Closed marekmodry closed 3 years ago
@bhancock8 @rsmith49 it would be amazing if we could get this into the next release. All tests pass locally.
I brought in some commit noise with this PR, so I closed this and replaced by: https://github.com/snorkel-team/snorkel/pull/1677 (where I rebased the new mypy/CI fix)
This PR has been replaced by https://github.com/snorkel-team/snorkel/pull/1677
Description of proposed changes
This PR bumps up the version upper boundary of networkx from
<2.6
to<2.7
.The main reason for bumping the version is the existence of high severity security vulnerability to Deserialization of Untrusted Data in networkx package (fixed in v2.6).
Note: networkx 2.5.x supports Python >= 3.6, while networkx 2.6.x supports Python >= 3.7. Therefore, when no other constraints are given, networkx 2.5.x is installed when on py36, while networkx 2.6.x is installed when on py3.7.
Historical context: Originally, snorkel allowed networkx
<3.0
until snorkelv0.9.2
(networkx bounds changed to<2.4
by https://github.com/snorkel-team/snorkel/pull/1492 for backward compatibility reasons). Subsequently, PR https://github.com/snorkel-team/snorkel/pull/1645 introduced changes improving the compatibility and extended the networkx's version upper bound to<2.6
(this happened before networkx 2.6 was released).Related issue(s)
Fixes #1673
Test plan
tox -e py36
on Python 3.6 withnetworkx==2.5.1
installed - PASSEDtox -e py37
on Python 3.7 withnetworkx==2.5.1
installed - PASSEDtox -e py37
on Python 3.7 withnetworkx==2.6.3
installed - PASSEDChecklist
Need help on these? Just ask!
tox -e complex
and/ortox -e spark
if appropriate.