SeldonIO · mauicv · Jan 22, 2024 · Dec 12, 2023 · Dec 12, 2023 · Dec 13, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -36,11 +36,9 @@ jobs:
       matrix:
         os: [ ubuntu-latest ]
         python-version: [ '3.8', '3.9', '3.10', '3.11']
-        include: # Run macos and windows tests on only one python version
+        include: # Run windows tests on only one python version
           - os: windows-latest
             python-version: '3.11'
-          - os: macos-latest
-            python-version: '3.11'
 
     steps:
       - name: Checkout code
@@ -148,7 +146,7 @@ jobs:
           python-version: '3.10'
       - name: Check 3rd party licenses haven't changed
         run: |
-          pip install "tox>=3.21.0,<4.0.0"
+          pip install "tox>=3.21.0,<5.0.0"
           make licenses
           make check_licenses
 
@@ -166,5 +164,5 @@ jobs:
           python-version: '3.10'
       - name: Check optional dependency imports are protected
         run: |
-          pip install "tox>=3.21.0,<4.0.0"
+          pip install "tox>=3.21.0,<5.0.0"
           tox -e ${{matrix.env}}
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,59 @@
+name: Security Scan
+
+on:
+  push:
+    branches:
+      - master
+      - release/*
+  schedule:
+    - cron: "0 0 * * 1"
+  workflow_dispatch:
+
+jobs:
+  scan-code:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - name: Install dependencies
+        run: |
+          pip install .[all]
+      - name: Create requirements.txt
+        run: |
+          # Snyk has issues working with complex setup.py files (e.g.
+          # https://github.com/snyk/cli/issues/1367).
+          # To account for this, we set up the environment and then dump it
+          # into a `requirements.txt` - this env includes both production and
+          # development dependencies.
+          # TODO: Once we move into Poetry, this can be replaced for the lock
+          # file.
+          pip freeze > requirements.txt
+      - name: Security Scan
+        uses: snyk/actions/python-3.10@master
+        with:
+          args: --fail-on=upgradable
+            --severity-threshold=high
+            --all-projects
+            --exclude=tests,testing,docs
+            --sarif-file-output=snyk-code.sarif
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  static-code-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Static Code Analysis Scan
+        uses: snyk/actions/python-3.10@master
+        with:
+          command: code test
+          args: --fail-on=upgradable
+            --severity-threshold=high
+            --all-projects
+            --exclude=tests,testing,docs
+            --sarif-file-output=snyk-sat.sarif
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/test_all_notebooks.yml b/.github/workflows/test_all_notebooks.yml
@@ -21,11 +21,9 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         python-version: [ '3.8', '3.9', '3.10', '3.11' ]
-        include: # Run macos and windows tests on only one python version
+        include: # Run windows tests on only one python version
           - os: windows-latest
             python-version:  '3.11'
-          - os: macos-latest
-            python-version:  '3.11'
 
     steps:
       - name: Checkout code

diff --git a/.github/workflows/test_changed_notebooks.yml b/.github/workflows/test_changed_notebooks.yml
@@ -28,11 +28,9 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         python-version: [ '3.8', '3.9', '3.10', '3.11' ]
-        include: # Run macos and windows tests on only one python version
+        include: # Run windows tests on only one python version
           - os: windows-latest
             python-version:  '3.11'
-          - os: macos-latest
-            python-version:  '3.11'
 
     steps:
       - name: Checkout code

diff --git a/.snyk b/.snyk
@@ -0,0 +1,2 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,37 @@
 # Change Log
 
