codecov[bot]
commented
2 years ago Codecov Report
Base: 84.02% // Head: 84.02% // No change to project coverage :thumbsup:
Coverage data is based on head (
6e35a0d) compared to base (e927925). Patch has no changes to coverable lines.
Additional details and impacted files
```diff @@ Coverage Diff @@ ## main #995 +/- ## ======================================= Coverage 84.02% 84.02% ======================================= Files 9 9 Lines 889 889 ======================================= Hits 747 747 Misses 142 142 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=IQTLabs). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=IQTLabs):umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
This PR contains the following updates:
==1.1.0->==1.2.0GitHub Vulnerability Alerts
CVE-2022-21797
The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the
pre_dispatchflag inParallel()class due to theeval()statement.Release Notes
joblib/joblib
### [`v1.2.0`](https://togithub.com/joblib/joblib/blob/HEAD/CHANGES.rst#Release-120) [Compare Source](https://togithub.com/joblib/joblib/compare/1.1.1...1.2.0) - Fix a security issue where `eval(pre_dispatch)` could potentially run arbitrary code. Now only basic numerics are support[https://github.com/joblib/joblib/pull/1327](https://togithub.com/joblib/joblib/pull/1327)ull/1327 - Make sure that joblib works even when multiprocessing is not available, for instance with Pyod[https://github.com/joblib/joblib/pull/1256](https://togithub.com/joblib/joblib/pull/1256)ull/1256 - Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrent[https://github.com/joblib/joblib/pull/1263](https://togithub.com/joblib/joblib/pull/1263)ull/1263 - Fix memory alignment bug for pickles containing numpy arrays. This is especially important when loading the pickle with `mmap_mode != None` as the resulting `numpy.memmap` object would not be able to correct the misalignment without performing a memory copy. This bug would cause invalid computation and segmentation faults with native code that would directly access the underlying data buffer of a numpy array, for instance C/C++/Cython code compiled with older GCC versions or some old OpenBLAS written in plat[https://github.com/joblib/joblib/pull/1254](https://togithub.com/joblib/joblib/pull/1254)thub.com/joblib/joblib/pull/1254 - Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+. - Vendor loky 3.3.0 which fixes several bugs including: - robustly forcibly terminating worker processes in case of a crash [https://github.com/joblib/joblib/pull/1269](https://togithub.com/joblib/joblib/pull/1269)ull/1269); - avoiding leaking worker processes in case of nested loky parallel calls; - reliability spawn the correct number of reusable workers. ### [`v1.1.1`](https://togithub.com/joblib/joblib/blob/HEAD/CHANGES.rst#Release-111) [Compare Source](https://togithub.com/joblib/joblib/compare/1.1.0...1.1.1) - Fix a security issue where `eval(pre_dispatch)` could potentially run arbitrary code. Now only basic numerics are support[https://github.com/joblib/joblib/pull/1327](https://togithub.com/joblib/joblib/pull/1327)ull/1327Configuration
📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.