jake icon indicating copy to clipboard operation
jake copied to clipboard

Published 20 hours ago verified publisher icon sonatype-nexus-community

[FEATURE] update rich dependency

Open bollwyvl opened this issue 2 years ago • 3 comments

  • What are you trying to do?

Use jake without installing packages with known (even if disputed) CVEs such as CVE-2022-40899

  • What feature or behavior is this required for?

e.g. running jake on its own environment

  • How could we solve this issue? (Not knowing is okay!)

Consider updating the rich pin to ^13.2.0, which replaces commonmark (and therefore future) with markdown-it-py, rather than having multiple potential markdown parser engines for a given jake release.

  • Anything else?

cc @bhamail / @DarthHater

bollwyvl avatar Jan 20 '23 22:01 bollwyvl

Great idea @bollwyvl - but this does depend on jake deprecating support for Python 3.6 (which I also support).

madpah avatar Mar 16 '23 17:03 madpah

This old version of rich also limits twine to 3.x.x. twine is in version 4.0.2.

maarre avatar May 03 '23 08:05 maarre

Running into the same issue with an environment with airflow - minimum version of rich required is. rich = ">=12.0,<14.0"

rxm7706 avatar Nov 06 '23 12:11 rxm7706