The currently used PyYaml version has some vulnerabilies as
described on the pull request description. It updates to
version 6.0, removing these supply chain vulnerabily.
The OSSF Scorecard was the tool used for discovering
these vulnerabilties.
Signed-off-by: Javan lacerda <javanlacerda@google.com>
Also add a comment in each file reminding to keep them the same.
Fixes 251f269e23 ("west: v0.14.0 is required now (and soon, v1.1")
Confusing error message before this commit:
```
-- Found west (found suitable version 0.13.1, minimum required is 0.7.1)
CMake Error at SOF/zephyr/cmake/modules/zephyr_module.cmake:77 (message):
Traceback (most recent call last):
File "SOF/zephyr/scripts/zephyr_module.py", line 733, in <module>
main()
File "SOF/zephyr/scripts/zephyr_module.py", line 678, in main
west_projs = west_projects()
^^^^^^^^^^^^^^^
File "SOF/zephyr/scripts/zephyr_module.py", line 536, in west_projects
from west.configuration import MalformedConfig
ImportError: cannot import name 'MalformedConfig'
from 'west.configuration'
(west/src/west/configuration.py)
```
Clearer error message after this commit:
```
CMake Error at SOF/zephyr/cmake/modules/west.cmake:68 (message):
The detected west version, 0.13.1, is unsupported.
The minimum supported version is 0.14.0.
Please upgrade with:
/usr/bin/python3.11 -m pip install --upgrade west
```
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
Commit ce2a7d9a1a
("scripts: zephyr_module: handle expected west errors")
introduced some better error handling that requires
west version v0.14.0 or later to work.
Bump the west version in requirements-base.txt accordingly.
Due to the way zephyr_module.py is handling imports, this API change
resulted in zephyr_module.py running on older versions of west
reacting as if west was not installed, instead of erroring out.
Fix that so users who are on older west will get a hard error.
(We're about to force everyone to move to west v1.1 as soon as I can
get that release done, but this hotfix should still be helpful in the
interim as well.)
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Both the requests and pyserial Python packages are used by west commands
(west fetch and west build -b esp* respectively) so move them to the
requirements-base.txt file.
Fixes#56215.
Fixes#56224.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
We are in the process of changing the HEAD branch in the zephyr
repository from 'master' to 'main'. Users will need west version at
least 0.10.1 for the plain 'west init' line in the getting started
guide to still work after that change.
To avoid problems:
- add -U to the macOS and Windows lines for installing west (this
option is already there for Ubuntu). Upgrading west will make
the guide 'just work' for users who have an old version.
- bump the minimum version in the relevant requirements file,
in case anybody is doing something like basing a CI setup
on those versions.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
This will be used to deal with the Segger shared library in a portable
way in the jlink runner.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Record MDB's CLD process pid to file so this process can be
terminated by sanitycheck infrastructure.
Update mdb runners test to be able to handle changes.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Increased minimal pyelftools version to 0.26 else
scripts/footprint/size_report will fail to import LocationExpr from
elftools.dwarf.locationlists
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Split up requirements.txt into several files so that CI tools can
utilize/reference the specific requirements-<FOO>.txt they may need
while keep things in sync with the development. This is to reduce
both time and amount of work CI actions due to python package install.
Create the following groupings:
1. BASE - needed to build or create zephyr images
2. BUILD-TEST - need to run compile/build tests
3. DOC - need to build the docs
4. RUN-TEST - need for runtime testing
5. EXTRAS - optional or useful for development/developers workflow
Also tried to add a comment about what or why a given package is being
pulled in for.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>