TST: DeprecationWarning: NumPy will stop allowing conversion of out-of-bound Python integers to integer arrays

[pllim]

Started seeing this failure in dev job:

Numpy: 1.24.0.dev0+934.gdb7414b7f
...
____________________________ TestCore.test_byteswap ____________________________

self = <astropy.io.fits.tests.test_core.TestCore object at 0x7f4c26839690>

    def test_byteswap(self):
        p = fits.PrimaryHDU()
        lst = fits.HDUList()
    
        n = np.zeros(3, dtype='i2')
        n[0] = 1
>       n[1] = 60000
E       DeprecationWarning: NumPy will stop allowing conversion of out-of-bound Python integers to integer arrays.
        The conversion of 60000 to int16 will fail in the future.
E       For the old behavior, usually:
E           np.array(value).astype(dtype)`
E       will give the desired result (the cast overflows).

.../astropy/io/fits/tests/test_core.py:56: DeprecationWarning

This affected line was copied over from PyFITS and has not been touched for 11 years. Why now, NumPy? 😿

astropy/astropy/io/fits/tests/test_core.py

Line 56 in 06e66c3

n[1] = 60000

[dhomeier]

Looks like the suggested replacement should work with our oldest numpy versions as well.

[pllim]

Where should this replacement happen? Are you interested in submitting a patch? Thanks!

[dhomeier]

Works with numpy 1.18 at least.

[neutrinoceros]

Why now, NumPy?

This may be the reason: python/cpython#95778

[dhomeier]

I don't think it relates to that; numpy/numpy#22385 does not mention any CVEs, and that possible vulnerability is already caught earlier in conversion to the native integer type (e.g. np.int16('6'+399*'0') already raises an OverflowError).
But on inputting a string, the added limit check has indeed already hit us in 13662#issuecomment-1245968462.

[mhvk]

Indeed, it is part of numpy trying to be more careful about interacting with python numbers generally, as part of trying to make casting a bit easier to understand: https://numpy.org/neps/nep-0050-scalar-promotion.html