Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.1.0
->==1.2.0
By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
joblib/joblib
v1.2.0
Compare Source
Fix a security issue where
eval(pre_dispatch)
could potentially runarbitrary code. Now only basic numerics are supporthttps://github.com/joblib/joblib/pull/1327ull/1327
Make sure that joblib works even when multiprocessing is not available,
for instance with Pyodhttps://github.com/joblib/joblib/pull/1256ull/1256
Avoid unnecessary warnings when workers and main process delete
the temporary memmap folder contents concurrenthttps://github.com/joblib/joblib/pull/1263ull/1263
Fix memory alignment bug for pickles containing numpy arrays.
This is especially important when loading the pickle with
mmap_mode != None
as the resultingnumpy.memmap
objectwould not be able to correct the misalignment without performing
a memory copy.
This bug would cause invalid computation and segmentation faults
with native code that would directly access the underlying data
buffer of a numpy array, for instance C/C++/Cython code compiled
with older GCC versions or some old OpenBLAS written in plathttps://github.com/joblib/joblib/pull/1254thub.com/Make sure arrays are bytes aligned in joblib pickles joblib/joblib#1254
Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.
Vendor loky 3.3.0 which fixes several bugs including:
robustly forcibly terminating worker processes in case of a crash
https://github.com/joblib/joblib/pull/1269ull/1269);
avoiding leaking worker processes in case of nested loky parallel
calls;
reliability spawn the correct number of reusable workers.
v1.1.1
Compare Source
eval(pre_dispatch)
could potentially runarbitrary code. Now only basic numerics are supporthttps://github.com/joblib/joblib/pull/1327ull/1327