You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/08 22:47:11 UTC

[GitHub] [pulsar] utahkay opened a new pull request, #15989: [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343

utahkay opened a new pull request, #15989:
URL: https://github.com/apache/pulsar/pull/15989

   <!--
   ### Contribution Checklist
     
     - PR title format should be *[type][component] summary*. For details, see *[Guideline - Pulsar PR Naming Convention](https://docs.google.com/document/d/1d8Pw6ZbWk-_pCKdOmdvx9rnhPiyuxwq60_TrD68d7BA/edit#heading=h.trs9rsex3xom)*. 
   
     - Fill out the template below to describe the changes contributed by the pull request. That will give reviewers the context they need to do the review.
     
     - Each pull request should address only one issue, not mix up code from multiple issues.
     
     - Each commit in the pull request has a meaningful commit message
   
     - Once all items of the checklist are addressed, remove the above text and this checklist, leaving only the filled out template below.
   
   **(The sections below can be removed for hotfixes of typos)**
   -->
   
   ### Motivation
   
   Apt-get latest version of python3-yaml is 5.3.1, but this version contains [CVE-2020-14343](https://nvd.nist.gov/vuln/detail/CVE-2020-14343). 
   
   
   ### Modifications
   
   Use pip to install pyyaml in order to get a version without the vulnerability.
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   
   Hopefully existing tests verify the functionality that pyyaml is used for.
   
   
   ### Does this pull request potentially affect one of the following parts:
   
   *If `yes` was chosen, please highlight the changes*
   
     - Dependencies (does it add or upgrade a dependency): Yes
     - The public API: don't know
     - The schema: don't know
     - The default values of configurations: don't know
     - The wire protocol: don't know
     - The rest endpoints: don't know
     - The admin cli options: don't know
     - Anything that affects deployment: don't know
   
   ### Documentation
   
   Check the box below or label this PR directly.
   
   Need to update docs? 
   
   - [ ] `doc-required` 
   (Your PR needs to update docs and you will update later)
     
   - [X] `doc-not-needed` 
   Security fix; should not affect intended behavior.
     
   - [ ] `doc` 
   (Your PR contains doc changes)
   
   - [ ] `doc-complete`
   (Docs have been already added)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui merged pull request #15989: [fix][pulsar] Bump pyyaml from 5.3.1 to 5.4.1 to solve CVE-2020-14343

Posted by GitBox <gi...@apache.org>.
codelipenghui merged PR #15989:
URL: https://github.com/apache/pulsar/pull/15989


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org