-
Notifications
You must be signed in to change notification settings - Fork 999
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning #2887
fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning #2887
Conversation
Signed-off-by: Breno Costa <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/ok-to-test
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: achals, breno-costa The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks for the fix @breno-costa ! |
Codecov Report
@@ Coverage Diff @@
## master #2887 +/- ##
==========================================
- Coverage 80.63% 80.62% -0.01%
==========================================
Files 176 176
Lines 15670 15670
==========================================
- Hits 12635 12634 -1
- Misses 3035 3036 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
Signed-off-by: Breno Costa <[email protected]>
@achals I've checked the test That integration test was building a docker image using the base image python:3.7. It installs requirements from the requirements.txt and entrypoint installs Feast dependencies during the test execution. The github action log shows it can only install According to numpy release notes, python 3.7 is not supported by numpy from
To fix that integration test, I'm also changing the dockerfile to upgrade python base image from 3.7 to 3.8. Let me know if you have any concern about this change or if we can proceed to merge the branch. |
@breno-costa nope, upgrading to python 3.8 for the dockerfile is fine by me. /lgtm |
…dabot warning (#2887) * Upgrade numpy version on setup.py and resolve dependabot warning Signed-off-by: Breno Costa <[email protected]> * Upgrade python base image from 3.7 to 3.8 Signed-off-by: Breno Costa <[email protected]>
…dabot warning (#2887) * Upgrade numpy version on setup.py and resolve dependabot warning Signed-off-by: Breno Costa <[email protected]> * Upgrade python base image from 3.7 to 3.8 Signed-off-by: Breno Costa <[email protected]>
## [0.22.1](v0.22.0...v0.22.1) (2022-07-19) ### Bug Fixes * Change numpy version on setup.py and upgrade it to resolve dependabot warning ([#2887](#2887)) ([b9190b9](b9190b9)) * Change the feature store plan method to public modifier ([#2904](#2904)) ([568058a](568058a)) * Deprecate 3.7 wheels and fix verification workflow ([#2934](#2934)) ([146e36d](146e36d)) * Fix build wheels workflow to install apache-arrow correctly ([#2932](#2932)) ([4b69e0e](4b69e0e)) * Fix grpc and update protobuf ([#2894](#2894)) ([f726c96](f726c96)) * Fix night ci syntax error and update readme ([#2935](#2935)) ([b35553b](b35553b)) * Fix nightly ci again ([#2939](#2939)) ([c363619](c363619)) * Fix the go build and use CgoArrowAllocator to prevent incorrect garbage collection ([#2919](#2919)) ([f4f4894](f4f4894)) * Fixing broken links to feast documentation on java readme and contribution ([#2892](#2892)) ([a45e10a](a45e10a)) * Resolve small typo in README file ([#2930](#2930)) ([9840c1b](9840c1b)) * Update gopy to point to fork to resolve github annotation errors. ([#2940](#2940)) ([9b9fbbe](9b9fbbe))
…to resolve dependabot warning (#2887)" This reverts commit b9190b9. Signed-off-by: Danny Chiao <[email protected]>
