Skip to content

Commit

Permalink
#168: Bump PyYAML to latest version, note CVE.
Browse files Browse the repository at this point in the history
  • Loading branch information
garyd203 committed Mar 11, 2019
1 parent 815972a commit 7724dce
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ importlib_resources==1.0.2
inflection==0.3.1
Jinja2==2.10
pytest==3.2.2
PyYAML==3.12
PyYAML==3.13
semver==2.7.9
Sphinx==1.8.4
sphinx-autobuild==0.7.1
3 changes: 2 additions & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ def get_readme():
# We use the `kw_only` only for attribute classes, which was
# introduced in v18.2.0
'attrs>=18.2.0',
'PyYAML',
# TODO #165 PyYAML v3 has vulnerability that does not affect us, but we should upgrade as soon as a fix is available
'PyYAML==3.13',
],

# Contact Details
Expand Down

0 comments on commit 7724dce

Please sign in to comment.