search

ComplianceAsCode / auditree-arboretum

The Auditree common fetchers, checks and harvest reports library.
https://auditree.github.io/
Apache License 2.0
17 stars 10 forks source link

Bump pyyaml version #69

Closed cletomartin closed 1 year ago

cletomartin commented 1 year ago

What

As explained in #68, pyyaml is limited to <5.4 version and this version is currently vulnerable. As far we can tell, the use of this library should carry on working without issues.

Closes #68

Why

Current version is vulnerable.

How

Allow the installation of any newer pyyaml version.

markuszoeller commented 1 year ago

@cletomartin Apologies for being annoying, but when do you think you could merge this and release a new version? It's not really urgent, just a loose end I'd like to cross off of my list :)