Pin to latest version of PyYAML

Fixes https://github.com/yaml/pyyaml/issues/478
2026-01-11 01:57:35 -03:30 · 2021-01-26 13:47:44 -05:00 · 2021-01-26 13:47:44 -05:00 · fd0c4ec869
commit fd0c4ec869
parent a435843f23
2 changed files with 2 additions and 2 deletions
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@ -40,7 +40,7 @@ pygerduty
 pyparsing
 python3-saml
 python-ldap>=3.3.1 # https://github.com/python-ldap/python-ldap/issues/270
-pyyaml>=5.3.1  # minimum version to pull in new pyyaml for CVE-2017-18342
+pyyaml>=5.4.1  # minimum to fix https://github.com/yaml/pyyaml/issues/478
 schedule==0.6.0
 social-auth-core==3.3.1  # see UPGRADE BLOCKERs
 social-auth-app-django==3.1.0  # see UPGRADE BLOCKERs
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -100,7 +100,7 @@ python-string-utils==1.0.0  # via openshift
 python3-openid==3.1.0     # via social-auth-core
 python3-saml==1.9.0       # via -r /awx_devel/requirements/requirements.in
 pytz==2019.3              # via django, irc, tempora, twilio
-pyyaml==5.3.1             # via -r /awx_devel/requirements/requirements.in, ansible-runner, djangorestframework-yaml, kubernetes
+pyyaml==5.4.1             # via -r /awx_devel/requirements/requirements.in, ansible-runner, djangorestframework-yaml, kubernetes
 redis==3.4.1              # via -r /awx_devel/requirements/requirements.in, django-redis
 requests-oauthlib==1.3.0  # via kubernetes, msrest, social-auth-core
 requests==2.23.0          # via -r /awx_devel/requirements/requirements.in, adal, azure-keyvault, django-oauth-toolkit, kubernetes, msrest, requests-oauthlib, slackclient, social-auth-core, twilio