Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PyYAML >=4.2b,<5.0 requirement does not seem to be workable #582

Closed
mbolivar opened this issue Mar 19, 2019 · 7 comments
Closed

PyYAML >=4.2b,<5.0 requirement does not seem to be workable #582

mbolivar opened this issue Mar 19, 2019 · 7 comments
Assignees

Comments

@mbolivar
Copy link

Hi, as part of zephyrproject-rtos/zephyr#14460 I learned the pyOCD setup.py has a strange YAML version range: 'pyyaml>=4.2b1,<5.0':

https://github.com/mbedmicro/pyOCD/blob/master/setup.py#L62

This is not a good idea; could you please update to 5.0 or continue working with 3.13? Either one would resolve our issue and I think is a good idea for pyOCD as well. From one of new lead maintainers of PyYAML:

There seems to be some suggesting that people use one of the
failed 4.2bx releases to get #74 behavior. This is a bad idea. 3.13
is the current supported release. I could delete the 4.2b-s from PyPI
but I haven't. I almost certainly will after 5.1 goes out.

yaml/pyyaml#193 (comment)

In other words, the current requirements are explicitly requesting users to install a PyYAML version that the maintainers are calling a "failed" release, and which they are actively discouraging users to install.

FWIW, the changes in the Zephyr tree to support PyYAML v5.0+ were minor and are discussed here: https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

Can anyone from pyOCD comment on what's holding the code back from working with 5.0?

@flit
Copy link
Member

flit commented Mar 20, 2019

Well, I didn't realise that 5.0 was released. We updated the requirement to the latest version when there was a security warning triggered by the load() API not being safe. At the time, only version 4.2b1 was released.

I'll update to 5.0 as soon as I can.

@mbolivar
Copy link
Author

mbolivar commented Apr 4, 2019

@flit any idea when a release will be available that includes #583? It looks like 0.18.0 still has the old requirement.

@flit
Copy link
Member

flit commented Apr 5, 2019

Pretty soon, within the next week. There are a few more fixes I wanted to get in. I will set a deadline for the 0.19.0 release of next Friday 12-Apr regardless of what changes are in. Is that ok?

@mbolivar
Copy link
Author

mbolivar commented Apr 5, 2019

Pretty soon, within the next week. There are a few more fixes I wanted to get in. I will set a deadline for the 0.19.0 release of next Friday 12-Apr regardless of what changes are in. Is that ok?

Sounds good, thanks! That's around when Zephyr is targeting the first LTS release, so we're hoping to get the fix into our requirements.txt by then.

@MaureenHelm
Copy link
Contributor

Pretty soon, within the next week. There are a few more fixes I wanted to get in. I will set a deadline for the 0.19.0 release of next Friday 12-Apr regardless of what changes are in. Is that ok?

Sounds good, thanks! That's around when Zephyr is targeting the first LTS release, so we're hoping to get the fix into our requirements.txt by then.

A day or two earlier would be helpful. cc: @galak

@flit
Copy link
Member

flit commented Apr 6, 2019

Then I'll get it out no later than Tuesday, maybe this weekend. I can also release further fixes in bugfix releases.

@flit
Copy link
Member

flit commented Apr 7, 2019

Fyi, version 0.19.0 was just released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants