diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 000000000..7d4f8bc30 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,10 @@ +# PyYAML Security Policy + +## Reporting a Suspected Vulnerability + +The PyYAML project encourages responsible disclosure of suspected security +vulnerabilities. However, we do not offer bug bounties, paid disclosure, or +paid fixes for discovered vulnerabilities. To report a suspected security +vulnerability, please e-mail details to without creating +public issues, pull requests, or discussion. Non-security correspondence to +this address will be ignored. diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 82bf0f0cb..160d8e47f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -123,17 +123,20 @@ jobs: # - { platform: manylinux1, arch: x86_64, spec: cp37 } # - { platform: manylinux1, arch: x86_64, spec: cp38 } # - { platform: manylinux1, arch: x86_64, spec: cp39 } - - { platform: manylinux2014, arch: x86_64, spec: cp310 } +# - { platform: manylinux2014, arch: x86_64, spec: cp310 } + - { platform: manylinux2014, arch: x86_64, spec: cp311 } # - { platform: manylinux2014, arch: aarch64, spec: cp36 } # - { platform: manylinux2014, arch: aarch64, spec: cp37 } # - { platform: manylinux2014, arch: aarch64, spec: cp38 } # - { platform: manylinux2014, arch: aarch64, spec: cp39 } # - { platform: manylinux2014, arch: aarch64, spec: cp310 } +# - { platform: manylinux2014, arch: aarch64, spec: cp311 } # - { platform: manylinux2014, arch: s390x, spec: cp36 } # - { platform: manylinux2014, arch: s390x, spec: cp37 } # - { platform: manylinux2014, arch: s390x, spec: cp38 } # - { platform: manylinux2014, arch: s390x, spec: cp39 } # - { platform: manylinux2014, arch: s390x, spec: cp310 } +# - { platform: manylinux2014, arch: s390x, spec: cp311 } steps: - name: Checkout PyYAML @@ -194,7 +197,7 @@ jobs: defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} steps: - name: Check cached libyaml state id: cached_libyaml @@ -222,7 +225,7 @@ jobs: macos_pyyaml: needs: macos_libyaml name: pyyaml ${{ matrix.spec }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} @@ -230,10 +233,12 @@ jobs: matrix: include: - spec: cp36-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 # - spec: cp37-macosx_x86_64 # - spec: cp38-macosx_x86_64 # - spec: cp39-macosx_x86_64 - - spec: cp310-macosx_x86_64 +# - spec: cp310-macosx_x86_64 + - spec: cp311-macosx_x86_64 # # build for arm64 under a hacked macOS 12 self-hosted x86_64-on-arm64 runner until arm64 is fully supported # # FIXME: ? cp38-macosx_arm64 requires special handling and fails some test_zdist tests under cibw 2.1.2, skip it (so Apple's XCode python3 won't have a wheel) @@ -249,6 +254,13 @@ jobs: # runs_on: [self-hosted, macOS, arm64] # arch: arm64 # run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} +# sdkroot: macosx11.3 +# +# - spec: cp311-macosx_arm64 +# deployment_target: '11.0' +# runs_on: [self-hosted, macOS, arm64] +# arch: arm64 +# run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} # sdkroot: macosx11.3 steps: @@ -277,7 +289,7 @@ jobs: SDKROOT: ${{ matrix.sdkroot || 'macosx' }} run: | python3 -V - python3 -m pip install -U --user cibuildwheel + python3 -m pip install -U --user ${{ matrix.cibw_version || 'cibuildwheel' }} python3 -m cibuildwheel --platform auto --output-dir dist . - name: Upload artifacts @@ -293,9 +305,9 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 arch: x64 - - platform: windows-2016 + - platform: windows-2019 arch: win32 steps: - name: Get cached libyaml state @@ -323,7 +335,7 @@ jobs: mkdir libyaml/build pushd libyaml/build - cmake.exe -G "Visual Studio 15 2017" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. + cmake.exe -G "Visual Studio 16 2019" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. cmake.exe --build . --config Release popd @@ -335,46 +347,54 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.6 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.7 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.8 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.9 - - platform: windows-2016 +# - platform: windows-2019 +# build_arch: x64 +# python_arch: x64 +# spec: '3.10' + - platform: windows-2019 build_arch: x64 python_arch: x64 - spec: '3.10' - - platform: