PyYAML dependency - old version uses deprecated calls

[JStatnekov]

I'm unable to "pip3 install cyclonedx-conan" because of an error from the PyYAML dependency. This blocking error occurs on Windows 10 with pip3 23.2 and setuptools 65.5.0 and I was able to reproduce the error in a docker image of RH8 with pip 23.1 and setuptools 59.6.0.

The top portion of the error is:

Getting requirements to build wheel ... error error: subprocess-exited-with-error × Getting requirements to build wheel did not run successfully. │ exit code: 1 ╰─> [68 lines of output] C:\Users\jacob\AppData\Local\Temp\pip-build-env-ftq_rhqy\overlay\Lib\site-packages\setuptools\config\setupcfg.py:293: _DeprecatedConfig: Deprecated config in setup.cfg !! ******************************************************************************** The license_file parameter is deprecated, use license_files instead. By 2023-Oct-30, you need to update your project and remove deprecated calls or your builds will no longer be supported. See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html for details. ********************************************************************************

I suspect that updating the PyYAML dependency from 5.4.1 to something more recent would resolve this issue since I'm unable to "pip install PyYAML==5.4.1" (because of the same error as above) but "pip install PyYAML==6.0" installs uneventfully.

[andreas-hilti]

@JStatnekov I tried to reproduce it, but I failed.

Is this related to https://github.com/yaml/pyyaml/issues/724

In any case, PyYAML is only an indirect dependency and it is conan that fixes the range of PyYAML:

cyclonedx-conan==0.4.0 ├── conan [required: >=1.41.0,<2.0.0, installed: 1.60.2] [...] │ ├── PyYAML [required: >=3.11,<6.1, installed: 5.4.1] [...]

Could you retry as with the latest releases of cyclonedx-conan now also newer conan versions (<2) are possible and thus, even PyYAML version 6 might be allowed?