From 0abad85a17ba75c0fb431feea7a6a06125341a99 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Mon, 11 Jul 2022 15:31:43 -0700 Subject: [PATCH 1/4] security disclosure docs --- .github/SECURITY.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..7d4f8bc3 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,10 @@ +# PyYAML Security Policy + +## Reporting a Suspected Vulnerability + +The PyYAML project encourages responsible disclosure of suspected security +vulnerabilities. However, we do not offer bug bounties, paid disclosure, or +paid fixes for discovered vulnerabilities. To report a suspected security +vulnerability, please e-mail details to without creating +public issues, pull requests, or discussion. Non-security correspondence to +this address will be ignored. From 6a8379148efd7bd3516ad14113a4a6993b2e7b17 Mon Sep 17 00:00:00 2001 From: mayeut Date: Sun, 28 Aug 2022 17:49:33 +0200 Subject: [PATCH 2/4] Add python 3.11 support --- .github/workflows/ci.yaml | 27 +++++++++++++++++--- .github/workflows/manual_artifact_build.yaml | 19 ++++++++++++++ setup.py | 1 + tox.ini | 2 +- 4 files changed, 44 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 82bf0f0c..8e6753ab 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -123,17 +123,20 @@ jobs: # - { platform: manylinux1, arch: x86_64, spec: cp37 } # - { platform: manylinux1, arch: x86_64, spec: cp38 } # - { platform: manylinux1, arch: x86_64, spec: cp39 } - - { platform: manylinux2014, arch: x86_64, spec: cp310 } +# - { platform: manylinux2014, arch: x86_64, spec: cp310 } + - { platform: manylinux2014, arch: x86_64, spec: cp311 } # - { platform: manylinux2014, arch: aarch64, spec: cp36 } # - { platform: manylinux2014, arch: aarch64, spec: cp37 } # - { platform: manylinux2014, arch: aarch64, spec: cp38 } # - { platform: manylinux2014, arch: aarch64, spec: cp39 } # - { platform: manylinux2014, arch: aarch64, spec: cp310 } +# - { platform: manylinux2014, arch: aarch64, spec: cp311 } # - { platform: manylinux2014, arch: s390x, spec: cp36 } # - { platform: manylinux2014, arch: s390x, spec: cp37 } # - { platform: manylinux2014, arch: s390x, spec: cp38 } # - { platform: manylinux2014, arch: s390x, spec: cp39 } # - { platform: manylinux2014, arch: s390x, spec: cp310 } +# - { platform: manylinux2014, arch: s390x, spec: cp311 } steps: - name: Checkout PyYAML @@ -233,7 +236,8 @@ jobs: # - spec: cp37-macosx_x86_64 # - spec: cp38-macosx_x86_64 # - spec: cp39-macosx_x86_64 - - spec: cp310-macosx_x86_64 +# - spec: cp310-macosx_x86_64 + - spec: cp311-macosx_x86_64 # # build for arm64 under a hacked macOS 12 self-hosted x86_64-on-arm64 runner until arm64 is fully supported # # FIXME: ? cp38-macosx_arm64 requires special handling and fails some test_zdist tests under cibw 2.1.2, skip it (so Apple's XCode python3 won't have a wheel) @@ -249,6 +253,13 @@ jobs: # runs_on: [self-hosted, macOS, arm64] # arch: arm64 # run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} +# sdkroot: macosx11.3 +# +# - spec: cp311-macosx_arm64 +# deployment_target: '11.0' +# runs_on: [self-hosted, macOS, arm64] +# arch: arm64 +# run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} # sdkroot: macosx11.3 steps: @@ -351,10 +362,14 @@ jobs: # build_arch: x64 # python_arch: x64 # spec: 3.9 +# - platform: windows-2016 +# build_arch: x64 +# python_arch: x64 +# spec: '3.10' - platform: windows-2016 build_arch: x64 python_arch: x64 - spec: '3.10' + spec: '3.11.0-rc.1' - platform: windows-2016 build_arch: win32 python_arch: x86 @@ -371,10 +386,14 @@ jobs: # build_arch: win32 # python_arch: x86 # spec: 3.9 +# - platform: windows-2016 +# build_arch: win32 +# python_arch: x86 +# spec: '3.10' - platform: windows-2016 build_arch: win32 python_arch: x86 - spec: '3.10' + spec: '3.11.0-rc.1' steps: # autocrlf screws up tests under Windows - name: Set git to use LF diff --git a/.github/workflows/manual_artifact_build.yaml b/.github/workflows/manual_artifact_build.yaml index 519276e2..956d98d5 100644 --- a/.github/workflows/manual_artifact_build.yaml +++ b/.github/workflows/manual_artifact_build.yaml @@ -122,16 +122,19 @@ jobs: - { platform: manylinux1, arch: x86_64, spec: cp38 } - { platform: manylinux1, arch: x86_64, spec: cp39 } - { platform: manylinux2014, arch: x86_64, spec: cp310 } + - { platform: manylinux2014, arch: x86_64, spec: cp311 } - { platform: manylinux2014, arch: aarch64, spec: cp36 } - { platform: manylinux2014, arch: aarch64, spec: cp37 } - { platform: manylinux2014, arch: aarch64, spec: cp38 } - { platform: manylinux2014, arch: aarch64, spec: cp39 } - { platform: manylinux2014, arch: aarch64, spec: cp310 } + - { platform: manylinux2014, arch: aarch64, spec: cp311 } - { platform: manylinux2014, arch: s390x, spec: cp36 } - { platform: manylinux2014, arch: s390x, spec: cp37 } - { platform: manylinux2014, arch: s390x, spec: cp38 } - { platform: manylinux2014, arch: s390x, spec: cp39 } - { platform: manylinux2014, arch: s390x, spec: cp310 } + - { platform: manylinux2014, arch: s390x, spec: cp311 } steps: - name: Checkout PyYAML @@ -232,6 +235,7 @@ jobs: - spec: cp38-macosx_x86_64 - spec: cp39-macosx_x86_64 - spec: cp310-macosx_x86_64 + - spec: cp311-macosx_x86_64 # build for arm64 under a hacked macOS 12 self-hosted x86_64-on-arm64 runner until arm64 is fully supported # FIXME: ? cp38-macosx_arm64 requires special handling and fails some test_zdist tests under cibw 2.1.2, skip it (so Apple's XCode python3 won't have a wheel) @@ -249,6 +253,13 @@ jobs: run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} sdkroot: macosx11.3 + - spec: cp311-macosx_arm64 + deployment_target: '11.0' + runs_on: [self-hosted, macOS, arm64] + arch: arm64 + run_wrapper: arch -arm64 bash --noprofile --norc -eo pipefail {0} + sdkroot: macosx11.3 + steps: - name: Checkout PyYAML uses: actions/checkout@v2 @@ -353,6 +364,10 @@ jobs: build_arch: x64 python_arch: x64 spec: '3.10' + - platform: windows-2016 + build_arch: x64 + python_arch: x64 + spec: '3.11.0-rc.1' - platform: windows-2016 build_arch: win32 python_arch: x86 @@ -373,6 +388,10 @@ jobs: build_arch: win32 python_arch: x86 spec: '3.10' + - platform: windows-2016 + build_arch: win32 + python_arch: x86 + spec: '3.11.0-rc.1' steps: # autocrlf screws up tests under Windows - name: Set git to use LF diff --git a/setup.py b/setup.py index 548b19f7..944e7fa2 100644 --- a/setup.py +++ b/setup.py @@ -33,6 +33,7 @@ "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", diff --git a/tox.ini b/tox.ini index d736a6c9..4335fa98 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = pypy3,py36,py37,py38,py39,py310 +envlist = pypy3,py36,py37,py38,py39,py310,py311 [testenv] deps = From 4d2d7ce4ced6372b0feb539f81cd2f02ba01348b Mon Sep 17 00:00:00 2001 From: mayeut Date: Sun, 28 Aug 2022 17:58:41 +0200 Subject: [PATCH 3/4] ci: use `windows-2019` runners `windows-2016` runners have been removed --- .github/workflows/ci.yaml | 30 ++++++++++---------- .github/workflows/manual_artifact_build.yaml | 30 ++++++++++---------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8e6753ab..d48d77fd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -304,9 +304,9 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 arch: x64 - - platform: windows-2016 + - platform: windows-2019 arch: win32 steps: - name: Get cached libyaml state @@ -334,7 +334,7 @@ jobs: mkdir libyaml/build pushd libyaml/build - cmake.exe -G "Visual Studio 15 2017" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. + cmake.exe -G "Visual Studio 16 2019" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. cmake.exe --build . --config Release popd @@ -346,51 +346,51 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.6 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.7 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.8 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: 3.9 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: x64 # python_arch: x64 # spec: '3.10' - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: '3.11.0-rc.1' - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.6 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.7 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.8 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: 3.9 -# - platform: windows-2016 +# - platform: windows-2019 # build_arch: win32 # python_arch: x86 # spec: '3.10' - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: '3.11.0-rc.1' diff --git a/.github/workflows/manual_artifact_build.yaml b/.github/workflows/manual_artifact_build.yaml index 956d98d5..5c5cefa8 100644 --- a/.github/workflows/manual_artifact_build.yaml +++ b/.github/workflows/manual_artifact_build.yaml @@ -302,9 +302,9 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 arch: x64 - - platform: windows-2016 + - platform: windows-2019 arch: win32 steps: - name: Get cached libyaml state @@ -332,7 +332,7 @@ jobs: mkdir libyaml/build pushd libyaml/build - cmake.exe -G "Visual Studio 15 2017" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. + cmake.exe -G "Visual Studio 16 2019" -A ${{ matrix.arch }} -DYAML_STATIC_LIB_NAME=yaml .. cmake.exe --build . --config Release popd @@ -344,51 +344,51 @@ jobs: strategy: matrix: include: - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.6 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.7 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.8 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: 3.9 - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: '3.10' - - platform: windows-2016 + - platform: windows-2019 build_arch: x64 python_arch: x64 spec: '3.11.0-rc.1' - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.6 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.7 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.8 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: 3.9 - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: '3.10' - - platform: windows-2016 + - platform: windows-2019 build_arch: win32 python_arch: x86 spec: '3.11.0-rc.1' From e5c00f2b605ab76b040862ff7cded36c2a168310 Mon Sep 17 00:00:00 2001 From: mayeut Date: Tue, 13 Sep 2022 12:38:40 +0200 Subject: [PATCH 4/4] ci: use CPython 3.11.0-rc.2 for Windows builds --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/manual_artifact_build.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d48d77fd..53796394 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -369,7 +369,7 @@ jobs: - platform: windows-2019 build_arch: x64 python_arch: x64 - spec: '3.11.0-rc.1' + spec: '3.11.0-rc.2' - platform: windows-2019 build_arch: win32 python_arch: x86 @@ -393,7 +393,7 @@ jobs: - platform: windows-2019 build_arch: win32 python_arch: x86 - spec: '3.11.0-rc.1' + spec: '3.11.0-rc.2' steps: # autocrlf screws up tests under Windows - name: Set git to use LF diff --git a/.github/workflows/manual_artifact_build.yaml b/.github/workflows/manual_artifact_build.yaml index 5c5cefa8..fdc7faa3 100644 --- a/.github/workflows/manual_artifact_build.yaml +++ b/.github/workflows/manual_artifact_build.yaml @@ -367,7 +367,7 @@ jobs: - platform: windows-2019 build_arch: x64 python_arch: x64 - spec: '3.11.0-rc.1' + spec: '3.11.0-rc.2' - platform: windows-2019 build_arch: win32 python_arch: x86 @@ -391,7 +391,7 @@ jobs: - platform: windows-2019 build_arch: win32 python_arch: x86 - spec: '3.11.0-rc.1' + spec: '3.11.0-rc.2' steps: # autocrlf screws up tests under Windows - name: Set git to use LF