windows-2016 + spec: '3.11' + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.6 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.7 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.8 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.9 - - platform: windows-2016 +# - platform: windows-2019 +# build_arch: win32 +# python_arch: x86 +# spec: '3.10' + - platform: windows-2019 build_arch: win32 python_arch: x86 - spec: '3.10' + spec: '3.11' steps: # autocrlf screws up tests under Windows - name: Set git to use LF @@ -410,7 +430,7 @@ jobs: run: | set -eux python -V - python -m pip install Cython wheel + python -m pip install "Cython<3.0" wheel python setup.py \ --with-libyaml build_ext \ diff --git a/.github/workflows/manual_artifact_build.yaml b/.github/workflows/manual_artifact_build.yaml index 519276e23..97d9add28 100644 --- a/.github/workflows/manual_artifact_build.yaml +++ b/.github/workflows/manual_artifact_build.yaml @@ -122,16 +122,19 @@ jobs: - { platform: manylinux1, arch: x86_64, spec: cp38 } - { platform: manylinux1, arch: x86_64, spec: cp39 } - { platform: manylinux2014, arch: x86_64, spec: cp310 } + - { platform: manylinux2014, arch: x86_64, spec: cp311 } - { platform: manylinux2014, arch: aarch64, spec: cp36 } - { platform: manylinux2014, arch: aarch64, spec: cp37 } - { platform: manylinux2014, arch: aarch64, spec: cp38 } - { platform: manylinux2014, arch: aarch64, spec: cp39 } - { platform: manylinux2014, arch: aarch64, spec: cp310 } + - { platform: manylinux2014, arch: aarch64, spec: cp311 } - { platform: manylinux2014, arch: s390x, spec: cp36 } - { platform: manylinux2014, arch: s390x, spec: cp37 } - { platform: manylinux2014, arch: s390x, spec: cp38 } - { platform: manylinux2014, arch: s390x, spec: cp39 } - { platform: manylinux2014, arch: s390x, spec: cp310 } + - { platform: manylinux2014, arch: s390x, spec: cp311 } steps: - name: Checkout PyYAML @@ -192,7 +195,7 @@ jobs: defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} steps: - name: Check cached libyaml state id: cached_libyaml @@ -220,7 +223,7 @@ jobs: macos_pyyaml: needs: macos_libyaml name: pyyaml ${{ matrix.spec }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} @@ -228,10 +231,14 @@ jobs: matrix: include: - spec: cp36-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 - spec: cp37-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 - spec: cp38-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 - spec: cp39-macosx_x86_64 - spec: cp310-macosx_x86_64 + - spec: cp311-macosx_x86_64 # build for arm64 under a hacked macOS 12 self-hosted x86_64-on-arm64 runner until arm64 is fully supported # FIXME: ? cp38-macosx_arm64 requires special handling and fails some test_zdist tests under cibw 2.1.2, skip it (so Apple's XCode python3 won't have a wheel) @@ -249,6 +256,13 @@ jobs: run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} sdkroot: macosx11.3 + - spec: cp311-macosx_arm64 + deployment_target: '11.0' + runs_on: [self-hosted, macOS, arm64] + arch: arm64 + run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} + sdkroot: macosx11.3 + steps: - name: Checkout PyYAML uses: actions/checkout@v2 @@ -275,7 +289,7 @@ jobs: SDKROOT: ${{ matrix.sdkroot || 'macosx' }} run: | python3 -V - python3 -m pip install -U --user cibuildwheel + python3 -m pip install -U --user ${{ matrix.cibw_version || 'cibuildwheel' }} python3 -m cibuildwheel --platform auto --output-dir dist . - name: Upload artifacts @@ -291,9 +305,9 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 arch: x64 - - platform: windows-2016 + - platform: windows-2019 arch: win32 steps: - name: Get cached libyaml state @@ -321,7 +335,7 @@ jobs: mkdir libyaml/build pushd libyaml/build - cmake.exe -G "Visual Studio 15 2017" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. + cmake.exe -G "Visual Studio 16 2019" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. cmake.exe --build . --config Release popd @@ -333,46 +347,54 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.6 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.7 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.8 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.9 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: '3.10' - - platform: windows-2016 + - platform: windows-2019 + build_arch: x64 + python_arch: x64 + spec: '3.11' + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.6 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.7 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.8 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.9 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: '3.10' + - platform: windows-2019 + build_arch: win32 + python_arch: x86 + spec: '3.11' steps: # autocrlf screws up tests under Windows - name: Set git to use LF @@ -408,7 +430,7 @@ jobs: run: | set -eux python -V - python -m pip install Cython wheel + python -m pip install "Cython<3.0" wheel python setup.py \ --with-libyaml build_ext \ diff --git a/CHANGES b/CHANGES index c37d9be88..27e11bfaf 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/commits/ * https://bitbucket.org/xi/pyyaml/commits/ +6.0.1 (2023-07-18) + +* https://github.com/yaml/pyyaml/pull/702 -- pin Cython build dep to < 3.0 + 6.0 (2021-10-13) * https://github.com/yaml/pyyaml/pull/327 -- Change README format to Markdown diff --git a/announcement.msg b/announcement.msg index abc1bbe6b..be46a5a78 100644 --- a/announcement.msg +++ b/announcement.msg @@ -1,37 +1,22 @@ From: Ingy döt Net To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net -Subject: [ANN] PyYAML-6.0 Released +Subject: [ANN] PyYAML-6.0.1 Released -===================== -Announcing PyYAML-6.0 -===================== +======================= +Announcing PyYAML-6.0.1 +======================= A new release of PyYAML is now available: -https://github.com/yaml/pyyaml/releases/tag/6.0 +https://github.com/yaml/pyyaml/releases/tag/6.0.1 -The previously-deprecated default loader selection in `yaml.load()` has -been removed; `Loader` is now a required argument. - -Support for Python 2.7 and 3.5 has been dropped, and support for Python 3.10 -added. It now includes libyaml 0.2.5 extension wheels for MacOS M1 -(Apple Silicon/arm64), Linux s390x and Linux aarch64. - -Numerous other bugfixes and code cleanups are included in this release. +No code changes; update PEP518 build metadata to require Cython < 3.0 until +packaging code is rewritten for Cython 3.0 compatibility. Changes ======= -* https://github.com/yaml/pyyaml/pull/327 -- Change README format to Markdown -* https://github.com/yaml/pyyaml/pull/483 -- Add a test for YAML 1.1 types -* https://github.com/yaml/pyyaml/pull/497 -- fix float resolver to ignore `.` and `._` -* https://github.com/yaml/pyyaml/pull/550 -- drop Python 2.7 -* https://github.com/yaml/pyyaml/pull/553 -- Fix spelling of “hexadecimal” -* https://github.com/yaml/pyyaml/pull/556 -- fix representation of Enum subclasses -* https://github.com/yaml/pyyaml/pull/557 -- fix libyaml extension compiler warnings -* https://github.com/yaml/pyyaml/pull/560 -- fix ResourceWarning on leaked file descriptors -* https://github.com/yaml/pyyaml/pull/561 -- always require `Loader` arg to `yaml.load()` -* https://github.com/yaml/pyyaml/pull/564 -- remove remaining direct distutils usage +* https://github.com/yaml/pyyaml/pull/702 -- pin Cython build dep to < 3.0 Resources diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index 465041dce..824936194 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -8,7 +8,7 @@ from .loader import * from .dumper import * -__version__ = '6.0' +__version__ = '6.0.1' try: from .cyaml import * __with_libyaml__ = True diff --git a/pyproject.toml b/pyproject.toml index 2bf5ec809..4bc04c0da 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,3 +1,3 @@ [build-system] -requires = ["setuptools", "wheel", "Cython"] +requires = ["setuptools", "wheel", "Cython<3.0"] build-backend = "setuptools.build_meta" diff --git a/setup.py b/setup.py index 548b19f70..65b0ea0e0 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ NAME = 'PyYAML' -VERSION = '6.0' +VERSION = '6.0.1' DESCRIPTION = "YAML parser and emitter for Python" LONG_DESCRIPTION = """\ YAML is a data serialization format designed for human readability @@ -33,6 +33,7 @@ "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", diff --git a/tox.ini b/tox.ini index d736a6c98..4335fa983 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = pypy3,py36,py37,py38,py39,py310 +envlist = pypy3,py36,py37,py38,py39,py310,py311 [testenv] deps =