From 65cafa37c7bb4f3468c6a63d05880b56d984c2e9 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Tue, 24 Mar 2020 15:59:31 -0400
Subject: [PATCH] pin a minimum pyyaml version to address (CVE-2017-18342)

see: https://github.com/ansible/awx/issues/6393
---
 requirements/requirements.in  | 3 ++-
 requirements/requirements.txt | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index e20e7eb2a6..b242763178 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -27,7 +27,7 @@ irc
 jinja2
 jsonschema
 Markdown  # used for formatting API help
-openshift
+openshift>=0.11.0  # minimum version to pull in new pyyaml for CVE-2017-18342
 pexpect==4.7.0 # see library notes
 prometheus_client
 psycopg2
@@ -36,6 +36,7 @@ pyparsing
 python-memcached
 python-radius
 python3-saml
+pyyaml>=5.3.1  # minimum version to pull in new pyyaml for CVE-2017-18342
 schedule==0.6.0
 social-auth-core==3.2.0  # see UPGRADE BLOCKERs
 social-auth-app-django==3.1.0  # see UPGRADE BLOCKERs
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 91e6eb942b..65d21ee851 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -61,7 +61,7 @@ jaraco.stream==3.0.0      # via irc
 jaraco.text==3.2.0        # via irc, jaraco.collections
 jinja2==2.11.1            # via -r /awx_devel/requirements/requirements.in, openshift
 jsonschema==3.2.0         # via -r /awx_devel/requirements/requirements.in
-kubernetes==10.1.0        # via openshift
+kubernetes==11.0.0        # via openshift
 lockfile==0.12.2          # via python-daemon
 lxml==4.5.0               # via xmlsec
 markdown==3.2.1           # via -r /awx_devel/requirements/requirements.in
@@ -73,7 +73,7 @@ msrestazure==0.6.3        # via azure-keyvault
 multidict==4.7.5          # via aiohttp, yarl
 netaddr==0.7.19           # via pyrad
 oauthlib==3.1.0           # via django-oauth-toolkit, requests-oauthlib, social-auth-core
-openshift==0.10.3         # via -r /awx_devel/requirements/requirements.in
+openshift==0.11.0         # via -r /awx_devel/requirements/requirements.in
 pexpect==4.7.0            # via -r /awx_devel/requirements/requirements.in, ansible-runner
 pkgconfig==1.5.1          # via xmlsec
 prometheus-client==0.7.1  # via -r /awx_devel/requirements/requirements.in
@@ -99,7 +99,7 @@ python-string-utils==1.0.0  # via openshift
 python3-openid==3.1.0     # via social-auth-core
 python3-saml==1.9.0       # via -r /awx_devel/requirements/requirements.in
 pytz==2019.3              # via django, irc, tempora, twilio
-pyyaml==3.13              # via ansible-runner, djangorestframework-yaml, kubernetes
+pyyaml==5.3.1             # via -r /awx_devel/requirements/requirements.in, ansible-runner, djangorestframework-yaml, kubernetes
 redis==3.4.1              # via -r /awx_devel/requirements/requirements.in
 requests-futures==1.0.0   # via -r /awx_devel/requirements/requirements.in
 requests-oauthlib==1.3.0  # via kubernetes, msrest, social-auth-core