uncertainties icon indicating copy to clipboard operation
uncertainties copied to clipboard

Published 20 hours ago verified publisher icon lmfit

Drop `future` dependency for Python 3

Open wshanks opened this issue 2 years ago • 1 comments

future is only used by uncertainties to provide builtins imports in Python 2, so it is not needed when using uncertainties in Python 3. The main motivation for dropping future now is that it is unmaintained and has unpatched security vulnerabillties (see https://github.com/PythonCharmers/python-future/pull/610 for example). The vulnerabilities do not affect uncertainties but they add a hurdle to some users using uncertainties as they may not want to have known unpatched security vulnerabilities in their environments.

Personally, I think it would be fine to drop Python 2 support entirely but this PR makes the minimal change of just not listing future as a dependency when installing uncertainties in Python 3.

wshanks avatar Dec 24 '22 16:12 wshanks

Can we please get this merged? The future package is not very well maintained now, and can not build with Python 3.11 with the PYTHONSAFEPATH env var set. We can not use uncertainties at all right now because we can not disable PYTHONSAFEPATH in our project.

siddharthab avatar Jul 06 '23 22:07 siddharthab