deck.gl icon indicating copy to clipboard operation
deck.gl copied to clipboard
verified publisher icon visgl

fix(sec): upgrade numpy to 1.22.2

Open pen4 opened this issue 3 years ago • 1 comments

What happened?

There are 1 security vulnerabilities found in numpy 1.16.4

What did I do?

Upgrade numpy from 1.16.4 to 1.22.2 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS Signed-off-by:pen4[email protected]

pen4 avatar Nov 29 '22 10:11 pen4

https://github.com/numpy/numpy/pull/18989 this seems to indicate that the bug was fixed as of 1.21 not 1.22.2? Forcing a minimum numpy version of 1.22.2 would effectively make pydeck require python 3.8+ and not the current python 3.7+

kylebarron avatar Nov 29 '22 17:11 kylebarron