## [0.22.2](v0.22.1...v0.22.2) (2022-07-29) ### Reverts * **ci:** "Fix night ci syntax error and update readme ([#2935](#2935))" ([31f54c8](31f54c8)) * **ci:** fix: Fix nightly ci again ([#2939](#2939)). This reverts commit c363619. ([33cbaeb](33cbaeb)) * **ci:** Revert "ci: Add a nightly CI job for integration tests ([#2652](#2652))" ([d4bb394](d4bb394)) * **ci:** Revert "fix: Deprecate 3.7 wheels and fix verification workflow ([#2934](#2934))" ([efadb22](efadb22)) * Revert "fix: Change numpy version on setup.py and upgrade it to resolve dependabot warning ([#2887](#2887))" ([87190cb](87190cb))
# [0.23.0](v0.22.0...v0.23.0) (2022-08-02) ### Bug Fixes * Add dummy alias to pull_all_from_table_or_query ([#2956](#2956)) ([5e45228](5e45228)) * Bump version of Guava to mitigate cve ([#2896](#2896)) ([51df8be](51df8be)) * Change numpy version on setup.py and upgrade it to resolve dependabot warning ([#2887](#2887)) ([80ea7a9](80ea7a9)) * Change the feature store plan method to public modifier ([#2904](#2904)) ([0ec7d1a](0ec7d1a)) * Deprecate 3.7 wheels and fix verification workflow ([#2934](#2934)) ([040c910](040c910)) * Do not allow same column to be reused in data sources ([#2965](#2965)) ([661c053](661c053)) * Fix build wheels workflow to install apache-arrow correctly ([#2932](#2932)) ([bdeb4ae](bdeb4ae)) * Fix file offline store logic for feature views without ttl ([#2971](#2971)) ([26f6b69](26f6b69)) * Fix grpc and update protobuf ([#2894](#2894)) ([86e9efd](86e9efd)) * Fix night ci syntax error and update readme ([#2935](#2935)) ([b917540](b917540)) * Fix nightly ci again ([#2939](#2939)) ([1603c9e](1603c9e)) * Fix the go build and use CgoArrowAllocator to prevent incorrect garbage collection ([#2919](#2919)) ([130746e](130746e)) * Fix typo in CONTRIBUTING.md ([#2955](#2955)) ([8534f69](8534f69)) * Fixing broken links to feast documentation on java readme and contribution ([#2892](#2892)) ([d044588](d044588)) * Fixing Spark min / max entity df event timestamps range return order ([#2735](#2735)) ([ac55ce2](ac55ce2)) * Move gcp back to 1.47.0 since grpcio-tools 1.48.0 got yanked from pypi ([#2990](#2990)) ([fc447eb](fc447eb)) * Refactor testing and sort out unit and integration tests ([#2975](#2975)) ([2680f7b](2680f7b)) * Remove hard-coded integration test setup for AWS & GCP ([#2970](#2970)) ([e4507ac](e4507ac)) * Resolve small typo in README file ([#2930](#2930)) ([16ae902](16ae902)) * Revert "feat: Add snowflake online store ([#2902](#2902))" ([#2909](#2909)) ([38fd001](38fd001)) * Snowflake_online_read fix ([#2988](#2988)) ([651ce34](651ce34)) * Spark source support table with pattern "db.table" ([#2606](#2606)) ([3ce5139](3ce5139)), closes [#2605](#2605) * Switch mysql log string to use regex ([#2976](#2976)) ([5edf4b0](5edf4b0)) * Update gopy to point to fork to resolve github annotation errors. ([#2940](#2940)) ([ba2dcf1](ba2dcf1)) * Version entity serialization mechanism and fix issue with int64 vals ([#2944](#2944)) ([d0d27a3](d0d27a3)) ### Features * Add an experimental lambda-based materialization engine ([#2923](#2923)) ([6f79069](6f79069)) * Add column reordering to `write_to_offline_store` ([#2876](#2876)) ([8abc2ef](8abc2ef)) * Add custom JSON table tab w/ formatting ([#2851](#2851)) ([0159f38](0159f38)) * Add CustomSourceOptions to SavedDatasetStorage ([#2958](#2958)) ([23c09c8](23c09c8)) * Add Go option to `feast serve` command ([#2966](#2966)) ([a36a695](a36a695)) * Add interfaces for batch materialization engine ([#2901](#2901)) ([38b28ca](38b28ca)) * Add pages for individual Features to the Feast UI ([#2850](#2850)) ([9b97fca](9b97fca)) * Add snowflake online store ([#2902](#2902)) ([f758f9e](f758f9e)), closes [#2903](#2903) * Add Snowflake online store (again) ([#2922](#2922)) ([2ef71fc](2ef71fc)), closes [#2903](#2903) * Add to_remote_storage method to RetrievalJob ([#2916](#2916)) ([109ee9c](109ee9c)) * Support retrieval from multiple feature views with different join keys ([#2835](#2835)) ([056cfa1](056cfa1))
What this PR does / why we need it:
Dependabot cannot update numpy to a non-vulnerable version because the numpy version is pinned on setup.py, and it looks like numpy version was wrongly pinned by a recent change introduced on PR #2647
Which issue(s) this PR fixes:
Fixes #