+## [v0.9.5](https://github.com/SeldonIO/alibi/tree/v0.9.5) (2024-01-22)
+[Full Changelog](https://github.com/SeldonIO/alibi/compare/v0.9.4...v0.9.5)
+
+This is a patch release fixing several bugs, updating dependencies and a change of license.
+
+### Fixed
+- Fix torch version bound in setup.py extras_require ([#950](https://github.com/SeldonIO/alibi/pull/950))
+- Fix DistributedExplainer import errors that arise when ray absent([#951](https://github.com/SeldonIO/alibi/pull/951))
+- Fix memory limit issue in tox ci jobs ([#956](https://github.com/SeldonIO/alibi/pull/956))
+- Fix E721 linting errors ([#958](https://github.com/SeldonIO/alibi/pull/958))
+- Fix plot_pd function to work with matplotlib 3.8.0 changes ([#965](https://github.com/SeldonIO/alibi/pull/965))
+- Fix typechecking with matplotlib 3.8.0 ([#969](https://github.com/SeldonIO/alibi/pull/969))
+- fix typechecking for matplotlib 3.8.1 ([#981](https://github.com/SeldonIO/alibi/pull/981))
+- Fix typechecking for mypy 1.7.0 ([#983](https://github.com/SeldonIO/alibi/pull/983))
+- Fix test models to output logits and work with default loss functions ([#975](https://github.com/SeldonIO/alibi/pull/975))
+- Fix dtype type in helper method for AnchorText samplers ([#980](https://github.com/SeldonIO/alibi/pull/980))
+
+### Changed
+- Alibi License change from Apache to Business Source License 1.1 ([#995](https://github.com/SeldonIO/alibi/pull/995))
+
+### Development
+- Update myst-parser requirement upper bound from 2.0 to 3.0 ([#931](https://github.com/SeldonIO/alibi/pull/931))
+- Update pillow requirement upper bound from 10.0 to 11.0 ([#939](https://github.com/SeldonIO/alibi/pull/939))
+- Add notebooks tests for python 3.11 ([#948](https://github.com/SeldonIO/alibi/pull/948)) & ([#949](https://github.com/SeldonIO/alibi/pull/949))
+- Update sphinxcontrib-apidoc requirement upper bound from 0.4.0 to 0.5.0 ([#962](https://github.com/SeldonIO/alibi/pull/962))
+- Update numba requirement upper bound from 0.58.0 to 0.59.0 ([#967](https://github.com/SeldonIO/alibi/pull/967))
+- Update shap requirement upper bound from 0.43.0 to 0.44.0 ([#974](https://github.com/SeldonIO/alibi/pull/974))
+- Update tensorflow requirement upper bound from 2.14.0 to 2.15.0 ([#968](https://github.com/SeldonIO/alibi/pull/968))
+- Update Alibi_Explain_Logo_rgb image with white stroked letters ([#979](https://github.com/SeldonIO/alibi/pull/979))
+- Remove macos from ci ([#995](https://github.com/SeldonIO/alibi/pull/995))
+- Add security scans to CI ([#995](https://github.com/SeldonIO/alibi/pull/995))
+
 ## [v0.9.4](https://github.com/SeldonIO/alibi/tree/v0.9.4) (2023-07-07)
 [Full Changelog](https://github.com/SeldonIO/alibi/compare/v0.9.3...v0.9.4)
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -3,7 +3,7 @@
 We welcome PRs from the community. This document outlines the standard
 practices and development tools we use.
 
-When you contribute code, you affirm that the contribution is your original work and that you license the work to the project under the project's open source license. Whether or not you state this explicitly, by submitting any copyrighted material via pull request, email, or other means you agree to license the material under the project's open source license and warrant that you have the legal authority to do so.
+When you contribute code, you affirm that the contribution is your original work and that you license the work to the project under the project's license. Whether or not you state this explicitly, by submitting any copyrighted material via pull request, email, or other means you agree to license the material under the project's license and warrant that you have the legal authority to do so.
 
 ## Getting started
 The easiest way to get started is to clone `alibi` and install it locally together with all the development dependencies
@@ -195,8 +195,6 @@ the CI Guthub Action runner.
 
 - If the registered public SSH key is not your default private SSH key, you will need to specify the path manually, like so: ssh -i <path-to-key> <tmate-connection-string>.
 - Once you have finished debugging, you can continue the workflow (i.e. let the full build CI run) by running `touch continue` whilst in the root directory (`~/work/alibi/alibi`). This will close the tmate session.
-- This new capability is currently temperamental on the `MacOS` build due to [this issue](https://github.com/mxschmitt/action-tmate/issues/69). If the MacOS build fails all the builds are failed. If this happens, it is 
-recommended to retrigger only the workflow build of interest e.g. `ubuntu-latest, 3.10`, and then follow the instructions above from step 3.
 
 ## Optional Dependencies