This repository has been archived by the owner on May 1, 2024. It is now read-only.
Investigate: pyYaml security vulnerability #160
Comments
|
We can upgrade PyYAML now, I've tried a newer version and it seems to be working fine. Running into "other" unrelated breakages, but seems unrelated. We should be able to upgrade PyYaml no problem. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It looks like we have to be on the beta version of PyYaml, got a github security notification.
Too busy to look into it now, it isn't likely a big issue as yaml files are generated by the developer anyway.
It looks like we should be on PyYaml >= 4.2b1 but need to test if the code is compatible with this version, the released version 3.13 is supposed to be vulnerable which is why we need to be on the beta (not great)
See: yaml/pyyaml#243
The text was updated successfully, but these errors were encountered: