Update requirements.txt and setup.py according to GHSA-977j-xj7q-2jr9

[timball]

This patch addresses the tensorflow vulns.

[stephen-hoover]

@timball , thank you for the vulnerability notification! I see that the Tensorflow team has backported the patch to v1, and all the failing tests here tell me that muffnn isn't compatible with v2. Let's try increasing the Tensorflow version requirement but keeping it at v1.

[stephen-hoover]

@timball , I don't see any additional changes. Why did you assign back to me?

Also, there's one thing I missed last time -- this will need an entry in the changelog.

[timball]

Okay @stephen-hoover sorry. didn't mean to passive-aggressive assign the ticket. I accepted your changes. Hope this works! Still totally UNTESTED.

--timball

[stephen-hoover]

@jacksonllee , it looks like Tensorflow v1.15.2 doesn't support Python 3.4 or 2.7, which this repo is still testing in. Thoughts? When will you be ready to end 2.7 and 3.4 support in muffnn?

The >= 3.5 tests have a couple of odd failures in the tests which I haven't had time to look into yet.

[jacksonllee]

@stephen-hoover TL;DR -- I'm leaning towards having this PR merge for now, so that this PR (and @timball ) aren't on the hook. Then the current muffnn maintainers will fix the master branch shortly (for the following two issues) and make a new release.

Re: Python 2.7 and 3.4, since Tensorflow v1.15.2 doesn't support them anymore and we need at least this version of Tensorflow for security, it looks like muffnn would have to stop supporting Python 2.7 and 3.4 in the next release (coming up in about a week). Probably not ideal, especially since we didn't have a cycle of deprecation, etc. But it looks like Tensorflow is the limiting factor here... The action items would be to (i) remove Python 2.7 and 3.4 in the Travis CI yaml config and (ii) document in the README.md what Python versions are supported (there's currently no mention at all).

Re: test failures for Python 3.5+, it looks like they have to do with small numerical discrepancies. I can fix them in a separate PR as well.

cc @mheilman in case you have thoughts

[stephen-hoover]

LGTM. @jacksonllee , if you're okay with merging this, please approve as well.

[jacksonllee]

@timball @stephen-hoover Thank you again for the help! @mheilman and I decided that we shouldn't merge PRs that would fail the builds, and so we're holding off this PR while investigating #102.

We changed our minds -- don't merge anything that would break the build.

[jacksonllee]

LGTM!