[FEATURE] update rich dependency #127

bollwyvl · 2023-01-20T22:05:36Z

What are you trying to do?

Use jake without installing packages with known (even if disputed) CVEs such as CVE-2022-40899

What feature or behavior is this required for?

e.g. running jake on its own environment

How could we solve this issue? (Not knowing is okay!)

Consider updating the rich pin to ^13.2.0, which replaces commonmark (and therefore future) with markdown-it-py, rather than having multiple potential markdown parser engines for a given jake release.

Anything else?

cc @bhamail / @DarthHater

The text was updated successfully, but these errors were encountered:

madpah · 2023-03-16T17:40:42Z

Great idea @bollwyvl - but this does depend on jake deprecating support for Python 3.6 (which I also support).

maarre · 2023-05-03T08:44:22Z

This old version of rich also limits twine to 3.x.x. twine is in version 4.0.2.

rxm7706 · 2023-11-06T12:33:55Z

Running into the same issue with an environment with airflow - minimum version of rich required is.
rich = ">=12.0,<14.0"

bollwyvl added the enhancement New feature or request label Jan 20, 2023

cshaley mentioned this issue Nov 7, 2023

Update pyproject.toml - allow higher rich version #147

Merged

rxm7706 mentioned this issue Dec 9, 2023

jake v3.0.11 conda-forge/jake-feedstock#27

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FEATURE] update rich dependency #127

[FEATURE] update rich dependency #127

bollwyvl commented Jan 20, 2023

madpah commented Mar 16, 2023

maarre commented May 3, 2023

rxm7706 commented Nov 6, 2023

[FEATURE] update rich dependency #127

[FEATURE] update rich dependency #127

Comments

bollwyvl commented Jan 20, 2023

madpah commented Mar 16, 2023

maarre commented May 3, 2023

rxm7706 commented Nov 6, 2023