maintainer(s)
This checklist is meant to remind the package maintainer(s) who will review this pull request of some common things to look for. This list is not exhaustive.
Extra CI
label. Codestyle issues can be fixed by the bot.no-changelog-entry-needed
label. If this is a manual backport, use theskip-changelog-checks
label unless special changelog handling is necessary.astropy-bot
check might be missing; do not let the green checkmark fool you.backport-X.Y.x
label(s) before merge.