This is an archive of the discontinued LLVM Phabricator instance.

Differential D142563

[mlir] Pin for the PyPi requirements for mlir
ClosedPublic

Authored by stella.stamenova on Jan 25 2023, 9:16 AM.

Details

Reviewers
stellaraccident
ftynse
Commits
rGca174f12c45b: [mlir] Pin for the PyPi requirements for mlir
Summary

This change is pinning the requirements to a specific version (or a range) depending on the requirement. A couple of considerations:

  • numpy 1.24 deprecates np.object, np.bool, np.float, np.complex, np.str, and np.int which are used heavily in onnx-mlir
  • not all versions of each package are available on every platform - to the best of my knowledge, these ranges should work on Ubuntu, CentOS and Windows

Adding a minimum and maximum version, or pinning to a specific versions where possible, helps with two major goals - security and maintainability. It gives us an opportunity to make sure that the packages being used are not part of a security attack as well as guaranteeing that they support the features that mlir depends on (see note about numpy deprecation).

Let me know if you are aware of better versions or ranges to pin to.

Diff Detail

Event Timeline

stella.stamenova created this revision.Jan 25 2023, 9:16 AM
Herald added a reviewer: ftynse. · View Herald TranscriptJan 25 2023, 9:16 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: Moerafaat, zero9178, bzcheeseman and 20 others. · View Herald Transcript
stella.stamenova requested review of this revision.Jan 25 2023, 9:16 AM
Herald added subscribers: stephenneuendorffer, nicolasvasilache. · View Herald TranscriptJan 25 2023, 9:16 AM
Harbormaster completed remote builds in B209902: Diff 492147.Jan 25 2023, 10:41 AM
stellaraccident accepted this revision.Jan 27 2023, 8:36 AM

Given the security situation, I am fine making this change to tighten things up. It may cause some trouble for folks in the wild if they have concerning versions and pip doesn't offer great solutions. As part of a dev setup, though, I feel that folks should be able to self serve solutions to issues of there is a problem.

This revision is now accepted and ready to land.Jan 27 2023, 8:36 AM
Herald added a subscriber: thopre. · View Herald TranscriptJan 27 2023, 8:36 AM
Closed by commit rGca174f12c45b: [mlir] Pin for the PyPi requirements for mlir (authored by stella.stamenova). · Explain WhyFeb 1 2023, 10:26 AM
This revision was automatically updated to reflect the committed changes.
stella.stamenova added a commit: rGca174f12c45b: [mlir] Pin for the PyPi requirements for mlir.

Revision Contents

PathSize
mlir/
python/
8 lines

Diff 494002

mlir/python/requirements.txt

numpy numpy>=1.19.5, <=1.23.5
pybind11>=2.8.0 pybind11>=2.8.0, <=2.10.3
PyYAML PyYAML==6.0
dataclasses dataclasses>=0.6, <=0.8