Updating PyYaml dependency to resolve security flaw

benkarl · benkarl · commit 01cd7356119a · 2019-01-09T10:21:42.000-05:00
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+15.0.2 -- 01/08/2019
+* Updated PyYAML dependencies to >=4.2b1 for https://nvd.nist.gov/vuln/detail/CVE-2017-18342
+
 15.0.1 -- 11/16/2018
 * Added Smart Shopping ad example (v201809)
 
diff --git a/README.md b/README.md
@@ -259,3 +259,5 @@ have Python 2.7.9 (or higher) or Python 3.4 (or higher) installed.
 
 ## Authors:
     Mark Saniscalchi
+    David Wihl
+    Ben Karl
diff --git a/googleads/common.py b/googleads/common.py
@@ -78,7 +78,7 @@
     'compatibility with this library, upgrade to Python 2.7.9 or higher.')
 
 
-VERSION = '15.0.1'
+VERSION = '15.0.2'
 _COMMON_LIB_SIG = 'googleads/%s' % VERSION
 _LOGGING_KEY = 'logging'
 _HTTP_PROXY_YAML_KEY = 'http'
diff --git a/setup.py b/setup.py
@@ -26,7 +26,7 @@
 
 DEPENDENCIES = ['google-auth>=1.0.0,<2.0.0',
                 'google-auth-oauthlib>=0.0.1,<1.0.0', 'pytz>=2015.7',
-                'PyYAML>=3.11,<4.0', 'requests>=2.0.0,<3.0.0',
+                'PyYAML>=4.2b1, <5.0', 'requests>=2.0.0,<3.0.0',
                 'suds-jurko>=0.6,<0.7', 'xmltodict>=0.9.2,<1.0.0',
                 'zeep>=2.5.0']
 
