Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump depedencies pyyaml 5.1 #1487

Closed
eamanu opened this issue Nov 17, 2019 · 11 comments
Closed

Bump depedencies pyyaml 5.1 #1487

eamanu opened this issue Nov 17, 2019 · 11 comments

Comments

@eamanu
Copy link

eamanu commented Nov 17, 2019

Hi,

I'm working on Bump elasticsearch-curator [1] to 5.8.1 on unstable (next Bullseyes). We have an incompatibility during building the package because currently on unstable is pyyaml on 5.1.2 version [2].

I look the issue [3] but I am not sure if that patch allow us use pyyaml 5.1.

So, I open this issue to know if exist a plan to update the pyyaml requirement.

[1] https://tracker.debian.org/pkg/elasticsearch-curator
[2] https://tracker.debian.org/pkg/pyyaml
[3] #1368

Specifications

  • Version: 5.8.1
  • Platform: Debian
  • Subsystem: unstable

Thanks!
Cheers

@untergeek
Copy link
Member

I apologize for the inconvenience, but Curator cannot, in its present state, run with pyyaml 5.1. It will require some breaking API changes to accommodate the newer version of pyyaml.

My best advice to you if you are not able to use the provided DEB package would be to build using a virtualenv where Python dependencies can be self-managed/contained.

@hydrapolic
Copy link
Contributor

Any plans with this?

In Gentoo Linux we don't ship packages with virtualenv, but install into the main system. And Curator is the last user of Pyyaml-3, which is vulnerable. If we cannot upgrade to anything newer, we need to remove Curator from Gentoo completely :(

As the primary package maintainer of Curator in Gentoo I must say it's a sad end.

@hydrapolic
Copy link
Contributor

As a workaround:
sed -i 's/yaml.load/yaml.unsafe_load/g' curator/utils.py test/unit/*

Tests pass with latest pyyaml-5.3.1.

@untergeek
Copy link
Member

There will be a 5.9 release of Curator and the necessary changes to PyYAML will be there. Any fixes you do before this will likely be fine, but the problem is with environment variables, which won't work without a fundamental change to how they are interpreted.

@eamanu
Copy link
Author

eamanu commented Apr 26, 2020

sed -i 's/yaml.load/yaml.unsafe_load/g' curator/utils.py test/unit/*

good workaround

There will be a 5.9 release of Curator and the necessary changes to PyYAML will be there.

great! good news!

@danpawlik
Copy link

danpawlik commented Jun 15, 2020

Another workaround:
sed -i 's/pyyaml==3.13/pyyaml>=5.3.1/g' setup.py setup.cfg requirements.txt
and
find . -type f -exec sed -i 's/yaml.load/yaml.unsafe_load/g' {} \;

About:
There will be a 5.9 release of Curator and the necessary changes to PyYAML will be there.
Hope new release will come soon :)

@faph
Copy link

faph commented Dec 9, 2020

Is there an update on the 5.9 release?

@untergeek
Copy link
Member

It will be a breaking change. Look for it to appear sometime during/over Christmas break.

@archon810
Copy link

Any updates on this please?

@tsaarni
Copy link
Contributor

tsaarni commented Apr 15, 2021

@untergeek would PyYAML version bump be feasible now with the latest version? The environment variable related tests seem to pass now, please see #1596

@untergeek
Copy link
Member

This has finally been addressed in #1596

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants