Browse Source

Update PyYAML to match other projects

Shipyard Client's version of PyYAML (3.13) conflicts with the version
used by Pegleg (5.1). This conflict can cause issues when trying to
install Pegleg as it uses Shipyard Client as a dependency. This update
to Shipyard Client's PyYAML version will fix the dependency conflict
with Pegleg and will also fix a possible security vulnerability
associated with older versions of PyYAML.

Upgrades PyYAML to version 5.1, which makes several changes:
- Deprecates yaml.load in favor of FullLoader and UnsafeLoader due to
yaml.load's vulnerability with code injection [0]
- Drops support for py33 and py26
- Changes to default_flow_style=False
- Several other bug fixes and additional changes

[0] https://nvd.nist.gov/vuln/detail/CVE-2017-18342

Change-Id: I8eb4bb02dcc99eab3d983640d6c769cadb3b97e8
changes/72/665472/1
Ian H. Pittwood 2 years ago
parent
commit
e45f28057d
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      src/bin/shipyard_client/requirements.txt

+ 1
- 1
src/bin/shipyard_client/requirements.txt View File

@ -21,4 +21,4 @@ keystoneauth1==3.11.1
requests==2.20.0
setuptools==40.4.1
PTable==0.9.2
pyyaml==3.13
pyyaml==5.1

Loading…
Cancel
Save