This package is blocking security cleanup of dev-python/pyyaml.
Unfortunately, upstream don't support newer versions as of now.
Could you try patching it? I think the main problem is replacing load() with safe_load() or the dangerous load variant (sorry, I don't know the name offhand) if you know that the input is secure.
The author was asked multiple times about switching to a newer release, but he stated it's a breaking change and will only happen in the next major version. Haven't tested myself, yet.
Do you have any ETA on when you'd test? I'd like to last rite this package otherwise.
(In reply to Michał Górny from comment #4)
> Do you have any ETA on when you'd test? I'd like to last rite this package
Pinged the maintainer and just testing with changing yaml.load(), hopefully it will be enough to change.
The bug has been referenced in the following commit(s):
Author: Tomáš Mózes <email@example.com>
AuthorDate: 2020-04-23 12:12:48 +0000
Commit: Michał Górny <firstname.lastname@example.org>
CommitDate: 2020-04-23 13:05:40 +0000
dev-python/elasticsearch-curator: enable newer pyyaml
Signed-off-by: Tomáš Mózes <email@example.com>
Signed-off-by: Michał Górny <firstname.lastname@example.org>
.../elasticsearch-curator-5.8.1-r1.ebuild | 163 +++++++++++++++++++++
1 file changed, 163 insertions(+)