aayant-mend / four-goats-of-the-apocalypse

A large repo used for SCA scanning. Contains NodeGoat, WebGoat, WebGoat.NET, and PyGoat.
https://i2-prod.dailystar.co.uk/incoming/article19639978.ece/ALTERNATES/s615b/0_34409
1 stars 6 forks source link

Update dependency PyYAML to v5.4 - autoclosed #22

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Update Change
PyYAML (source) minor ==5.1 -> ==5.4

By merging this PR, the issue #1 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 9.8 CVE-2019-20477
High High 9.8 CVE-2020-14343
High High 9.8 CVE-2020-1747

Release Notes

yaml/pyyaml ### [`v5.4`](https://togithub.com/yaml/pyyaml/compare/5.3.1...5.4) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.3.1...5.4) ### [`v5.3.1`](https://togithub.com/yaml/pyyaml/compare/5.3...5.3.1) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.3...5.3.1) ### [`v5.3`](https://togithub.com/yaml/pyyaml/compare/5.2...5.3) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.2...5.3) ### [`v5.2`](https://togithub.com/yaml/pyyaml/blob/HEAD/CHANGES#​52-2019-12-02) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.1.2...5.2) - Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old defa[https://github.com/yaml/pyyaml/pull/279](https://togithub.com/yaml/pyyaml/pull/279)pull/279 -- A more flexible fix for custom tag const[https://github.com/yaml/pyyaml/pull/287](https://togithub.com/yaml/pyyaml/pull/287)aml/pull/287 -- Change default loader for yaml.add_[https://github.com/yaml/pyyaml/pull/305](https://togithub.com/yaml/pyyaml/pull/305)/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver - Make FullLoader safer by removing python/object/apply from the default FullLoader [https://github.com/yaml/pyyaml/pull/347](https://togithub.com/yaml/pyyaml/pull/347)/347 -- Move constructor for object/apply to UnsafeConstructor - Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff [https://github.com/yaml/pyyaml/pull/276](https://togithub.com/yaml/pyyaml/pull/276)/276 -- Fix logic for quoting special characters - Other PRs: [https://github.com/yaml/pyyaml/pull/280](https://togithub.com/yaml/pyyaml/pull/280)/280 -- Update CHANGES for 5.1 ### [`v5.1.2`](https://togithub.com/yaml/pyyaml/blob/HEAD/CHANGES#​512-2019-07-30) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.1.1...5.1.2) - Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+ ### [`v5.1.1`](https://togithub.com/yaml/pyyaml/blob/HEAD/CHANGES#​511-2019-06-05) [Compare Source](https://togithub.com/yaml/pyyaml/compare/5.1...5.1.1) - Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1