Skip to content

Update dependency pyyaml to v5#4

Open
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/pyyaml-5.x
Open

Update dependency pyyaml to v5#4
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/pyyaml-5.x

Conversation

@dev-mend-for-github-com
Copy link

@dev-mend-for-github-com dev-mend-for-github-com bot commented Jun 16, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
pyyaml (source) major ==3.13==5.4

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
Critical Critical 9.8 CVE-2017-18342
Critical Critical 9.8 CVE-2020-14343
Critical Critical 9.8 CVE-2020-1747

Release Notes

yaml/pyyaml (pyyaml)

v5.4

Compare Source

v5.3.1

Compare Source

v5.3

Compare Source

v5.2

Compare Source

  • Repair incompatibilities introduced with 5.1. The default Loader was changed,
    but several methods like add_constructor still used the old default
    #​279 -- A more flexible fix for custom tag constructors
    #​287 -- Change default loader for yaml.add_constructor
    #​305 -- Change default loader for add_implicit_resolver, add_path_resolver
  • Make FullLoader safer by removing python/object/apply from the default FullLoader
    #​347 -- Move constructor for object/apply to UnsafeConstructor
  • Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
    #​276 -- Fix logic for quoting special characters
  • Other PRs:
    #​280 -- Update CHANGES for 5.1

v5.1.2

Compare Source

  • Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+

v5.1.1

Compare Source

  • Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1

v5.1

Compare Source

  • Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+
  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Jun 16, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot force-pushed the whitesource-remediate/pyyaml-5.x branch from dcf5ca9 to be6e1f8 Compare June 19, 2024 09:10
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title Update dependency pyyaml to v5 Update dependency pyyaml to v5 - autoclosed Sep 10, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot deleted the whitesource-remediate/pyyaml-5.x branch September 10, 2024 15:34
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title Update dependency pyyaml to v5 - autoclosed Update dependency pyyaml to v5 Sep 11, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot restored the whitesource-remediate/pyyaml-5.x branch September 11, 2024 07:12
@dev-mend-for-github-com dev-mend-for-github-com bot force-pushed the whitesource-remediate/pyyaml-5.x branch from be6e1f8 to 26fd7fa Compare September 11, 2024 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants