Update dependency vcrpy to v8 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vcrpy	^6.0.0 → ^8.0.0

---

VCR.py: Arbitrary code execution via unsafe YAML deserialization of cassette files

GHSA-rpj2-4hq8-938g

More information

Details

Summary

vcrpy deserializes YAML cassette files with PyYAML's object-constructing loader (yaml.CLoader / yaml.Loader) instead of the safe loader (yaml.CSafeLoader / yaml.SafeLoader). A cassette containing a !!python/object/apply: (or similar) tag therefore executes arbitrary Python code the moment the cassette is loaded — including through the normal VCR().use_cassette() path, before any HTTP interaction is replayed.

This is not limited to environments lacking the libYAML C extension. CLoader uses the C parser but PyYAML's full Python constructor, so Python
object tags execute under CLoader exactly as under the pure-Python Loader. Confirmed against vcrpy 8.1.1 + PyYAML 6.0.3 with CLoader active.

Affected component

• vcr/serializers/yamlserializer.py — deserialize() → yaml.load(cassette_string, Loader=Loader) where Loader is CLoader/Loader. Reached on every cassette load.
• vcr/migration.py (~line 107) — yaml.load(preprocess_yaml(...), Loader=Loader). A second sink reached when the migration tool is run on a .yaml file. preprocess_yaml() only strips three known legacy tags, so other tags still execute.

Present in all releases inspected, 1.0.0 through 8.1.1.

Proof of concept

import vcr, requests

##### Attacker-supplied cassette. The payload sits in an ignored top-level key

##### so the rest of the cassette stays valid; it fires during load.
open("evil.yaml", "w").write("""interactions:
- request:
    body: null
    headers: {Accept: ['*/*']}
    method: GET
    uri: http://example.com/
  response:
    body: {string: ok}
    headers: {Content-Type: ['text/plain']}
    status: {code: 200, message: OK}
_x: !!python/object/apply:os.system ['touch /tmp/VCRPY_YAML_RCE']
version: 1
""")

with vcr.use_cassette("evil.yaml"):      # <-- /tmp/VCRPY_YAML_RCE created here
    requests.get("http://example.com/")

Loading the cassette creates /tmp/VCRPY_YAML_RCE, demonstrating arbitrary command execution. Any Python callable can be invoked this way.

Impact

Arbitrary code execution in the process that loads the cassette, with that process's full privileges. Realistic delivery paths:

• A malicious cassette added in a pull request and loaded when CI runs the tests.
• A poisoned shared test-fixture repository or cassette artifact store.
• "Updated recorded HTTP fixtures" social-engineering.

Because cassettes are typically loaded by test suites in CI/CD and on developer machines, the exposed secrets are exactly the high-value ones in those environments: CI deployment credentials, cloud IAM roles, registry/publishing tokens, and source access.

Patch

Use the safe loader in vcr/serializers/yamlserializer.py:

try:
    from yaml import CDumper as Dumper
    from yaml import CSafeLoader as Loader
except ImportError:
    from yaml import Dumper
    from yaml import SafeLoader as Loader

def deserialize(cassette_string):
    return yaml.load(cassette_string, Loader=Loader)

Apply the same SafeLoader change in vcr/migration.py.

This is backwards compatible: vcrpy cassettes only contain standard YAML (scalars/lists/maps plus !!binary, all supported by SafeLoader/CSafeLoader), so existing cassettes load unchanged. vcrpy's serialize.deserialize() already catches yaml.constructor.ConstructorError, so a Python-tagged cassette now surfaces as the existing "old cassette format" ValueError instead of executing.

Recommended hardening: add a regression test that loads a cassette containing !!python/object/apply:os.system and asserts a ConstructorError/ValueError and that no side effect occurs.

