Skip to content

{CI} Bump pyyaml to latest version 6.0.1 #26919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wangzelin007 merged 1 commit into from
Jul 18, 2023
Merged

{CI} Bump pyyaml to latest version 6.0.1 #26919

wangzelin007 merged 1 commit into from
Jul 18, 2023

Conversation

@wangzelin007
Copy link
Member

@wangzelin007 wangzelin007 commented Jul 18, 2023
edited
Loading

Related command

Description

Due to CVE issue, we need bump to the latest pyyaml.

Testing Guide

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

This checklist is used to make sure that common guidelines for a pull request are followed.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 18, 2023
edited
Loading

️✔️AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.10
️✔️3.9
️✔️ams
️✔️latest
️✔️3.10
️✔️3.9
️✔️apim
️✔️latest
️✔️3.10
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.10
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.10
️✔️3.9
️✔️aro
️✔️latest
️✔️3.10
️✔️3.9
️✔️backup
️✔️latest
️✔️3.10
️✔️3.9
️✔️batch
️✔️latest
️✔️3.10
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.10
️✔️3.9
️✔️billing
️✔️latest
️✔️3.10
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.10
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.10
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.10
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.10
️✔️3.9
️✔️config
️✔️latest
️✔️3.10
️✔️3.9
️✔️configure
️✔️latest
️✔️3.10
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.10
️✔️3.9
️✔️container
️✔️latest
️✔️3.10
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.10
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️dla
️✔️latest
️✔️3.10
️✔️3.9
️✔️dls
️✔️latest
️✔️3.10
️✔️3.9
️✔️dms
️✔️latest
️✔️3.10
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.10
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.10
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.10
️✔️3.9
️✔️find
️✔️latest
️✔️3.10
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.10
️✔️3.9
️✔️identity
️✔️latest
️✔️3.10
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️kusto
️✔️latest
️✔️3.10
️✔️3.9
️✔️lab
️✔️latest
️✔️3.10
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.10
️✔️3.9
️✔️maps
️✔️latest
️✔️3.10
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.10
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.10
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.10
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.10
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.10
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.10
️✔️3.9
️✔️profile
️✔️latest
️✔️3.10
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.10
️✔️3.9
️✔️redis
️✔️latest
️✔️3.10
️✔️3.9
️✔️relay
️✔️latest
️✔️3.10
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️role
️✔️latest
️✔️3.10
️✔️3.9
️✔️search
️✔️latest
️✔️3.10
️✔️3.9
️✔️security
️✔️latest
️✔️3.10
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.10
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.10
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.10
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.10
️✔️3.9
️✔️sql
️✔️latest
️✔️3.10
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.10
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.10
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9
️✔️util
️✔️latest
️✔️3.10
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.10
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.10
️✔️3.9
️✔️latest
️✔️3.10
️✔️3.9

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 18, 2023
edited
Loading

️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

@ghost ghost added Auto-Assign Auto assign by bot CI CI labels Jul 18, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Jul 18, 2023

CI

@ghost ghost requested review from bebound, jiasli, jsntcy, kairu-ms and yonzhan July 18, 2023 06:59
@ghost ghost assigned wangzelin007 Jul 18, 2023
@wangzelin007 wangzelin007 changed the title {CI} Bump pyyaml to 6.0 {CI} Bump pyyaml to latest version 6.0.1 Jul 18, 2023
@jiasli
Copy link
Member

jiasli commented Jul 18, 2023

Knack doesn't pin PyYAML: https://github.com/microsoft/knack/blob/11f2454b8e4d977797057231d0850e7935b26fa6/setup.py#L17

DEPENDENCIES = [
    ...
    'pyyaml',

So I assume Azure CLI should do the same to avoid frequent security alerts triggered by PyYAML.

@jiasli jiasli mentioned this pull request Jul 18, 2023
Closed
@wangzelin007 wangzelin007 marked this pull request as ready for review July 18, 2023 07:29
@wangzelin007 wangzelin007 requested a review from calvinhzy as a code owner July 18, 2023 07:29
@wangzelin007 wangzelin007 merged commit b6f11be into Azure:dev Jul 18, 2023
@chenrui333 chenrui333 mentioned this pull request Jul 23, 2023
Merged
6 tasks
@bebound bebound mentioned this pull request Aug 3, 2023
Merged
3 tasks
@jancschaefer jancschaefer mentioned this pull request Aug 16, 2023
Closed
1 task
avgale pushed a commit to avgale/azure-cli that referenced this pull request Aug 24, 2023
@wangzelin007
{CI} Bump pyyaml to latest version 6.0.1 (Azure#26919)
4e5b9fb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bebound bebound bebound approved these changes

@jiasli jiasli jiasli approved these changes

@evelyn-ys evelyn-ys evelyn-ys approved these changes

@necusjz necusjz necusjz approved these changes

@jsntcy jsntcy jsntcy approved these changes

@yonzhan yonzhan Awaiting requested review from yonzhan

@kairu-ms kairu-ms Awaiting requested review from kairu-ms kairu-ms is a code owner

@calvinhzy calvinhzy Awaiting requested review from calvinhzy calvinhzy is a code owner

Assignees

@wangzelin007 wangzelin007

Labels

Auto-Assign Auto assign by bot CI CI

Projects

None yet

Milestone

July 2023 (2023-08-01)

Development

Successfully merging this pull request may close these issues.

7 participants

@wangzelin007 @yonzhan @jiasli @bebound @evelyn-ys @necusjz @jsntcy