Closed haroldrandom closed 4 years ago
pyyaml security warning
This is due to a vulnerability in PyYAML according to CVE-2020-1747.
Similar to https://github.com/Azure/azure-cli/issues/12428, which is fixed by https://github.com/Azure/azure-cli/pull/12440. I think we need to bump to 5.3.1 or higher versions
@jiasli - It's been two years, and somehow the line for PyYAML in requirements.txt
no longer has a specified point release associated with it.
I'm getting a similar warning as @haroldrandom, since the Azure-CLI package is pulling in knack/0.9.0
which is pulling in PyYAML/5.3.1
.
I brought it up in Issue #258.
I take that back. Everything was resolved in #258. Ended up being an issue with the pipeline.
This build