Severity

• CVSS Score: 7.8 / 10 (High)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

• https://github.com/kevin1024/vcrpy/security/advisories/GHSA-rpj2-4hq8-938g
• https://github.com/advisories/GHSA-rpj2-4hq8-938g

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

kevin1024/vcrpy (vcrpy)

v8.2.1

Compare Source

What's Changed

• SECURITY: Cassettes are now loaded with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded. Previously a crafted cassette containing a Python object tag (e.g. !!python/object/apply:os.system) would execute code on load, including via the normal vcr.use_cassette() path. Existing cassettes (including file-upload/streaming bodies) continue to load. Advisory: GHSA-rpj2-4hq8-938g — thanks @​RamiAltai and @​EQSTLab for the reports.
• Validate record_mode and raise a clear error on an invalid value (#​208)
• Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#​986)

Full Changelog: kevin1024/vcrpy@v8.2.0...v8.2.1

v8.2.0

Compare Source

What's Changed

• Add support for httpx 2.x (#​993) - thanks @​dsfaccini
• Patch httpx transports instead of httpcore (#​972) - thanks @​seowalex
• Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#​995) - thanks @​dsfaccini
• Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#​962) - thanks @​jamesbraza
• Make the request URL available on VCRHTTPResponse (#​976) - thanks @​dAnjou
• Improve error message when a matching request has already been consumed (#​985) - thanks @​Polandia94
• Fix body check in convert_body_to_unicode to use an explicit type check (#​982) - thanks @​Polandia94
• Add env proxy cassette regression test (#​994) - thanks @​tine1117
• Remove milestone references from docs (#​984) - thanks @​Polandia94
• CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#​973)

Full Changelog: kevin1024/vcrpy@v8.1.1...v8.2.0

v8.1.1

Compare Source

What's Changed

• Fix sync requests in async contexts for HTTPX (#​965) - thanks @​seowalex
• CI: bump peter-evans/create-pull-request from 7 to 8 (#​969)

v8.1.0

Compare Source

New Features

• Enable brotli decompression if available (via brotli, brotlipy or brotlicffi) (#​620) - thanks @​immerrr

Bug Fixes

• Fix aiohttp allowing both data and json arguments when one is None (#​624) - thanks @​leorochael
• Fix usage of io-like interface with VCR.py (#​906) - thanks @​tito and @​kevdevg

Other Changes

• Migrate to declarative Python package config (#​767) - thanks @​deronnax
• Various linting fixes - thanks @​jairhenrique
• CI: bump actions/checkout from 5 to 6 (#​955)

Full Changelog: kevin1024/vcrpy@v8.0.0...v8.1.0

v8.0.0

Compare Source

Breaking Changes

• Drop support for Python 3.9 - thanks @​jairhenrique
• Drop support for urllib3 < 2 - fixes CVE warnings from urllib3 1.x (#​926, #​880) - thanks @​jairhenrique

New Features

• New drop_unused_requests option to remove unused interactions from cassettes (#​763) - thanks @​danielnsilva

Bug Fixes

• Rewrite httpx support to patch httpcore instead of httpx (#​943) - thanks @​seowalex
  • Fixes httpx.ResponseNotRead exceptions (#​832, #​834)
  • Fixes KeyError: 'follow_redirects' (#​945)
  • Adds support for custom httpx transports
• Fix HTTPS proxy handling - proxy address no longer ends up in cassette URIs (#​809, #​914) - thanks @​alga
• Fix iscoroutinefunction deprecation warning on Python 3.14 - thanks @​kloczek

Other Changes

• Only log message if response is appended - thanks @​talfus-laddus
• Optimize urllib.parse calls - thanks @​Martin-Brunthaler
• Fix CI for Ubuntu 24.04 - thanks @​hartwork
• Various CI improvements: migrate to uv, update GitHub Actions - thanks @​jairhenrique
• Various linting and test improvements - thanks @​jairhenrique and @​hartwork

Full Changelog: kevin1024/vcrpy@v7.0.0...v8.0.0

v7.0.0

Compare Source

What's Changed

- Drop support for python 3.8 (major version bump) - thanks @​jairhenrique
- Various linting and test fixes - thanks @​jairhenrique
- Bugfix for urllib2>=2.3.0 - missing version_string (#​888)
- Bugfix for asyncio.run - thanks @​alekeik1

New Contributors

• @​exslim made their first contribution in #​889
• @​alekseik1 made their first contribution in #​886

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.