Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support PyYAML up to 5.x version #6623

Merged
merged 1 commit into from
Jan 9, 2020
Merged

support PyYAML up to 5.x version #6623

merged 1 commit into from
Jan 9, 2020

Conversation

GeyseR
Copy link

@GeyseR GeyseR commented Mar 31, 2019

Resolves #6619
The yaml/pyyaml#265 ticket in the original PyYAML mention several backward-incompatible changes in v.5.1:

  1. Deprecate yaml.load and add FullLoader and UnsafeLoader classes. docker-compose uses save yaml files parser, so it should be pretty safe to update to the new version.
  2. Make default_flow_style=False. The only place in the docker-compose project where dump is used already set default_flow_style argument to False

Also, in the same ticket author suggests waiting for the next release if the project uses yaml.add_constructor, YAMLObject, from_yaml, to_yaml, which seems unrelated to the docker-compose project.

@GordonTheTurtle
Copy link

Please sign your commits following these rules:
https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work
The easiest way to do this is to amend the last commit:

$ git clone -b "yaml_upgrade" [email protected]:GeyseR/compose.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

@GeyseR
Copy link
Author

GeyseR commented Apr 11, 2019

Any thoughts?

@chris-crone chris-crone added this to the 1.25.0 milestone Apr 11, 2019
@chris-crone chris-crone removed this from the 1.25.0 milestone Apr 11, 2019
@chris-crone chris-crone removed the request for review from ulyssessouza April 11, 2019 10:57
@chris-crone
Copy link
Member

Hi @GeyseR!

Thanks for the PR. As @ijc said in the issue, it would be good to wait for pyyaml 5.2 because of known issues. When that's out, can you please update this PR?

@GeyseR
Copy link
Author

GeyseR commented Apr 11, 2019

Do you think those issues are critical for the compose project? In the PR description, I've added an explanation of why we can allow 5.1 without any breakage of the compose functionality.

@chris-crone
Copy link
Member

Taking a more in depth look:

Deprecation of yaml.load

We use this in a couple of places so we should move to yaml.safe_load in the PR that bumps pyyaml.

Also the logic for detecting special characters was broken, which results in strings with tabs (for example) to be dumped in plain style on python 2.7 on systems with sys.maxunicode <= 0xffff.

That is worrying as we support Python 2.7.

Thank you for this PR and for taking the time to investigate this properly. Given the Python 2.7 issue though, I think it's best to hold off until pyyaml 5.2.

@GeyseR
Copy link
Author

GeyseR commented Apr 12, 2019

We use this in a couple of places so we should move to yaml.safe_load in the PR that bumps pyyaml.
i've updated all calls to yaml.load to yaml.save_load. All those places were in tests, the actual package code already uses yaml.safe_load/yaml.safe_dump everywhere.

That is worrying as we support Python 2.7.
yea, I didn't take it into account while I probably had to. I would agree that we should wait for the pyyaml v.5.2. Do you think we should keep this PR and set it On Hold, or open a new one when 5.2 will be released? (In case of the first option I can take care of updating existing PR according to the changes in the new pyyaml release)

@chris-crone chris-crone self-requested a review April 12, 2019 12:31
@chris-crone chris-crone added this to the 1.25.0 milestone Apr 12, 2019
@chris-crone
Copy link
Member

i've updated all calls to yaml.load to yaml.save_load. All those places were in tests, the actual package code already uses yaml.safe_load/yaml.safe_dump everywhere.

Thank you!

yea, I didn't take it into account while I probably had to. I would agree that we should wait for the pyyaml v.5.2. Do you think we should keep this PR and set it On Hold, or open a new one when 5.2 will be released? (In case of the first option I can take care of updating existing PR according to the changes in the new pyyaml release)

Since you've done the work of moving to safe_load, we can leave this open and wait for 5.2. It's useful to have this as we have the CI runs with the changes so we can see if they break anything.

chrisgemignani added a commit to juiceinc/devlandia that referenced this pull request Apr 24, 2019
Fixes security issues with Jinja2, urllib3, pyyaml. Raises an error when installing pyyaml==5.1 due to pinned constraints in docker-compose and aws-cli.

