From e45f28057d7fbc3c6134b7b5e9db84860cbbf16a Mon Sep 17 00:00:00 2001 From: "Ian H. Pittwood" Date: Fri, 14 Jun 2019 15:38:21 -0500 Subject: [PATCH] Update PyYAML to match other projects Shipyard Client's version of PyYAML (3.13) conflicts with the version used by Pegleg (5.1). This conflict can cause issues when trying to install Pegleg as it uses Shipyard Client as a dependency. This update to Shipyard Client's PyYAML version will fix the dependency conflict with Pegleg and will also fix a possible security vulnerability associated with older versions of PyYAML. Upgrades PyYAML to version 5.1, which makes several changes: - Deprecates yaml.load in favor of FullLoader and UnsafeLoader due to yaml.load's vulnerability with code injection [0] - Drops support for py33 and py26 - Changes to default_flow_style=False - Several other bug fixes and additional changes [0] https://nvd.nist.gov/vuln/detail/CVE-2017-18342 Change-Id: I8eb4bb02dcc99eab3d983640d6c769cadb3b97e8 --- src/bin/shipyard_client/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/shipyard_client/requirements.txt b/src/bin/shipyard_client/requirements.txt index 3f8c279c..1fda43c3 100644 --- a/src/bin/shipyard_client/requirements.txt +++ b/src/bin/shipyard_client/requirements.txt @@ -21,4 +21,4 @@ keystoneauth1==3.11.1 requests==2.20.0 setuptools==40.4.1 PTable==0.9.2 -pyyaml==3.13 +pyyaml==5.1