From f873cfef316290c7cb5351b7e77a8d69d48d4f7d Mon Sep 17 00:00:00 2001 From: Matthieu Darbois Date: Wed, 14 Sep 2022 00:12:45 +0200 Subject: [PATCH 1/3] Add python 3.11 support (#663) * security disclosure docs * Add python 3.11 support * ci: use `windows-2019` runners `windows-2016` runners have been removed * ci: use CPython 3.11.0-rc.2 for Windows builds Co-authored-by: Matt Davis --- .github/SECURITY.md | 10 ++++ .github/workflows/ci.yaml | 53 +++++++++++++------- .github/workflows/manual_artifact_build.yaml | 45 ++++++++++++----- setup.py | 1 + tox.ini | 2 +- 5 files changed, 80 insertions(+), 31 deletions(-) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 000000000..7d4f8bc30 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,10 @@ +# PyYAML Security Policy + +## Reporting a Suspected Vulnerability + +The PyYAML project encourages responsible disclosure of suspected security +vulnerabilities. However, we do not offer bug bounties, paid disclosure, or +paid fixes for discovered vulnerabilities. To report a suspected security +vulnerability, please e-mail details to without creating +public issues, pull requests, or discussion. Non-security correspondence to +this address will be ignored. diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 82bf0f0cb..53796394c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -123,17 +123,20 @@ jobs: # - { platform: manylinux1, arch: x86_64, spec: cp37 } # - { platform: manylinux1, arch: x86_64, spec: cp38 } # - { platform: manylinux1, arch: x86_64, spec: cp39 } - - { platform: manylinux2014, arch: x86_64, spec: cp310 } +# - { platform: manylinux2014, arch: x86_64, spec: cp310 } + - { platform: manylinux2014, arch: x86_64, spec: cp311 } # - { platform: manylinux2014, arch: aarch64, spec: cp36 } # - { platform: manylinux2014, arch: aarch64, spec: cp37 } # - { platform: manylinux2014, arch: aarch64, spec: cp38 } # - { platform: manylinux2014, arch: aarch64, spec: cp39 } # - { platform: manylinux2014, arch: aarch64, spec: cp310 } +# - { platform: manylinux2014, arch: aarch64, spec: cp311 } # - { platform: manylinux2014, arch: s390x, spec: cp36 } # - { platform: manylinux2014, arch: s390x, spec: cp37 } # - { platform: manylinux2014, arch: s390x, spec: cp38 } # - { platform: manylinux2014, arch: s390x, spec: cp39 } # - { platform: manylinux2014, arch: s390x, spec: cp310 } +# - { platform: manylinux2014, arch: s390x, spec: cp311 } steps: - name: Checkout PyYAML @@ -233,7 +236,8 @@ jobs: # - spec: cp37-macosx_x86_64 # - spec: cp38-macosx_x86_64 # - spec: cp39-macosx_x86_64 - - spec: cp310-macosx_x86_64 +# - spec: cp310-macosx_x86_64 + - spec: cp311-macosx_x86_64 # # build for arm64 under a hacked macOS 12 self-hosted x86_64-on-arm64 runner until arm64 is fully supported # # FIXME: ? cp38-macosx_arm64 requires special handling and fails some test_zdist tests under cibw 2.1.2, skip it (so Apple's XCode python3 won't have a wheel) @@ -249,6 +253,13 @@ jobs: # runs_on: [self-hosted, macOS, arm64] # arch: arm64 # run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} +# sdkroot: macosx11.3 +# +# - spec: cp311-macosx_arm64 +# deployment_target: '11.0' +# runs_on: [self-hosted, macOS, arm64] +# arch: arm64 +# run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} # sdkroot: macosx11.3 steps: @@ -293,9 +304,9 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 arch: x64 - - platform: windows-2016 + - platform: windows-2019 arch: win32 steps: - name: Get cached libyaml state @@ -323,7 +334,7 @@ jobs: mkdir libyaml/build pushd libyaml/build - cmake.exe -G "Visual Studio 15 2017" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. + cmake.exe -G "Visual Studio 16 2019" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. cmake.exe --build . --config Release popd @@ -335,46 +346,54 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.6 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.7 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.8 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.9 - - platform: windows-2016 +# - platform: windows-2019 +# build_arch: x64 +# python_arch: x64 +# spec: '3.10' + - platform: windows-2019 build_arch: x64 python_arch: x64 - spec: '3.10' - - platform: windows-2016 + spec: '3.11.0-rc.2' + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.6 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.7 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.8 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.9 - - platform: windows-2016 +# - platform: windows-2019 +# build_arch: win32 +# python_arch: x86 +# spec: '3.10' + - platform: windows-2019 build_arch: win32 python_arch: x86 - spec: '3.10' + spec: '3.11.0-rc.2' steps: # autocrlf screws up tests under Windows - name: Set git to use LF diff --git a/.github/workflows/manual_artifact_build.yaml b/.github/workflows/manual_artifact_build.yaml index 519276e23..fdc7faa3c 100644 --- a/.github/workflows/manual_artifact_build.yaml +++ b/.github/workflows/manual_artifact_build.yaml @@ -122,16 +122,19 @@ jobs: - { platform: manylinux1, arch: x86_64, spec: cp38 } - { platform: manylinux1, arch: x86_64, spec: cp39 } - { platform: manylinux2014, arch: x86_64, spec: cp310 } + - { platform: manylinux2014, arch: x86_64, spec: cp311 } - { platform: manylinux2014, arch: aarch64, spec: cp36 } - { platform: manylinux2014, arch: aarch64, spec: cp37 } - { platform: manylinux2014, arch: aarch64, spec: cp38 } - { platform: manylinux2014, arch: aarch64, spec: cp39 } - { platform: manylinux2014, arch: aarch64, spec: cp310 } + - { platform: manylinux2014, arch: aarch64, spec: cp311 } - { platform: manylinux2014, arch: s390x, spec: cp36 } - { platform: manylinux2014, arch: s390x, spec: cp37 } - { platform: manylinux2014, arch: s390x, spec: cp38 } - { platform: manylinux2014, arch: s390x, spec: cp39 } - { platform: manylinux2014, arch: s390x, spec: cp310 } + - { platform: manylinux2014, arch: s390x, spec: cp311 } steps: - name: Checkout PyYAML @@ -232,6 +235,7 @@ jobs: - spec: cp38-macosx_x86_64 - spec: cp39-macosx_x86_64 - spec: cp310-macosx_x86_64 + - spec: cp311-macosx_x86_64 # build for arm64 under a hacked macOS 12 self-hosted x86_64-on-arm64 runner until arm64 is fully supported # FIXME: ? cp38-macosx_arm64 requires special handling and fails some test_zdist tests under cibw 2.1.2, skip it (so Apple's XCode python3 won't have a wheel) @@ -249,6 +253,13 @@ jobs: run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} sdkroot: macosx11.3 + - spec: cp311-macosx_arm64 + deployment_target: '11.0' + runs_on: [self-hosted, macOS, arm64] + arch: arm64 + run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} + sdkroot: macosx11.3 + steps: - name: Checkout PyYAML uses: actions/checkout@v2 @@ -291,9 +302,9 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 arch: x64 - - platform: windows-2016 + - platform: windows-2019 arch: win32 steps: - name: Get cached libyaml state @@ -321,7 +332,7 @@ jobs: mkdir libyaml/build pushd libyaml/build - cmake.exe -G "Visual Studio 15 2017" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. + cmake.exe -G "Visual Studio 16 2019" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. cmake.exe --build . --config Release popd @@ -333,46 +344,54 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.6 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.7 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.8 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.9 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: '3.10' - - platform: windows-2016 + - platform: windows-2019 + build_arch: x64 + python_arch: x64 + spec: '3.11.0-rc.2' + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.6 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.7 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.8 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.9 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: '3.10' + - platform: windows-2019 + build_arch: win32 + python_arch: x86 + spec: '3.11.0-rc.2' steps: # autocrlf screws