tomkinsc
commented
5 years ago So this is failing because the old version is still the current release. pyyaml >3.13 is not yet available anywhere in non-beta form, and release of 4.2 was rolled back. See: https://github.com/yaml/pyyaml/issues/193 A 4.x package for PyYaml is notably absent from anaconda/conda-forge which includes only finalized versions.
CVE-2017-18342 Vulnerable versions: < 4.2b1 Patched version: 4.2b1 In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.