[jira] [Commented] (BEAM-6896) Beam Dependency Update Request: PyYAML

Brian Hulette (Jira) Mon, 30 Sep 2019 09:58:21 -0700


    [ 
https://issues.apache.org/jira/browse/BEAM-6896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941135#comment-16941135
 ]


Brian Hulette commented on BEAM-6896:
-------------------------------------

[~erbianchi] also pointed out that there was a security flaw in pyyaml, 
resolved in 5.1. Details here https://github.com/yaml/pyyaml/issues/207

> Beam Dependency Update Request: PyYAML
> --------------------------------------
>
>                 Key: BEAM-6896
>                 URL: https://issues.apache.org/jira/browse/BEAM-6896
>             Project: Beam
>          Issue Type: Bug
>          Components: dependencies
>            Reporter: Beam JIRA Bot
>            Assignee: Robert Bradshaw
>            Priority: Major
>             Fix For: Not applicable
>
>
>  ------------------------- 2019-03-25 04:17:47.501359 
> -------------------------
>         Please consider upgrading the dependency PyYAML. 
>         The current version is 3.13. The latest version is 5.1 
>         cc: 
>  Please refer to [Beam Dependency Guide 
> |https://beam.apache.org/contribute/dependencies/]for more information. 
> Do Not Modify The Description Above. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (BEAM-6896) Beam Dependency Update Request: PyYAML

Reply via email to