Update dependency PyYAML to v5.4 (main) - autoclosed #505

mend-for-github-com · 2021-07-15T09:00:27Z

This PR contains the following updates:

Package	Update	Change
PyYAML (source)	minor	`==5.1.2` -> `==5.4`

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2020-1747	#269
High	9.8	CVE-2019-20477	#270
High	9.8	CVE-2020-14343	#271

Release Notes

yaml/pyyaml

Repair incompatibilities introduced with 5.1. The default Loader was changed,
but several methods like add_constructor still used the old defahttps://github.com/yaml/pyyaml/pull/279pull/279 -- A more flexible fix for custom tag consthttps://github.com/yaml/pyyaml/pull/287aml/pull/287 -- Change default loader for yaml.add_https://github.com/yaml/pyyaml/pull/305/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver
Make FullLoader safer by removing python/object/apply from the default FullLoader
https://github.com/yaml/pyyaml/pull/347/347 -- Move constructor for object/apply to UnsafeConstructor
Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
https://github.com/yaml/pyyaml/pull/276/276 -- Fix logic for quoting special characters
Other PRs:
https://github.com/yaml/pyyaml/pull/280/280 -- Update CHANGES for 5.1

If you want to rebase/retry this PR, check this box.

cortx-admin · 2021-07-15T09:03:15Z

Can one of the admins verify this patch?

ajaysrivas · 2021-07-19T05:34:16Z

@indrajitzagade This needs to be discussed in integration meeting, impacts packaging of 3rd party modules and will require RE team's help.

indrajitzagade · 2021-07-19T13:43:02Z

@indrajitzagade This needs to be discussed in integration meeting, impacts packaging of 3rd party modules and will require RE team's help.

Sure @ajaysrivas

stale · 2021-08-01T09:49:04Z

This issue/pull request has been marked as needs attention as it has been left pending without new activity for 4 days. Tagging @indrajitzagade @ajaysrivas for appropriate assignment. Sorry for the delay & Thank you for contributing to CORTX. We will get back to you as soon as possible.

mend-for-github-com · 2021-10-26T10:16:39Z

Autoclosing Skipped

This PR has been flagged for autoclosing, however it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

mend-for-github-com bot requested review from ajay-paratmandali, ajaysrivas, ArchanaLimaye and indrajitzagade as code owners July 15, 2021 09:00

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jul 15, 2021

auto-assign bot requested a review from azheregelya July 15, 2021 09:00

auto-assign bot assigned ajaysrivas, azheregelya and indrajitzagade Jul 15, 2021

ajaysrivas mentioned this pull request Jul 19, 2021

Update dependency PyYAML to v5.4 (stable) #507

Closed

1 task

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch from 8fe27f6 to 928b753 Compare July 19, 2021 08:19

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch 4 times, most recently from 0182bc1 to 96942a6 Compare July 27, 2021 14:13

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch from 96942a6 to f8f96b5 Compare July 28, 2021 07:54

ajaysrivas mentioned this pull request Jul 30, 2021

Bump pyyaml from 5.1.2 to 5.4 in /jenkins #529

Closed

stale bot added the needs-attention label Aug 1, 2021

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch 3 times, most recently from 3084c06 to 4e45908 Compare August 11, 2021 06:36

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch 2 times, most recently from ff5e238 to 0fa969a Compare August 20, 2021 06:38

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch 3 times, most recently from 895e0bc to 70737b9 Compare September 1, 2021 08:25

Update dependency PyYAML to v5.4

44d494f

mend-for-github-com bot force-pushed the whitesource-remediate/main-pyyaml-5.x branch from 70737b9 to 44d494f Compare September 1, 2021 13:44

mend-for-github-com bot changed the title ~~Update dependency PyYAML to v5.4 (main)~~ Update dependency PyYAML to v5.4 (main) - autoclosed Oct 31, 2021

mend-for-github-com bot closed this Oct 31, 2021

mend-for-github-com bot deleted the whitesource-remediate/main-pyyaml-5.x branch October 31, 2021 12:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency PyYAML to v5.4 (main) - autoclosed #505

Update dependency PyYAML to v5.4 (main) - autoclosed #505

mend-for-github-com bot commented Jul 15, 2021 •

edited

cortx-admin commented Jul 15, 2021

ajaysrivas commented Jul 19, 2021

indrajitzagade commented Jul 19, 2021

stale bot commented Aug 1, 2021

mend-for-github-com bot commented Oct 26, 2021

Update dependency PyYAML to v5.4 (main) - autoclosed #505

Update dependency PyYAML to v5.4 (main) - autoclosed #505

Conversation

mend-for-github-com bot commented Jul 15, 2021 • edited

Release Notes

v5.4

v5.3.1

v5.3

v5.2

cortx-admin commented Jul 15, 2021

ajaysrivas commented Jul 19, 2021

indrajitzagade commented Jul 19, 2021

stale bot commented Aug 1, 2021

mend-for-github-com bot commented Oct 26, 2021

Autoclosing Skipped

mend-for-github-com bot commented Jul 15, 2021 •

edited

`v5.4`

`v5.3.1`

`v5.3`

`v5.2`