Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pyyaml when 4.x is released #777

Closed
acdha opened this issue Jan 23, 2019 · 1 comment
Closed

Update pyyaml when 4.x is released #777

acdha opened this issue Jan 23, 2019 · 1 comment
Labels
gardening Ongoing maintenance requirements infrastructure

Comments

@acdha
Copy link
Member

acdha commented Jan 23, 2019
edited
Loading

GitHub's vulnerability scanner has tripped an alert for having pyyaml < 4.2 installed. Unfortunately, no 4.x release has been made yet:

https://pypi.org/project/PyYAML/

(see yaml/pyyaml#243 for the upstream issue)

Fortunately, we don't have any network-facing code which uses this — according to pipenv graph it's a dependency for the CloudFormation template linter and pre-commit, so we can wait until the upstream release happens.
@rstorey rstorey added the gardening Ongoing maintenance requirements label Nov 14, 2019
@rstorey
Copy link
Member

rstorey commented Nov 14, 2019

We're now on pyyaml 5.1.2

@rstorey rstorey closed this as completed Nov 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
gardening Ongoing maintenance requirements infrastructure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@acdha @rstorey