Allow PyYAML >= 5 #6619
Comments
|
Thanks for the suggestion. According to yaml/pyyaml#265 there some incompatibilities, I'm not sure how much of that affect compose but more importantly I see also there is a suggestion to wait for 5.2 in that thread, due to some known issues with 5.1. I think we probably ought to wait for that (although a PR which contained a convincing rationale as to why compose is not affected might also be acceptable). |
|
Because docker-compose is a project dependency in one of my repo's, I have these alerts on the repo. I'm not suggesting these should be the reasons to upgrade, but it is a little concerning that an update is being dragged.
|
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
I think the issue is still actual |
|
This issue has been automatically marked as not stale anymore due to the recent activity. |
|
Yes, still a problem. |
|
One of my builds has downstream dependencies on this and is completely hosed, what's going on here? |
|
This is also interesting since Kali comes pre installed with PyYAML 5.1.2 through dist utils and a dozen packages depending on it. This makes using docker-compose on Kali a bit tricky. |
|
Even worse is that the community has deemed the PyYAML version docker-compose points to a security risk and, many months in, Docker has done nothing about it. :( |
|
Is there any update on this? |
The PyYAML team recently released version 5.1 of their lib to properly fix CVE-2017-18342 vulnerability. It would be great to add support for this version in docker-compose.
The text was updated successfully, but these errors were encountered: