0.121.0

what

• Update multiple tools from cloudposse/packages#233
• Update aws-cli 1.16.209 -> 1.16.226
• Update ansible 2.7.12 -> 2.8.4

why

Bring in bug and security fixes and new features

Security note

PyYAML is pinned to version 3.13 because that is the latest version that awsebcli supports. This version of PyYAML has a known vulnerability, CVE-2017-18342, summarized as "the yaml.load() API could execute arbitrary code if used with untrusted data."

At the moment, the only tools Geodesic ships with that use PyYAML (as far as we have been able to determine) are awscli and awsebcli. (The yq command included in Geodesic is a golang tool and not the python-yq that uses PyYAML.)

• awscli says their tool is not affected by the vulnerability: aws/aws-cli#3828
• We can find no public statement about awsebcli and CVE-2017-18342

Users of awsebcli or who install their own Python packages should take appropriate precautions.

Special note about this release:

Due to operational errors, the 0.121.0 release was incorrectly published twice, once as 1.121.0 and once as 0.121.0 but pointing to the wrong commit. Users may want to avoid this release in favor of the prior 0.120.4 or next 0.122.0 release to avoid confusion. However, you can verify which version you have by examining these points:

• The correct commit for release 0.121.0 is 4f55f6a
• 0.121.0 has awscli==1.16.226 while the previous release has awscli==1.16.209
• 0.121.0 does not have rootfs/usr/local/bin/codefresh-pipeline while the next release does