Skip to content

Commit

Permalink
PyYAML vulnerability fix (#171)
Browse files Browse the repository at this point in the history 
* Locking the version of PyYAML to be above 2.1 because of an arbitrary code execution vulnerability.

* Addition of a version condition to pyyaml to patch a vulnerability.

* Update of Pipfile.lock to match Pipefile.
  • Loading branch information
@FrankD412
FrankD412 committed May 28, 2022
1 parent 72c55d9 commit 1a2fd12
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 89 deletions.
2 changes: 1 addition & 1 deletion Pipfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ filelock = "*"
six = "*"
tabulate = "*"
Fabric = "*"
PyYAML = "*"
PyYAML = ">= 4.2b1"
maestrowf = {path = "."}

[dev-packages]
Expand Down
135 changes: 49 additions & 86 deletions Pipfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@
'maestro = maestrowf.maestro:main',
'conductor = maestrowf.conductor:main',
]
},
install_requires=[
},
install_requires=[
'PyYAML>=4.2b1',
'six',
"filelock",
Expand Down

0 comments on commit 1a2fd12

Please sign in to comment.