AWS-cli has issues w pyyaml 5 dropping support for python 2.6
aws/aws-cli#3828

Docker compose is still waiting on some issues w unicode support in pyyaml 5.1, but this doesn't affect us.
docker/compose#6623
@richardhanson
Copy link

richardhanson commented May 17, 2019

Unless I'm missing something, the Python 2 issue is not relevant here. Since the package code already uses safe_load everywhere and this is just a dependency and test update, can this be merged? I'm working with a pytest plugin that is affected by this.

Thank you for being cautious and careful!

EDIT:
Nevermind on the whole thing. I didn't understand that 5.1 broke existing functionality in dump for Python 2.7. Can't wait for 1/1/2020!

@graingert
Copy link

That is worrying as we support Python 2.7.

although that seems to only be broken in yaml.dump which isn't used, except in an example script which uses ruamel.yaml.dump

ruamel.yaml.dump(
new_format,
stream,
Dumper=ruamel.yaml.RoundTripDumper,
indent=indent,
width=width)

@graingert
Copy link

ah, no there's a dump here:

return yaml.safe_dump(
denormalize_config(config, image_digests),
default_flow_style=False,
indent=2,
width=80,
allow_unicode=True
)

@hartwork
Copy link

hartwork commented Jun 8, 2019

@GeyseR can you rebase this against latest master to address the conflicts?

My vote for getting this into 1.25 (rather than 1.26).

@hartwork
Copy link

hartwork commented Jun 8, 2019

There is one more call to .load that might be worth checking, this time with ruamel, though:

--- a/contrib/migration/migrate-compose-file-v1-to-v2.py
+++ b/contrib/migration/migrate-compose-file-v1-to-v2.py
@@ -19,7 +19,7 @@ log = logging.getLogger('migrate')
 
 
 def migrate(content):
-    data = ruamel.yaml.load(content, ruamel.yaml.RoundTripLoader)
+    data = ruamel.yaml.safe_load(content, ruamel.yaml.RoundTripLoader)
 
     service_names = data.keys()
 

@GeyseR
Copy link
Author

GeyseR commented Jun 9, 2019

Hey @hartwork
Thanks for looking into this issue and PR. I definitely support your opinion about releasing this as part of 1.25 release. I've rebased my changed against current master.
Unfortunately, the pyyaml team hasn't released 5.2 version yet, so it looks like there could be some incompatibility problems with Python 2.7

There is one more call to .load that might be worth checking, this time with ruamel

compose uses ruamel's RoundTripLoader for loading files, that uses RoundTripConstructor that in turn inherits from SafeConstructor. So we should be ok there.

@GeyseR
Copy link
Author

GeyseR commented Oct 23, 2019

rebased on current master

@graingert
Copy link

graingert commented Dec 9, 2019

@rumpl will this make it for 1.25.1? (eg py2 supported)

@graingert
Copy link

@ulyssessouza how many reviewers are required for a PR?

@ulyssessouza
Copy link
Collaborator

@graingert A PR normally needs the approval of 2 maintainers. This PR will get merged just after 1.25.1 is released.

The reason is that 1.25.1-rc1 is on testing phase to be promoted to 1.25.1 and as this is a major version change, that would be better to have this tested in an RC before.
This does not explain why it's not merged. And this is because the release process is quite tricky, so we prefer to have a clean master branch just to have a smooth release.
This should change for 2020 thanks to the work of @ndeloof in #7079

I'm very sorry to have a PR that LGTM not merged for that long but we are working on "cleaning the house" to get better workflows.

@graingert
Copy link

@ulyssessouza will it make a 1.25.x release? Eg py2 still supported?

@ulyssessouza
Copy link
Collaborator

@graingert Probably not

@kohtala
Copy link

kohtala commented Dec 19, 2019

So Python3 would work with PyYAML 5.x? Would it help to use environment markers and provide different PyYAML requirement for python 2.7 and 3.x?

