You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mxnet.apache.org by GitBox <gi...@apache.org> on 2022/03/07 22:16:08 UTC

[GitHub] [incubator-mxnet] DickJC123 opened a new pull request #20940: [v1.9.x] [WIP] [BUGFIX] Upgrade numpy>=1.19.1 to avoid security vulnerabilities

DickJC123 opened a new pull request #20940:
URL: https://github.com/apache/incubator-mxnet/pull/20940


   ## Description ##
   This is an alternate PR attempting to resolve issue https://github.com/apache/incubator-mxnet/issues/20869.
   
   ## Checklist ##
   ### Essentials ###
   - [X ] PR's title starts with a category (e.g. [BUGFIX], [MODEL], [TUTORIAL], [FEATURE], [DOC], etc)
   - [ ] Changes are complete (i.e. I finished coding on this PR)
   - [ ] All changes have test coverage
   - [ ] Code is well-documented
   
   ### Changes ###
   - [ ] Feature1, tests, (and when applicable, API doc)
   - [ ] Feature2, tests, (and when applicable, API doc)
   
   ## Comments ##
   - If this change is a backward incompatible change, why must this change be made.
   - Interesting edge cases to note here
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mxnet.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-mxnet] mxnet-bot commented on pull request #20940: [v1.9.x] [WIP] [BUGFIX] Upgrade numpy>=1.19.1 to avoid security vulnerabilities

Posted by GitBox <gi...@apache.org>.

mxnet-bot commented on pull request #20940:
URL: https://github.com/apache/incubator-mxnet/pull/20940#issuecomment-1061193483


   Hey @DickJC123 , Thanks for submitting the PR 
   All tests are already queued to run once. If tests fail, you can trigger one or more tests again with the following commands: 
   - To trigger all jobs: @mxnet-bot run ci [all] 
   - To trigger specific jobs: @mxnet-bot run ci [job1, job2] 
   *** 
   **CI supported jobs**: [edge, website, windows-cpu, clang, centos-cpu, unix-cpu, sanity, centos-gpu, windows-gpu, unix-gpu, miscellaneous]
   *** 
   _Note_: 
    Only following 3 categories can trigger CI :PR Author, MXNet Committer, Jenkins Admin. 
   All CI tests must pass before the PR can be merged. 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mxnet.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-mxnet] DickJC123 merged pull request #20940: [v1.9.x] [BUGFIX] Upgrade numpy to <1.20.0 to avoid security vulnerabilities affecting numpy<1.19.1

Posted by GitBox <gi...@apache.org>.

DickJC123 merged pull request #20940:
URL: https://github.com/apache/incubator-mxnet/pull/20940


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mxnet.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-mxnet] DickJC123 commented on pull request #20940: [v1.9.x] [BUGFIX] Upgrade numpy to <1.20.0 to avoid security vulnerabilities affecting numpy<1.19.1

Posted by GitBox <gi...@apache.org>.

DickJC123 commented on pull request #20940:
URL: https://github.com/apache/incubator-mxnet/pull/20940#issuecomment-1063164058


   FYI, issue https://github.com/apache/incubator-mxnet/issues/20869 discussing the numpy upgrade motivation had the comment from @huubvh95:
   ```
   Is it also possible to update Graphviz in the PR? The required version for Graphviz is rather old.
   See issue https://github.com/apache/incubator-mxnet/issues/20897
   ```
   My feeling on this:
   ```
   I'm not able to do a reasonable job of testing an updated version of graphviz.
   If we put the graphviz update in this PR, then a required revert based on either a
   numpy or graphviz problem would revert both modules- an unfortunate coupling.
   
   Could you suggest a graphviz version to move to, based on some testing, and make a separate PR for that?
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mxnet.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org