Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow the 5.1 release of pyyaml #4015

Closed
wants to merge 1 commit into from
Closed

Allow the 5.1 release of pyyaml #4015

wants to merge 1 commit into from
+5 −2

Conversation

asottile
Copy link
Contributor

@asottile asottile commented Mar 19, 2019
edited

Similar to #3430

This allows the latest version of pyyaml to be used without conflict

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@codecov-io
Copy link

codecov-io commented Mar 19, 2019
edited

Codecov Report

Merging #4015 into develop will decrease coverage by <.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           develop   #4015      +/-   ##
==========================================
- Coverage    94.41%   94.4%   -0.01%     
==========================================
  Files          188     188              
  Lines        14151   14151              
==========================================
- Hits         13360   13359       -1     
- Misses         791     792       +1
Impacted Files Coverage Δ
awscli/testutils.py 66.04% <0%> (-0.19%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aa98f2d...a1f4fbf. Read the comment docs.

@asottile
Copy link
Contributor Author

asottile commented Apr 5, 2019

@JordonPhillips @dstufft anything I can help with to get this integrated? awscli is currently preventing us from upgrading pyyaml

@kabbedijk kabbedijk mentioned this pull request Apr 9, 2019
Closed
@jessedoyle jessedoyle mentioned this pull request Apr 18, 2019
Closed
@jessedoyle
Copy link

jessedoyle commented Apr 18, 2019
edited

This is a great change!

We use pipenv in many projects and GitHub is flagging security vulnerabilities left, right and center everytime awscli is specified as a dependency.

What's missing to merge this?

thomlinton added a commit to PSU-OIT-ARC/oregoninvasiveshotline that referenced this pull request Apr 23, 2019
@thomlinton
Adds additional requirement to avoid vulnerability.
df7eb7e 
The 'awscli' package has not yet revised its requirements in order
to support an adequate version of the 'PyYAML' package; until such
time, manual intervention is required when attempting to use this
library or the CLI tool.

To workaround this incompatibility, install a supported version:

  pip install PyYAML>3.10,<=3.13

Refs: https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Refs: aws/aws-cli#4042
Refs: aws/aws-cli#4015
thomlinton added a commit to PSU-OIT-ARC/oregoninvasiveshotline that referenced this pull request Apr 23, 2019
@thomlinton
Adds additional requirement to avoid vulnerability.
49bda06 
The 'awscli' package has not yet revised its requirements in order
to support an adequate version of the 'PyYAML' package; until such
time, manual intervention is required when attempting to use this
library or the CLI tool.

To workaround this incompatibility, install a supported version:

  pip install PyYAML>3.10,<=3.13

Refs: https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Refs: aws/aws-cli#4042
Refs: aws/aws-cli#4015
@Philmod Philmod mentioned this pull request May 17, 2019
Closed
@asottile
Copy link
Contributor Author

@kyleknap maybe you can review this? it's been two months <3

@kabbedijk
Copy link

Is there any way we can help on getting this merged? If there are things to fix, please let us know.

@ViktorHaag ViktorHaag mentioned this pull request May 30, 2019
Closed
@asottile
Copy link
Contributor Author

(pinging some other recent approvers) @jamesls @joguSD can you take a look at this?

@florck
Copy link

florck commented Jun 6, 2019

Please, can you please review and merge this AWS, all job is made, and waiting this, we have lots of impacts of incompatible dependancies.

@tysonclugg tysonclugg mentioned this pull request Jun 11, 2019
Closed
@kabbedijk
Copy link

kabbedijk commented Jun 12, 2019
edited

Has been merged in:
#4231

Edit: Oops not yet. It is a similar PR though which has been approved

@asottile asottile mentioned this pull request Jun 12, 2019
Merged
@dstufft
Copy link
Contributor

dstufft commented Jun 13, 2019

Merged in #4231

@dstufft dstufft closed this Jun 13, 2019
@asottile asottile deleted the pyyaml_5_1 branch June 13, 2019 17:26
@elvnvle elvnvle mentioned this pull request Jun 18, 2019
Merged
@asottile asottile mentioned this pull request Jul 23, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halfdan halfdan halfdan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@asottile @codecov-io @jessedoyle @kabbedijk @florck @dstufft @halfdan