icclim should allow numpy >= 1.22
thebaptiste opened this issue · 6 comments
- icclim version: 5.2.1
- Python version: 3.9.12
Description
icclim 5.2.1 requires numpy < 1.22 but numpy 1.21.5 has known security issues (see here)
It should be great icclim to allow numpy >= 1.22
Minimal reproducible example
pip install numpy==1.22.0 icclim==5.2.1
or
pip install numpy==1.22.4 icclim==5.2.1
or
pip install numpy==1.23.0 icclim==5.2.1
Output received
ERROR: Cannot install icclim==5.2.1 and numpy==1.22.0 because these package versions have conflicting dependencies.
The conflict is caused by:
The user requested numpy==1.22.0
icclim 5.2.1 depends on numpy<1.22 and >=1.16
Thanks
More surprising, if you try to install numpy 1.22.0 and icclim without specifying the version, for example doing :
pip install numpy==1.22.0 icclim
You will install icclim 5.0.1 !
(I suppose because icclim 5.0.1 doesn't specify a maximum version for numpy)
I saw your "todo" comment on setup.py
It seems that numba 0.55.2 is now working with numpy >= 1.22, so you probably could remove the constraint on numpy < 1.22
If you could do that in a release 5.2.2, it would be great !
Ah I didn't saw that it was fixed on numba, thanks! We can remove numpy <=1.22 constraint and test it.
(I suppose because icclim 5.0.1 doesn't specify a maximum version for numpy)
Yep.
As for the release, the 5.3 is supposed to be out soon but, we had to delay it a bit to finish #183.
So depending on how it goes, we will include this numpy version fix either in 5.3 or a 5.2.2 if it takes too long to finish ongoing work.
Note for devs:
If we create a 5.2.2, don't create it from master but from the 5.2.1 tag. The others changes on master need to be in a 5.3 (or a 6.0 if we were true to semver).
@thebaptiste A 5.2.2 version has been release with this fix on pypi and conda-forge.
Feel free to try it!
Thanks !
Sorry we can't use icclim 5.2.2 for the time being because it requires xclim 0.37.0 which requires Click >= 8.1 which is not compatible with some of our stuff.
But thanks anyway.