Skip to content

Commit

Permalink
Bump pyyaml version
Browse files Browse the repository at this point in the history 
As explained in #68, pyyaml is limited to <5.4 version and this version is currently vulnerable.
As far we can tell, the use of this library should carry on working without issues.

Closes #68
  • Loading branch information
@cletomartin
cletomartin authored and cleto committed Nov 2, 2023
1 parent 7ac86cd commit 0076fc8
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# [0.17.1](https://github.com/ComplianceAsCode/auditree-arboretum/releases/tag/v0.17.1)

- [CHANGED] Bump pyyaml version.

# [0.17.0](https://github.com/ComplianceAsCode/auditree-arboretum/releases/tag/v0.17.0)

- [ADDED] Azure fetchers.
Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ packages = find:
install_requires =
auditree-framework>=1.2.3
auditree-harvest>=1.0.0
pyyaml<5.4
pyyaml>=5.4.1
defusedxml>=0.7.1
parameterized>=0.8.1

Expand Down

0 comments on commit 0076fc8

Please sign in to comment.