Update PyYAML to match other projects
Shipyard Client's version of PyYAML (3.13) conflicts with the version used by Pegleg (5.1). This conflict can cause issues when trying to install Pegleg as it uses Shipyard Client as a dependency. This update to Shipyard Client's PyYAML version will fix the dependency conflict with Pegleg and will also fix a possible security vulnerability associated with older versions of PyYAML. Upgrades PyYAML to version 5.1, which makes several changes: - Deprecates yaml.load in favor of FullLoader and UnsafeLoader due to yaml.load's vulnerability with code injection [0] - Drops support for py33 and py26 - Changes to default_flow_style=False - Several other bug fixes and additional changes [0] https://nvd.nist.gov/vuln/detail/CVE-2017-18342 Change-Id: I8eb4bb02dcc99eab3d983640d6c769cadb3b97e8
This commit is contained in:
Ian H. Pittwood
parent
efb21f2958
commit
e45f28057d
|
|
@ -21,4 +21,4 @@ keystoneauth1==3.11.1
|
|||
requests==2.20.0
|
||||
setuptools==40.4.1
|
||||
PTable==0.9.2
|
||||
pyyaml==3.13
|
||||
pyyaml==5.1
|
||||
|
|
|
|||
Loading…
Reference in New Issue