search

optimizely / python-sdk

Python SDK for Optimizely Feature Experimentation and Optimizely Full Stack (legacy)
https://docs.developers.optimizely.com/experimentation/v4.0.0-full-stack/docs/python-sdk
Apache License 2.0
32 stars 36 forks source link

Bump up PyYaml to recommended version to remediate vulnerability - DROP PYTHON 3.4 SUPPORT #364

Closed The-inside-man closed 2 years ago

The-inside-man commented 3 years ago

Summary

Dependabot found critical vulnerability in this dependency and it is not needed in the SDK Python 3.4 no longer supports required libraries to support new and existing features

Note: PyYaml was previously an explicit dependency, however PyYaml is also a transient dependency in python-coverals, which has already upgraded to the latest version of PyYaml. This version of PyYaml no longer supports Python version 3.4. For this reason we have chose to also drop Python 3.4, as we need to continue proper code coverage on our SDKs to ensure the highest quality of code.

Test plan

Issues

The-inside-man commented 3 years ago

This is failing for Python 3.4 due to an environment issue it seems. Travis is still picking up the PyYaml requirement and trying to install, which it should not.