Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning #2887

Merged
merged 2 commits into from
Jun 30, 2022
Merged

fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning #2887

merged 2 commits into from
Jun 30, 2022

Conversation

breno-costa
Copy link
Contributor

What this PR does / why we need it:
Dependabot cannot update numpy to a non-vulnerable version because the numpy version is pinned on setup.py, and it looks like numpy version was wrongly pinned by a recent change introduced on PR #2647

Which issue(s) this PR fixes:

Fixes #

Copy link
Member

@achals achals left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test
/lgtm

@feast-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: achals, breno-costa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@achals
Copy link
Member

achals commented Jun 29, 2022

Thanks for the fix @breno-costa !

@breno-costa breno-costa changed the title Fix numpy version on setup.py and upgrade it to resolve dependabot warning fix: numpy version on setup.py and upgrade it to resolve dependabot warning Jun 29, 2022
@codecov-commenter
Copy link

codecov-commenter commented Jun 29, 2022

Codecov Report

Merging #2887 (7f99e71) into master (2800e37) will decrease coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2887      +/-   ##
==========================================
- Coverage   80.63%   80.62%   -0.01%     
==========================================
  Files         176      176              
  Lines       15670    15670              
==========================================
- Hits        12635    12634       -1     
- Misses       3035     3036       +1     
Flag Coverage Δ
integrationtests 70.78% <ø> (-0.01%) ⬇️
unittests 59.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
setup.py 0.00% <ø> (ø)
...ython/feast/embedded_go/online_features_service.py 89.39% <0.00%> (-0.76%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2800e37...7f99e71. Read the comment docs.

@feast-ci-bot feast-ci-bot removed the lgtm label Jun 29, 2022
@breno-costa breno-costa changed the title fix: numpy version on setup.py and upgrade it to resolve dependabot warning fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning Jun 29, 2022
@breno-costa
Copy link
Contributor Author

breno-costa commented Jun 29, 2022

@achals I've checked the test java_pr / integration-test that failed on my first commit.

That integration test was building a docker image using the base image python:3.7. It installs requirements from the requirements.txt and entrypoint installs Feast dependencies during the test execution. The github action log shows it can only install numpy-1.21.6 after dependency resolution - but my PR is upgrading numpy to 1.22.0.

According to numpy release notes, python 3.7 is not supported by numpy from 1.22.0.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped.

To fix that integration test, I'm also changing the dockerfile to upgrade python base image from 3.7 to 3.8. Let me know if you have any concern about this change or if we can proceed to merge the branch.

@achals
Copy link
Member

achals commented Jun 30, 2022

@breno-costa nope, upgrading to python 3.8 for the dockerfile is fine by me.

/lgtm

@feast-ci-bot feast-ci-bot merged commit 80ea7a9 into feast-dev:master Jun 30, 2022
adchia pushed a commit that referenced this pull request Jul 14, 2022
…dabot warning (#2887)

* Upgrade numpy version on setup.py and resolve dependabot warning

Signed-off-by: Breno Costa <[email protected]>

* Upgrade python base image from 3.7 to 3.8

Signed-off-by: Breno Costa <[email protected]>
kevjumba pushed a commit that referenced this pull request Jul 19, 2022
…dabot warning (#2887)

* Upgrade numpy version on setup.py and resolve dependabot warning

Signed-off-by: Breno Costa <[email protected]>

* Upgrade python base image from 3.7 to 3.8

Signed-off-by: Breno Costa <[email protected]>
kevjumba pushed a commit that referenced this pull request Jul 19, 2022
## [0.22.1](v0.22.0...v0.22.1) (2022-07-19)

### Bug Fixes

* Change numpy version on setup.py and upgrade it to resolve dependabot warning ([#2887](#2887)) ([b9190b9](b9190b9))
* Change the feature store plan method to public modifier ([#2904](#2904)) ([568058a](568058a))
* Deprecate 3.7 wheels and fix verification workflow ([#2934](#2934)) ([146e36d](146e36d))
* Fix build wheels workflow to install apache-arrow correctly ([#2932](#2932)) ([4b69e0e](4b69e0e))
* Fix grpc and update protobuf ([#2894](#2894)) ([f726c96](f726c96))
* Fix night ci syntax error and update readme ([#2935](#2935)) ([b35553b](b35553b))
* Fix nightly ci again ([#2939](#2939)) ([c363619](c363619))
* Fix the go build and use CgoArrowAllocator to prevent incorrect garbage collection ([#2919](#2919)) ([f4f4894](f4f4894))
* Fixing broken links to feast documentation on java readme and contribution ([#2892](#2892)) ([a45e10a](a45e10a))
* Resolve small typo in README file ([#2930](#2930)) ([9840c1b](9840c1b))
* Update gopy to point to fork to resolve github annotation errors. ([#2940](#2940)) ([9b9fbbe](9b9fbbe))
adchia added a commit that referenced this pull request Jul 29, 2022
…to resolve dependabot warning (#2887)"

This reverts commit b9190b9.

