Allow PyYAML 5.4.x

PyYAML 5.4 was released a couple of days ago with a fix for: - https://ubuntu.com/security/CVE-2020-14343 - yaml/pyyaml#420 - https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation The changes otherwise appear to be backwards compatible: - https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES Being able to use a later version is important for companies that have automatic dependency scanning for CVEs.
aws · Jan 21, 2021 · 8a59a03 · 8a59a03
1 parent bfa346d
commit 8a59a03
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/setup.cfg b/setup.cfg
@@ -8,7 +8,7 @@ requires-dist =
         docutils>=0.10,<0.16
         s3transfer>=0.3.0,<0.4.0
         PyYAML>=3.10,<5.3; python_version=='3.4'
-        PyYAML>=3.10,<5.4; python_version!='3.4'
+        PyYAML>=3.10,<5.5; python_version!='3.4'
         colorama>=0.2.5,<0.4.2; python_version=='3.4'
         colorama>=0.2.5,<0.4.4; python_version!='3.4'
         rsa>=3.1.2,<=4.0.0; python_version=='3.4'

diff --git a/setup.py b/setup.py
@@ -35,7 +35,7 @@ def find_version(*file_paths):
     install_requires.append('colorama>=0.2.5,<0.4.2')
     install_requires.append('rsa>=3.1.2,<=4.0.0')
 else:
-    install_requires.append('PyYAML>=3.10,<5.4')
+    install_requires.append('PyYAML>=3.10,<5.5')
     install_requires.append('colorama>=0.2.5,<0.4.4')
     install_requires.append('rsa>=3.1.2,<=4.5.0')