Allow PyYAML 5.4.x

PyYAML 5.4 was released a couple of days ago with a fix for: - https://ubuntu.com/security/CVE-2020-14343 - yaml/pyyaml#420 - https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation The changes otherwise appear to be backwards compatible: - https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES Being able to use a later version is important for companies that have automatic dependency scanning for CVEs.
aws · Feb 8, 2021 · a62b73b · a62b73b
1 parent 08fb806
commit a62b73b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/setup.cfg b/setup.cfg
@@ -7,7 +7,7 @@ requires-dist =
         botocore==1.20.3
         docutils>=0.10,<0.16
         s3transfer>=0.3.0,<0.4.0
-        PyYAML>=3.10,<5.4
+        PyYAML>=3.10,<5.5
         colorama>=0.2.5,<0.4.4
         rsa>=3.1.2,<=4.5.0
 

diff --git a/setup.py b/setup.py
@@ -27,7 +27,7 @@ def find_version(*file_paths):
     'botocore==1.20.3',
     'docutils>=0.10,<0.16',
     's3transfer>=0.3.0,<0.4.0',
-    'PyYAML>=3.10,<5.4',
+    'PyYAML>=3.10,<5.5',
     'colorama>=0.2.5,<0.4.4',
     'rsa>=3.1.2,<=4.5.0',
 ]