So in setup.py

'PyYAML >= 3.10, < 5',

would be like

'PyYAML >= 3.10, < 5; python_version == "2.7"',
'PyYAML >= 3.10, < 6; python_version != "2.7"',

There are other choises of comparisons, but that should work for existing and future versions.

I am a little impatient as I am fighting now to use two libraries at the same time where other requires PyYAML 5. I regret moving to Pipenv as I find no way to tell it to ignore this requires-dist that does not affect our use.

@graingert
Copy link

So Python3 would work with PyYAML 5.x? Would it help to use environment markers and provide different PyYAML requirement for python 2.7 and 3.x?

So in setup.py

'PyYAML >= 3.10, < 5',

would be like

'PyYAML >= 3.10, < 5; python_version == "2.7"',
'PyYAML >= 3.10, < 6; python_version != "2.7"',

There are other choises of comparisons, but that should work for existing and future versions.

I am a little impatient as I am fighting now to use two libraries at the same time where other requires PyYAML 5. I regret moving to Pipenv as I find no way to tell it to ignore this requires-dist that does not affect our use.

There would be no point in doing that because this PR provides pyaml 3.10 to 6 support for both py2 and py3

@ulyssessouza
Copy link
Collaborator

Python2 will be dropped in version 1.26.0 anyways. Check #7031

@graingert
Copy link

Python2 will be dropped in version 1.26.0 anyways. Check #7031

This pr is compatible with a v1.25.x release though

requirements.txt Outdated Show resolved Hide resolved
@GeyseR GeyseR changed the title support PyYAML up to 5.2 version support PyYAML up to 5.x version Jan 8, 2020
@ulyssessouza
Copy link
Collaborator

Just squash the commits and that's good for me

@graingert
Copy link

graingert commented Jan 8, 2020

@GeyseR this will also need a rebase to deal with the conflicts in requirements.txt

@ulyssessouza if you merge PRs that manually change requirements.txt and therefore conflict with dependabot PRs dependabot will automatically rebase to fix the conflicts, this way you don't have to wait for a human to resolve the conflicts

@kohtala
Copy link

kohtala commented Jan 9, 2020

There would be no point in doing that because this PR provides pyaml 3.10 to 6 support for both py2 and py3

I know. I do not disrespects this PR. If this PR is really going in now, I am happy, but I was maybe unclear in asking if another PR could go in while waiting for this.

docker-compose can not be currently installed with some other libraries. It is a blocker, and a partial solution would be better than keeping those unaffected waiting.

@graingert
Copy link

There would be no point in doing that because this PR provides pyaml 3.10 to 6 support for both py2 and py3

I know. I do not disrespects this PR. If this PR is really going in now, I am happy, but I was maybe unclear in asking if another PR could go in while waiting for this.

docker-compose can not be currently installed with some other libraries. It is a blocker, and a partial solution would be better than keeping those unaffected waiting.

There is no partial solution that is py3 only, the code change in this PR is required to support pyyaml~=5.2 on either py3 or py2

@graingert
Copy link

@GeyseR can you rebase and squash everything into 1 commit?

@GeyseR
Copy link
Author

GeyseR commented Jan 9, 2020

@graingert @ulyssessouza I've squashed commits and rebased changes against the actual master branch

@ndeloof ndeloof merged commit c818bfc into docker:master Jan 9, 2020
@ulyssessouza
Copy link
Collaborator

Thank you all and specially @GeyseR for the patience!

@graingert
Copy link

@ulyssessouza great stuff! Do you know when the next release will be?

@ulyssessouza
Copy link
Collaborator

That will be 1.26.0 for sure but for the when, that depends on the advancement on the CI rework

@graingert
Copy link

@ulyssessouza I see docker-compose==1.25.2rc2 has 'PyYAML >= 3.10, < 6', and I see https://github.com/docker/compose/releases/tag/v1.25.2 but it's not on pypi yet

@hartwork
Copy link

@graingert
Copy link

@hartwork awesome I'm upgrading everywhere now!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow PyYAML >= 5
10 participants