Safety vulnerability ID: 38271
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Natcap.invest 3.8.1 bumps the psutil dependency requirement to psutil>=5.6.6 to address a double-free vulnerability documented in CVE-2019-18874.
Latest version: 3.9.1
InVEST Ecosystem Service models
------------------
* Fixed a compilation issue on Mac OS X Catalina.
* Fixed an issue with NDR's raster normalization function so that Float64
nodata values are now correctly cast to Float32. This issue was affecting
the summary vector, where the ``surf_n``, ``sub_n`` and ``n_export_tot``
columns would contain values of ``-inf``.
* Fixed minor bug in Coastal Vulnerability shore point creation. Also added a
check to fail fast when zero shore points are found within the AOI.
* The Finfish Aquaculture model no longer generates histograms for
uncertainty analysis due to issues with matplotlib that make InVEST
unstable. See https://github.com/natcap/invest/issues/87 for more.
* Corrected the Urban Cooling Model's help text for the "Cooling Capacity
Calculation Method" in the User Interface.
* Fixing an issue with SDR's ``LS`` calculations. The ``x`` term is now
the weighted mean of proportional flow from the current pixel into its
neighbors. Note that for ease of debugging, this has been implemented as a
separate raster and is now included in ``RKLS`` calculations instead of in
the ``LS`` calculations.
* Fixed a bug in validation where checking for spatial overlap would be skipped
entirely in cases where optional model arguments were not used.
* Bumping the ``psutil`` dependency requirement to ``psutil>=5.6.6`` to address
a double-free vulnerability documented in CVE-2019-18874.
* Adding a GitHub Actions workflow for building python wheels for Mac and Windows
as well as a source distribution.
* Updating links in ``setup.py``, ``README.rst`` and ``README_PYTHON.rst`` to
refer to the repository's new home on github.
* Binary builds for Windows and Mac OS X have been moved to GitHub Actions from
AppVeyor. All AppVeyor-specific configuration has been removed.
* Fixing an issue with the InVEST Makefile where ``make deploy`` was
attempting to synchronize nonexistent sample data zipfiles with a storage
bucket on GCP. Sample data zipfiles are only built on Windows, and so
``make deploy`` will only attempt to upload them when running on Windows.
* Fixed a bug in CLI logging where logfiles created by the CLI were
incompatible with the ``natcap.invest.datastack`` operation that
allows the UI to load model arguments from logfiles.
* Added error-handling in Urban Flood Risk Mitigation to tell users to
"Check that the Soil Group raster does not contain values other than
(1, 2, 3, 4)" when a ``ValueError`` is raised from ``_lu_to_cn_op``.
* Updated the ``Makefile`` to use the new git location of the InVEST User's
Guide repository at https://github.com/natcap/invest.users-guide
* Automated tests are now configured to use Github Actions for 32- and 64-bit
build targets for Python 3.6 and 3.7 on Windows. We are still using
AppVeyor for our binary builds for the time being.
* Makefile has been updated to fetch the version string from ``git`` rather
than ``hg``. A mercurial client is still needed in order to clone the
InVEST User's Guide.
* Removing Python 2 compatibility code such as ``future``, ``pyqt4``,
``basestring``, ``unicode``, ``six``, unicode casting, etc...
* Update api-docs conf file to mock sdr.sdr_core and to use updated unittest
mock
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application