Upgrading pyyaml to >= 5.4

Question

Upgrading pyyaml to >= 5.4

henry54809 opened this issue 3 years ago · 2 comments

Hi,
There is a critical vulnerability for pyyaml < 5.4 that allows arbitrary code execution when processing untrusted yaml file. For more details, please see here: https://nvd.nist.gov/vuln/detail/CVE-2020-14343

Answer 1 · 2021-11-09T03:29:58.000Z

I got #3962 merged which should address this.

Answer 2 · 2021-11-09T18:11:14.000Z

Thanks for updating this!