Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use non-prerelease version of Pyyaml #665

Closed
myoung34 opened this issue Mar 26, 2019 · 2 comments
Closed

Use non-prerelease version of Pyyaml #665

myoung34 opened this issue Mar 26, 2019 · 2 comments
Assignees
@ngfgrant
Labels
priority: important state: has pr type: improvement
Milestone
2.1.1

Comments

@myoung34
Copy link

Currently the pyyaml version in setup.py specifies PyYaml>=4.2b1,<5.0 which are all set as pre-release.

This causes problems with things that care about pre-release (like Pipenv etc).

Is it possible to pin to non-pre version 5.1 of PyYaml?
@cczimskey
Copy link

We see similar behavior, as we also use pipenv to help segregate different projects. Would be nice to have this updatd as above so pipenv install doesn't always fail on the required pyyaml version.

ngfgrant added a commit that referenced this issue Apr 16, 2019
@ngfgrant
Upgrade to PyYaml 5.1
9cd7c7b 
Updates the PyYaml version to 5.1.

Adds in YamlLoader as per yaml/pyyaml#292

Other incompatible changes were reviewed
(yaml/pyyaml#265) and the yaml.Loader appears
to the be only concern for now.

[Resolves #665]
@ngfgrant ngfgrant self-assigned this Apr 16, 2019
@ngfgrant ngfgrant added this to the 2.1.1 milestone Apr 16, 2019
@ngfgrant
Copy link
Contributor

Thanks for your patience on this everyone.

The background to this is that a vulnerability was discovered in PyYaml (yaml/pyyaml#243)

There was a plan in the PyYaml community to do a 4.2 release (yaml/pyyaml#193) although it appears they've needed to release a major version with some backward incompatible changes (yaml/pyyaml#265).

It looks like 5.1 is out and I've added the appropriate changes into 2.1.1 release plan.

Longer term I would be open to moving to rumel or something else. PyYaml for now seems to be all over the place.

@ngfgrant ngfgrant mentioned this issue Apr 16, 2019
Merged
9 tasks
ngfgrant added a commit that referenced this issue Apr 23, 2019
@ngfgrant
Upgrade to PyYaml 5.1 (#681)
5b00bf1 
Updates the PyYaml version to 5.1.

Adds in YamlLoader as per yaml/pyyaml#292

Other incompatible changes were reviewed
(yaml/pyyaml#265) and the yaml.Loader appears
to the be only concern for now.

[Resolves #665]
ngfgrant added a commit that referenced this issue May 2, 2019
@ngfgrant
Upgrade to PyYaml 5.1 (#681)
4ad7b9d 
Updates the PyYaml version to 5.1.

Adds in YamlLoader as per yaml/pyyaml#292

Other incompatible changes were reviewed
(yaml/pyyaml#265) and the yaml.Loader appears
to the be only concern for now.

[Resolves #665]
thawkson pushed a commit to thawkson/sceptre that referenced this issue Feb 6, 2021
@ngfgrant @thawkson
Upgrade to PyYaml 5.1 (Sceptre#681)
871a76f 
Updates the PyYaml version to 5.1.

Adds in YamlLoader as per yaml/pyyaml#292

Other incompatible changes were reviewed
(yaml/pyyaml#265) and the yaml.Loader appears
to the be only concern for now.

[Resolves Sceptre#665]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ngfgrant ngfgrant

Labels
priority: important state: has pr type: improvement
Projects
None yet
Milestone
2.1.1
Development

No branches or pull requests
3 participants
@myoung34 @ngfgrant @cczimskey