Update requirements.txt with joblib<1.2 to solve #565

scikit-learn-contrib / hdbscan

A high performance implementation of HDBSCAN clustering.

http://hdbscan.readthedocs.io/en/latest/

BSD 3-Clause "New" or "Revised" License

2.78k stars 497 forks source link

Update requirements.txt with joblib<1.2 to solve #565 #567

Open giacomorebecchi opened 2 years ago

giacomorebecchi commented 2 years ago

Hi, I'm a BuildNN data scientist. While using HDBSCAN, I encountered issue #565 due to the minor update in joblib=1.2 that does not ensure retrocompatibility. I solved the problem specifying the joblib version to be lower than 1.2.

jcfaracco commented 2 years ago

Lower versions of joblib (<1.2.0) are affected by CVE-2022-21797.

whymauri commented 1 year ago

Have you considered using HDBSAN 0.8.29 with Joblib 1.2.0? This avoids the compatibility issue and the critical CVE in Joblib <1.2.0