installing latest 5.0.3 on windows machines is still using pywin32==227 but not pywin32==301 #2902
Comments
|
Can confirm this issue, this is what happens while trying to install using poetry |
Remove tests since they're all disabled and one (docker) has a security issue: docker/docker-py#2902
Remove tests since they're all disabled and one (docker) has a security issue: docker/docker-py#2902
|
This issue exist on Python Poetry projects as well even if v5.0.3 is used already, https://github.com/thegeeklab/docker-tidy/security/dependabot/poetry.lock/pywin32/open |
|
Also being bitten by this. FYI, there's a further update to |
This ticket doesn't do it, but there already is a PR which covers it, #2857 |
pygit2 wheels should be now available. Had to skip pytest-docker for Windows + Python 3.10 due to a dependency issue with it's dependency, see: docker/docker-py#2902.
pygit2 wheels should be now available. Had to skip pytest-docker for Windows + Python 3.10 due to a dependency issue with it's dependency, see: docker/docker-py#2902.
pygit2 wheels should be now available. Had to skip pytest-docker for Windows + Python 3.10 due to a dependency issue with it's dependency, see: docker/docker-py#2902.
|
Any update on this? There's known vulnerabilities with pywin 227: https://security.snyk.io/vuln/SNYK-PYTHON-PYWIN32-1316226 |
|
Ping! |
|
Docker team, PLEASE can you accept any of the many already submitted fixes for this? People using docker through python and also on github cloud are getting security notifications due to your library. It is happening regardless of whether or not the team uses windows because githubs analysis cares only about transitive dependencies. This bug has been open for 8 months. FWIW this fix properly preserves python 2 support which might be safer for more users for the time being: #2955
|
|
I got around this problem by removing all docker software and using an alternative, as all docker software seems to have become abandonware and incompatible with the current Python version. |
Which alternative did you end up using @aabmets ? |
My use case was somewhat unique - using a container manager was an option, not a requirement. I needed to run QuestDB for a project and in addition to the docker container they also had a direct executable file available, so I just chose to run the exe directly from Python code in a subprocess. |
|
Is docker still a thing ?? It's been 8 months that this blocking problem prevents all Windows users to use the python docker lib in Python 3.10... More and more user must downgrade Python or drop Docker support... Knowing that one of the strategy of docker today is to put forward Docker Desktop (pro) with the Windows environment, it is all the more surprising / worrying that nothing is happening on this issue! last hope? @StefanScherer could you address this issue to someone please ? |
|
Looks like they're considering just abandoning the package #2989 |
|
I think it's a dangerous situation when the only fully-featured Docker management library (correct me if I'm wrong) is abandoned. Furthermore, contains significant vulnerabilities. Are there any volunteers to maintain a fork? We could create an organization like |
|
Ideally the project is donated of course, but if there is no further communication around this, I wouldn't mind help maintaining a fork @droserasprout . Another of my OSS projects relies heavily on Considering the project scope and personal time-constraints it could just be a maintenance fork, where we only consider security fixes and version compatibility PR's. |
|
Sorry, I didn't notice the discussion of potential forking in another issue. Also, it appeared that docker-py is not the only Docker library around. |
Upgrade to latest pywin32, which has support for Python 3.10 and resolves a CVE (related to ACL APIs, outside the scope of what `docker-py` relies on, which is npipe support, but still gets flagged by scanners). The version constraint has also been relaxed in `setup.py` to allow newer versions of pywin32. This is similar to how we handle the other packages there, and should be safe from a compatibility perspective. Fixes docker#2902. Closes docker#2972 and closes docker#2980.
Upgrade to latest pywin32, which has support for Python 3.10 and resolves a CVE (related to ACL APIs, outside the scope of what `docker-py` relies on, which is npipe support, but still gets flagged by scanners). The version constraint has also been relaxed in `setup.py` to allow newer versions of pywin32. This is similar to how we handle the other packages there, and should be safe from a compatibility perspective. Fixes docker#2902. Closes docker#2972 and closes docker#2980. Signed-off-by: Milas Bowman <milas.bowman@docker.com>
Upgrade to latest pywin32, which has support for Python 3.10 and resolves a CVE (related to ACL APIs, outside the scope of what `docker-py` relies on, which is npipe support, but still gets flagged by scanners). The version constraint has also been relaxed in `setup.py` to allow newer versions of pywin32. This is similar to how we handle the other packages there, and should be safe from a compatibility perspective. Fixes #2902. Closes #2972 and closes #2980. Signed-off-by: Milas Bowman <milas.bowman@docker.com>
Bump pywin32 from 227 to 301 was already merged in to bump pywin32 from 227 to 301. But, when installing latest 5.0.3 on windows machines is resulting in install of pywin32==227
Most likely extras_require needs updated
docker-py/setup.py
Line 19 in a48a5a9
The text was updated successfully, but these errors were encountered: