buruzaemon
commented
5 years ago Since there are issues with Python 3.2 and pip, we will remove support for 3.2 in the tests run in Travis.
Closed buruzaemon closed 5 years ago
buruzaemon
commented
5 years ago Since there are issues with Python 3.2 and pip, we will remove support for 3.2 in the tests run in Travis.
buruzaemon
commented
5 years ago All tests are green for Python 2.7, 3.3, 3.4, 3.5 and 3.6.
Closing this issue.
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
Although this only involves the YAML-handling during testing, we should explicitly install a safe version of PyYAML during travis test runs.
Please see https://nvd.nist.gov/vuln/detail/CVE-2017-18342