Skip to content

Update pyyaml from 3.1.2 to 5.4.1 #1306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 9, 2021
Merged

Update pyyaml from 3.1.2 to 5.4.1 #1306

merged 1 commit into from
Jun 9, 2021

Conversation

palnabarun
Copy link
Member

@palnabarun palnabarun commented Nov 5, 2020
edited
Loading

5.3.1 fixed partially vulnerabilities disclosed in CVE-2020-1747.
A complete fix was debated at yaml/pyyaml#420 and eventually got patched in 5.4.1

Changeset: yaml/pyyaml@3.12...5.4.1

I skimmed through the changeset and didn't see any apparent breaking changes.
But I will go through that in more detail. Putting a hold due to the same.

/hold

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 5, 2020
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Nov 5, 2020
@yliaog
Copy link
Contributor

yliaog commented Nov 5, 2020

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 5, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: palnabarun, yliaog

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 5, 2020
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 3, 2021
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 5, 2021
@roycaihw
Copy link
Member

roycaihw commented Mar 8, 2021

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Mar 8, 2021
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 27, 2021
@palnabarun
Copy link
Member Author

/retitle Update pyyaml from 3.1.2 to 5.4.1

@k8s-ci-robot k8s-ci-robot changed the title Update pyyaml from 3.12 to 5.3.1 Update pyyaml from 3.1.2 to 5.4.1 May 27, 2021
@k8s-ci-robot k8s-ci-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label May 27, 2021
@yliaog
Copy link
Contributor

yliaog commented May 27, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 27, 2021
@palnabarun palnabarun mentioned this pull request May 28, 2021
Merged
@palnabarun
Copy link
Member Author

Rebasing this on top of changes in #1480 to verify if just dropping Python 3.5 resolves issues with resolving dependencies.

@k8s-ci-robot k8s-ci-robot removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels May 28, 2021
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label May 28, 2021
@palnabarun palnabarun mentioned this pull request Jun 6, 2021
Closed
@yliaog
Copy link
Contributor

yliaog commented Jun 7, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 7, 2021
@palnabarun
Update pyyaml from 3.12 to 5.4.1
cd15076 
5.3.1 fixed partially vulnerabilities disclosed in CVE-2020-1747.
A complete fix was debated at yaml/pyyaml#420
and eventually got patched in 5.4.1

Changeset: yaml/pyyaml@3.12...5.4.1

Signed-off-by: Nabarun Pal <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 9, 2021
@palnabarun
Copy link
Member Author

@yliaog -- needs another LGTM. :)

@yliaog
Copy link
Contributor

yliaog commented Jun 9, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 9, 2021
@palnabarun
Copy link
Member Author

/hold cancel
/release-note-none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jun 9, 2021
@k8s-ci-robot k8s-ci-robot merged commit 5ef3563 into kubernetes-client:master Jun 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roycaihw roycaihw Awaiting requested review from roycaihw

@yliaog yliaog Awaiting requested review from yliaog

Assignees

@yliaog yliaog

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@palnabarun @yliaog @k8s-ci-robot @fejta-bot @roycaihw