pyyaml library should be updated to 4.2b1+
Categories
(Mozilla Localizations :: Other, enhancement)
Tracking
(Not tracked)
People
(Reporter: liuche, Unassigned)
Details
Attachments
(1 file)
|
184.88 KB,
image/png
|
Details |
Security notice from GitHub
I work on Firefox TV, and GitHub surfaced a security alert for one of the libraries we're using in robotranslations/requirements.txt.
I've attached a screenshot of the error, but the warning is that there's a vulnerability in previous versions of pyyaml, which could execute arbitrary code, and the fix is to use yaml.safe_load.
Is this something that we could upgrade without breaking anything, or is there something L10N needs to do before we do that?
|
Reporter | |
Updated•7 years ago
|
|
|
Reporter | |
Comment 1•7 years ago
|
||
According to :Pike, this isn't used in any toolchains, so we'll just remove it completely from the repo.
|
||
Updated•7 years ago
|
|
|
Reporter | |
Comment 2•7 years ago
•
|
||
Removed it from both FFTV and FFES repos.
FFTV: https://github.com/mozilla-mobile/firefox-tv/commit/7ca48961a040f93375186eb2e722af667ade93f7
https://github.com/mozilla-mobile/firefox-tv/pull/1643
FFES: https://github.com/mozilla-mobile/firefox-echo-show/commit/9e2829c41839b69eb395af5ac9b55a72e26d0c5f
https://github.com/mozilla-mobile/firefox-echo-show/pull/166
|
|
||
Updated•7 years ago
|
|
|
||
Updated•5 years ago
|
Description
•