up tests under Windows - name: Set git to use LF diff --git a/setup.py b/setup.py index 548b19f70..944e7fa21 100644 --- a/setup.py +++ b/setup.py @@ -33,6 +33,7 @@ "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", diff --git a/tox.ini b/tox.ini index d736a6c98..4335fa983 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = pypy3,py36,py37,py38,py39,py310 +envlist = pypy3,py36,py37,py38,py39,py310,py311 [testenv] deps = From ae08bdc82b4ddfcd2b93c8aedcd1963766c3307d Mon Sep 17 00:00:00 2001 From: Matt Davis <6775756+nitzmahone@users.noreply.github.com> Date: Tue, 18 Jul 2023 00:53:03 +0200 Subject: [PATCH 2/3] block Cython 3.0+ as a build dep (#702) * keeps libyaml extension build functional once Cython 3.0 releases; stopgap measure until we can rewrite the extension build to eliminate all the ancient deprecated distutils magic --- .github/workflows/ci.yaml | 13 +++++++------ .github/workflows/manual_artifact_build.yaml | 15 +++++++++------ pyproject.toml | 2 +- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 53796394c..160d8e47f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -197,7 +197,7 @@ jobs: defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} steps: - name: Check cached libyaml state id: cached_libyaml @@ -225,7 +225,7 @@ jobs: macos_pyyaml: needs: macos_libyaml name: pyyaml ${{ matrix.spec }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} @@ -233,6 +233,7 @@ jobs: matrix: include: - spec: cp36-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 # - spec: cp37-macosx_x86_64 # - spec: cp38-macosx_x86_64 # - spec: cp39-macosx_x86_64 @@ -288,7 +289,7 @@ jobs: SDKROOT: ${{ matrix.sdkroot || 'macosx' }} run: | python3 -V - python3 -m pip install -U --user cibuildwheel + python3 -m pip install -U --user ${{ matrix.cibw_version || 'cibuildwheel' }} python3 -m cibuildwheel --platform auto --output-dir dist . - name: Upload artifacts @@ -369,7 +370,7 @@ jobs: - platform: windows-2019 build_arch: x64 python_arch: x64 - spec: '3.11.0-rc.2' + spec: '3.11' - platform: windows-2019 build_arch: win32 python_arch: x86 @@ -393,7 +394,7 @@ jobs: - platform: windows-2019 build_arch: win32 python_arch: x86 - spec: '3.11.0-rc.2' + spec: '3.11' steps: # autocrlf screws up tests under Windows - name: Set git to use LF @@ -429,7 +430,7 @@ jobs: run: | set -eux python -V - python -m pip install Cython wheel + python -m pip install "Cython<3.0" wheel python setup.py \ --with-libyaml build_ext \ diff --git a/.github/workflows/manual_artifact_build.yaml b/.github/workflows/manual_artifact_build.yaml index fdc7faa3c..97d9add28 100644 --- a/.github/workflows/manual_artifact_build.yaml +++ b/.github/workflows/manual_artifact_build.yaml @@ -195,7 +195,7 @@ jobs: defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} steps: - name: Check cached libyaml state id: cached_libyaml @@ -223,7 +223,7 @@ jobs: macos_pyyaml: needs: macos_libyaml name: pyyaml ${{ matrix.spec }} - runs-on: ${{ matrix.runs_on || 'macos-10.15' }} + runs-on: ${{ matrix.runs_on || 'macos-11' }} defaults: run: shell: ${{ matrix.run_wrapper || 'bash --noprofile --norc -eo pipefail {0}' }} @@ -231,8 +231,11 @@ jobs: matrix: include: - spec: cp36-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 - spec: cp37-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 - spec: cp38-macosx_x86_64 + cibw_version: cibuildwheel==2.11.1 - spec: cp39-macosx_x86_64 - spec: cp310-macosx_x86_64 - spec: cp311-macosx_x86_64 @@ -286,7 +289,7 @@ jobs: SDKROOT: ${{ matrix.sdkroot || 'macosx' }} run: | python3 -V - python3 -m pip install -U --user cibuildwheel + python3 -m pip install -U --user ${{ matrix.cibw_version || 'cibuildwheel' }} python3 -m cibuildwheel --platform auto --output-dir dist . - name: Upload artifacts @@ -367,7 +370,7 @@ jobs: - platform: windows-2019 build_arch: x64 python_arch: x64 - spec: '3.11.0-rc.2' + spec: '3.11' - platform: windows-2019 build_arch: win32 python_arch: x86 @@ -391,7 +394,7 @@ jobs: - platform: windows-2019 build_arch: win32 python_arch: x86 - spec: '3.11.0-rc.2' + spec: '3.11' steps: # autocrlf screws up tests under Windows - name: Set git to use LF @@ -427,7 +430,7 @@ jobs: run: | set -eux python -V - python -m pip install Cython wheel + python -m pip install "Cython<3.0" wheel python setup.py \ --with-libyaml build_ext \ diff --git a/pyproject.toml b/pyproject.toml index 2bf5ec809..4bc04c0da 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,3 +1,3 @@ [build-system] -requires = ["setuptools", "wheel", "Cython"] +requires = ["setuptools", "wheel", "Cython<3.0"] build-backend = "setuptools.build_meta" From c42fa3bff1eabdb64763bb1526d9ea1ccb708479 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Tue, 18 Jul 2023 01:38:18 +0200 Subject: [PATCH 3/3] 6.0.1 release --- CHANGES | 4 ++++ announcement.msg | 31 ++++++++----------------------- lib/yaml/__init__.py | 2 +- setup.py | 2 +- 4 files changed, 14 insertions(+), 25 deletions(-) diff --git a/CHANGES b/CHANGES index c37d9be88..27e11bfaf 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ For a complete changelog, see: * https://github.com/yaml/pyyaml/commits/ * https://bitbucket.org/xi/pyyaml/commits/ +6.0.1 (2023-07-18) + +* https://github.com/yaml/pyyaml/pull/702 -- pin Cython build dep to < 3.0 + 6.0 (2021-10-13) * https://github.com/yaml/pyyaml/pull/327 -- Change README format to Markdown diff --git a/announcement.msg b/announcement.msg index abc1bbe6b..be46a5a78 100644 --- a/announcement.msg +++ b/announcement.msg @@ -1,37 +1,22 @@ From: Ingy döt Net To: python-list@python.org, python-announce@python.org, yaml-core@lists.sourceforge.net -Subject: [ANN] PyYAML-6.0 Released +Subject: [ANN] PyYAML-6.0.1 Released -===================== -Announcing PyYAML-6.0 -===================== +======================= +Announcing PyYAML-6.0.1 +======================= A new release of PyYAML is now available: -https://github.com/yaml/pyyaml/releases/tag/6.0 +https://github.com/yaml/pyyaml/releases/tag/6.0.1 -The previously-deprecated default loader selection in `yaml.load()` has -been removed; `Loader` is now a required argument. - -Support for Python 2.7 and 3.5 has been dropped, and support for Python 3.10 -added. It now includes libyaml 0.2.5 extension wheels for MacOS M1 -(Apple Silicon/arm64), Linux s390x and Linux aarch64. - -Numerous other bugfixes and code cleanups are included in this release. +No code changes; update PEP518 build metadata to require Cython < 3.0 until +packaging code is rewritten for Cython 3.0 compatibility. Changes ======= -* https://github.com/yaml/pyyaml/pull/327 -- Change README format to Markdown -* https://github.com/yaml/pyyaml/pull/483 -- Add a test for YAML 1.1 types -* https://github.com/yaml/pyyaml/pull/497 -- fix float resolver to ignore `.` and `._` -* https://github.com/yaml/pyyaml/pull/550 -- drop Python 2.7 -* https://github.com/yaml/pyyaml/pull/553 -- Fix spelling of “hexadecimal” -* https://github.com/yaml/pyyaml/pull/556 -- fix representation of Enum subclasses -* https://github.com/yaml/pyyaml/pull/557 -- fix libyaml extension compiler warnings -* https://github.com/yaml/pyyaml/pull/560 -- fix ResourceWarning on leaked file descriptors -* https://github.com/yaml/pyyaml/pull/561 -- always require `Loader` arg to `yaml.load()` -* https://github.com/yaml/pyyaml/pull/564 -- remove remaining direct distutils usage +* https://github.com/yaml/pyyaml/pull/702 -- pin Cython build dep to < 3.0 Resources diff --git a/lib/yaml/__init__.py b/lib/yaml/__init__.py index 465041dce..824936194 100644 --- a/lib/yaml/__init__.py +++ b/lib/yaml/__init__.py @@ -8,7 +8,7 @@ from .loader import * from .dumper import * -__version__ = '6.0' +__version__ = '6.0.1' try: from .cyaml import * __with_libyaml__ = True diff --git a/setup.py b/setup.py index 944e7fa21..65b0ea0e0 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ NAME = 'PyYAML' -VERSION = '6.0' +VERSION = '6.0.1' DESCRIPTION = "YAML parser and emitter for Python" LONG_DESCRIPTION = """\ YAML is a data serialization format designed for human readability