Signed-off-by: Danny Chiao <[email protected]>
adchia pushed a commit that referenced this pull request Jul 29, 2022
## [0.22.2](v0.22.1...v0.22.2) (2022-07-29)

### Reverts

* **ci:** "Fix night ci syntax error and update readme ([#2935](#2935))" ([31f54c8](31f54c8))
* **ci:** fix: Fix nightly ci again ([#2939](#2939)). This reverts commit c363619. ([33cbaeb](33cbaeb))
* **ci:** Revert "ci: Add a nightly CI job for integration tests ([#2652](#2652))" ([d4bb394](d4bb394))
* **ci:** Revert "fix: Deprecate 3.7 wheels and fix verification workflow ([#2934](#2934))" ([efadb22](efadb22))
* Revert "fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning ([#2887](#2887))" ([87190cb](87190cb))
felixwang9817 pushed a commit that referenced this pull request Aug 2, 2022
# [0.23.0](v0.22.0...v0.23.0) (2022-08-02)

### Bug Fixes

* Add dummy alias to pull_all_from_table_or_query ([#2956](#2956)) ([5e45228](5e45228))
* Bump version of Guava to mitigate cve ([#2896](#2896)) ([51df8be](51df8be))
* Change numpy version on setup.py and upgrade it to resolve dependabot warning ([#2887](#2887)) ([80ea7a9](80ea7a9))
* Change the feature store plan method to public modifier ([#2904](#2904)) ([0ec7d1a](0ec7d1a))
* Deprecate 3.7 wheels and fix verification workflow ([#2934](#2934)) ([040c910](040c910))
* Do not allow same column to be reused in data sources ([#2965](#2965)) ([661c053](661c053))
* Fix build wheels workflow to install apache-arrow correctly ([#2932](#2932)) ([bdeb4ae](bdeb4ae))
* Fix file offline store logic for feature views without ttl ([#2971](#2971)) ([26f6b69](26f6b69))
* Fix grpc and update protobuf ([#2894](#2894)) ([86e9efd](86e9efd))
* Fix night ci syntax error and update readme ([#2935](#2935)) ([b917540](b917540))
* Fix nightly ci again ([#2939](#2939)) ([1603c9e](1603c9e))
* Fix the go build and use CgoArrowAllocator to prevent incorrect garbage collection ([#2919](#2919)) ([130746e](130746e))
* Fix typo in CONTRIBUTING.md ([#2955](#2955)) ([8534f69](8534f69))
* Fixing broken links to feast documentation on java readme and contribution ([#2892](#2892)) ([d044588](d044588))
* Fixing Spark min / max entity df event timestamps range return order ([#2735](#2735)) ([ac55ce2](ac55ce2))
* Move gcp back to 1.47.0 since grpcio-tools 1.48.0 got yanked from pypi ([#2990](#2990)) ([fc447eb](fc447eb))
* Refactor testing and sort out unit and integration tests ([#2975](#2975)) ([2680f7b](2680f7b))
* Remove hard-coded integration test setup for AWS & GCP ([#2970](#2970)) ([e4507ac](e4507ac))
* Resolve small typo in README file ([#2930](#2930)) ([16ae902](16ae902))
* Revert "feat: Add snowflake online store ([#2902](#2902))" ([#2909](#2909)) ([38fd001](38fd001))
* Snowflake_online_read fix ([#2988](#2988)) ([651ce34](651ce34))
* Spark source support table with pattern "db.table" ([#2606](#2606)) ([3ce5139](3ce5139)), closes [#2605](#2605)
* Switch mysql log string to use regex ([#2976](#2976)) ([5edf4b0](5edf4b0))
* Update gopy to point to fork to resolve github annotation errors. ([#2940](#2940)) ([ba2dcf1](ba2dcf1))
* Version entity serialization mechanism and fix issue with int64 vals ([#2944](#2944)) ([d0d27a3](d0d27a3))

### Features

* Add an experimental lambda-based materialization engine ([#2923](#2923)) ([6f79069](6f79069))
* Add column reordering to `write_to_offline_store` ([#2876](#2876)) ([8abc2ef](8abc2ef))
* Add custom JSON table tab w/ formatting ([#2851](#2851)) ([0159f38](0159f38))
* Add CustomSourceOptions to SavedDatasetStorage ([#2958](#2958)) ([23c09c8](23c09c8))
* Add Go option to `feast serve` command ([#2966](#2966)) ([a36a695](a36a695))
* Add interfaces for batch materialization engine ([#2901](#2901)) ([38b28ca](38b28ca))
* Add pages for individual Features to the Feast UI ([#2850](#2850)) ([9b97fca](9b97fca))
* Add snowflake online store ([#2902](#2902)) ([f758f9e](f758f9e)), closes [#2903](#2903)
* Add Snowflake online store (again) ([#2922](#2922)) ([2ef71fc](2ef71fc)), closes [#2903](#2903)
* Add to_remote_storage method to RetrievalJob ([#2916](#2916)) ([109ee9c](109ee9c))
* Support retrieval from multiple feature views with different join keys ([#2835](#2835)) ([056cfa1](056cfa1))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants