LSi Correlator: Update Numpy Dependency to 1.21 or Later

[JackEAllen]

Where?

Where is the issue likely to be (be as specific as possible e.g. filepaths)

LSi Correlator Repository in the following locations:

• requirements.txt
• correlator_driver_functions.py
• data_file_interaction.py
• mocked_correlator_api.py
• tests.py
• test_data.py

How?

How did the issue come about/known cause of issue if any? (delete subheader if not applicable)

GitHub Dependabot alert found a vulnerability in repository dependencies. The Vulnerability is inside Numpy versions >= 1.9.0, < 1.21.

The vulnerability is patched in version: 1.21

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. - GitHub Dependabot Alert

This vulnerability is not used in the LSi Correlator repository so the vulnerability does not directly affect the repository.

It is however still good practice remove the potential of this vulnerability affecting the repositories security going forward should a need to use the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code.

We should update the dependency to Numpy version 1.21 or later to resolve this problem and update on any machines which use the LSi Correlator.

Reproducible?

Yes

To Reproduce

• See dependabot alert: https://github.com/ISISComputingGroup/EPICS-LSICorrelator/security/dependabot/requirements.txt/numpy/open

Acceptance criteria

• [ ] Numpy version 1.21 or later is used by the LSi Correlator.
• [ ] requirements.txt specifies a version of numpy that is 1.21 or later.
• [ ] All unit tests and IOC system tests pass after upgrading the version used.
• [ ] Any machines using the LSi Correlator have been updated to use Numpy 1.21 or later.
• [ ] Pylint GitHub workflow passes.

How to Test

_verbose instructions for reviewer to test changes

• Run master\tests.py using the command python tests.py from an epics environment.
• Test the IOC from an epics environment from C:\Instrument\Apps\EPICS\support\EPICS-IOC_Test_Framework\ by running python run_tests.py -t lsicorr.

[ThomasLohnert]

Will be done as part of dependency update ticket.