pysim/requirements.txt at c712ecbb0ecdf36ca731f736172e8bbd308b14ce

Files

Philipp Maier c50f4b4a02 requirements: ensure safe version of PyYAML >= 5.4 (CVE-2020-1747)

PyYAML versions 5.1–5.3.1 are vulnerable to CVE-2020-1747, which allows
arbitrary code execution through yaml.FullLoader. While PyYAML 5.4+
patches this, the dependency specification (pyyaml >= 5.1) doesn't
guarantee a safe version. Let's increase the requirement to version
5.4 to ensure a safe version of is used.

This patch is based on suggestions from:
"YanTong C <chyeyantong03@gmail.com>"

Change-Id: I901c76c59e9c1bab030eab81038e04a475b32510

2026-04-16 11:01:19 +00:00

317 B

Raw Blame History

View Raw

317 B Raw Blame History

317 B

Raw Blame History