Yaml Vulnerability - Githubissues

sphinx-doc / sphinx-autobuild

Watch a Sphinx directory and rebuild the documentation when a change is detected. Also includes a hot-reload web server.

MIT License

523 stars 75 forks source link

Yaml Vulnerability #73

Closed epicserve closed 3 years ago

epicserve commented 5 years ago

FYI, I got a notification from Github that my project that has sphinx-autobuild in it had a vulnerability in the pyyaml package.

Upgrade pyyaml to version 4.2b1 or later.

When I run pipenv graph it showed that it was sphinx-autobuild that had pyyaml as a requirement. I added a specific requirement for pyyaml in my project for now, but would like to remove it as soon as sphinx-autobuild has been updated.

I could make a PR for this project if you would like.

epicserve commented 5 years ago

@GaretJax, any chance you could update the requirement and make a release?

AmauryOrtega commented 5 years ago

@epicserve Can you do the PR? The security warning in Github must be alerting a lot of people.

pradyunsg commented 3 years ago

Fixed by #86.