numexpr work arround

[kif]

I am not especially happy to put in place such work around, I find it pretty ugly but something is needed while waiting for the issue to be fixed upstream.

What I did, theer is a hook to import numexpr from third_party where numexpr is locally patch (or not) to tell it not to sanitize the input. Unfortunately, this has to be done in 2 different ways, using the environment variable for numexpr.evaluate and patching the class for numexpr.NumExpr. Apparently it works. If you have a better idea, I would be happy to hear it.

[loichuder]

Since there is only one problematic version, would it be possible instead in the requirements of the project to disallow the version 2.8.6 of numexpr ?

Like putting numexpr != 2.8.6 in requirements.txt and other relevant places ?

[t20100]

@loichuder proposition is a lot simpler.
Using numexpr!=2.8.6 in install_requires should do the job:

pyFAI/setup.py

Lines 982 to 991 in 177f7db

	install_requires = [
	numpy_requested_version,
	"h5py",
	"fabio>=0.5",
	"matplotlib",
	"scipy",
	"numexpr",
	# for the use of pkg_resources on script launcher
	"setuptools<60.0.0",
	"silx>=1.1"]

[kif]

setup.py is no more used (left for legacy reason, to be remove in next actual release). The same is true for requirements.txt, so I am not in favour of this option.

[t20100]

setup.py is no more used

Indeed, but the same applies for pyproject.toml:

pyFAI/pyproject.toml

Lines 39 to 47 in 177f7db

	dependencies = [
	'numpy',
	'h5py',
	'fabio',
	'silx',
	'numexpr',
	'scipy',
	'matplotlib'
	]

[kif]

Replaced by solution #1950