Update dependency pyyaml to v5 #5

mend-for-github-com · 2024-11-06T10:21:23Z

This PR contains the following updates:

Package	Update	Change
pyyaml (source)	major	`==3.13` -> `==5.4`

By merging this PR, the issue #8 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Critical	9.8	CVE-2020-14343	Unreachable

yaml/pyyaml (pyyaml)

Repair incompatibilities introduced with 5.1. The default Loader was changed,
but several methods like add_constructor still used the old defahttps://github.com/yaml/pyyaml/pull/279pull/279 -- A more flexible fix for custom tag consthttps://github.com/yaml/pyyaml/pull/287aml/pull/287 -- Change default loader for yaml.add_https://github.com/yaml/pyyaml/pull/305/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver
Make FullLoader safer by removing python/object/apply from the default FullLoader
https://github.com/yaml/pyyaml/pull/347/347 -- Move constructor for object/apply to UnsafeConstructor
Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
https://github.com/yaml/pyyaml/pull/276/276 -- Fix logic for quoting special characters
Other PRs:
https://github.com/yaml/pyyaml/pull/280/280 -- Update CHANGES for 5.1

Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+

Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1

Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+

mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 6, 2024

Update dependency pyyaml to v5

04a1cfd

mend-for-github-com bot force-pushed the whitesource-remediate/pyyaml-5.x branch from 5d4127c to 04a1cfd Compare November 6, 2024 14:02

Provide feedback