search

NatLibFi / Annif

Annif is a multi-algorithm automated subject indexing tool for libraries, archives and museums.
https://annif.org
Other
201 stars 41 forks source link

Upgrade to joblib 1.2.x #627

Closed osma closed 2 years ago

osma commented 2 years ago

This PR upgrades joblib from 1.1.0 to 1.2.*. The main reason is to get rid of the dependabot warning about an arbitrary code execution security vulnerability.

AFAICT, Annif isn't actually vulnerable because we don't use the pre_dispatch option at all.

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

codecov[bot] commented 2 years ago

Codecov Report

Base: 99.61% // Head: 99.61% // No change to project coverage :thumbsup:

Coverage data is based on head (5a603ad) compared to base (6e5a939). Patch has no changes to coverable lines.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #627 +/- ## ======================================= Coverage 99.61% 99.61% ======================================= Files 87 87 Lines 5945 5945 ======================================= Hits 5922 5922 Misses 23 23 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=NatLibFi). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=NatLibFi)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.