This package is blocking security cleanup of dev-python/pyyaml.
Unfortunately, upstream don't support newer versions as of now.
Could you try patching it? I think the main problem is replacing load() with safe_load() or the dangerous load variant (sorry, I don't know the name offhand) if you know that the input is secure.
The author was asked multiple times about switching to a newer release, but he stated it's a breaking change and will only happen in the next major version. Haven't tested myself, yet.
Do you have any ETA on when you'd test? I'd like to last rite this package otherwise.
(In reply to Michał Górny from comment #4) > Do you have any ETA on when you'd test? I'd like to last rite this package > otherwise. Pinged the maintainer and just testing with changing yaml.load(), hopefully it will be enough to change.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b177a4996a925bcd6d0eac5347266b6c8626585 commit 2b177a4996a925bcd6d0eac5347266b6c8626585 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-04-23 12:12:48 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-04-23 13:05:40 +0000 dev-python/elasticsearch-curator: enable newer pyyaml Bug: https://bugs.gentoo.org/713342 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/15482 Signed-off-by: Michał Górny <mgorny@gentoo.org> .../elasticsearch-curator-5.8.1-r1.ebuild | 163 +++++++++++++++++++++ 1 file changed, 163 insertions(+)
amd64 stable
x86?
x86 stable. Closing.
