Safety vulnerability ID: 43380
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Nf-core 1.7 uses yaml.safe_load() to fix a code execution vulnerability.
https://github.com/nf-core/tools/commit/8946dc988792c844f4018c993fdef5711705b67a
Latest version: 3.1.0
Helper tools for use with nf-core Nextflow pipelines.
Tools helper code
* The tools `create` command now sets up a `TEMPLATE` and a `dev` branch for syncing
* Fixed issue [379](https://github.com/nf-core/tools/issues/379)
* nf-core launch now uses stable parameter schema version 0.1.0
* Check that PR from patch or dev branch is acceptable by linting
* Made code compatible with Python 3.7
* The `download` command now also fetches institutional configs from nf-core/configs
* When listing pipelines, a nicer message is given for the rare case of a detached `HEAD` ref in a locally pulled pipeline. [297](https://github.com/nf-core/tools/issues/297)
* The `download` command can now compress files into a single archive.
* `nf-core create` now fetches a logo for the pipeline from the nf-core website
* The readme should now be rendered properly on PyPI.
Syncing
* Can now sync a targeted pipeline via command-line
* Updated Blacklist of synced pipelines
* Removed `chipseq` from Blacklist of synced pipelines
* Fixed issue [314](https://github.com/nf-core/tools/issues/314)
Linting
* If the container slug does not contain the nf-core organisation (for example during development on a fork), linting will raise a warning, and an error with release mode on
Template pipeline
* Add new code for Travis CI to allow PRs from patch branches too
* Fix small typo in central readme of tools for future releases
* Small code polishing + typo fix in the template main.nf file
* Header ANSI codes no longer print `[2m` to console when using `-with-ansi`
* Switched to yaml.safe_load() to fix PyYAML warning that was thrown because of a possible [exploit](https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation)
* Add `nf-core` citation
* Add proper `nf-core` logo for tools
* Add `Quick Start` section to main README of template
* Fix [Docker RunOptions](https://github.com/nf-core/tools/pull/351) to get UID and GID set in the template
* `Dockerfile` now specifically uses the proper release tag of the nfcore/base image
* Use [`file`](https://github.com/nf-core/tools/pull/354) instead of `new File`
to avoid weird behavior such as making an `s3:/` directory locally when using
an AWS S3 bucket as the `--outdir`.
* Fix workflow.onComplete() message when finishing pipeline
* Update URL for joining the nf-core slack to [https://nf-co.re/join/slack](https://nf-co.re/join/slack)
* Add GitHub Action for CI and Linting
* [Increased default time limit](https://github.com/nf-core/tools/issues/370) to 4h
* Add direct link to the pipeline slack channel in the contribution guidelines
* Add contributions and support heading with links to contribution guidelines and link to the pipeline slack channel in the main README
* Fix Parameters JSON due to new versionized structure
* Added conda-forge::r-markdown=1.1 and conda-forge::r-base=3.6.1 to environment
* Plain-text email template now has nf-core ASCII artwork
* Template configured to use logo fetched from website
* New option `--email_on_fail` which only sends emails if the workflow is not successful
* Add file existence check when checking software versions
* Fixed issue [165](https://github.com/nf-core/tools/issues/165) - Use `checkIfExists`
* Consistent spacing for `if` statements
* Add sensible resource labels to `base.config`
Other
* Bump `conda` to 4.6.14 in base nf-core Dockerfile
* Added a Code of Conduct to nf-core/tools, as only the template had this before
* TravisCI tests will now also start for PRs from `patch` branches, [to allow fixing critical issues](https://github.com/nf-core/tools/pull/392) without making a new major release
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application