pin a minimum pyyaml version to address (CVE-2017-18342)

see: https://github.com/ansible/awx/issues/6393
2026-05-19 14:57:39 -02:30 · 2020-03-24 15:59:31 -04:00
parent bd7c048113
commit 65cafa37c7
2 changed files with 5 additions and 4 deletions
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -27,7 +27,7 @@ irc
 jinja2
 jsonschema
 Markdown  # used for formatting API help
-openshift
+openshift>=0.11.0  # minimum version to pull in new pyyaml for CVE-2017-18342
 pexpect==4.7.0 # see library notes
 prometheus_client
 psycopg2
@@ -36,6 +36,7 @@ pyparsing
 python-memcached
 python-radius
 python3-saml
+pyyaml>=5.3.1  # minimum version to pull in new pyyaml for CVE-2017-18342
 schedule==0.6.0
 social-auth-core==3.2.0  # see UPGRADE BLOCKERs
 social-auth-app-django==3.1.0  # see UPGRADE BLOCKERs