From a62b73b227c6d77401eedc84e088a6f62aebe4de Mon Sep 17 00:00:00 2001
From: Dan Carley <dan.carley@gmail.com>
Date: Thu, 21 Jan 2021 16:52:57 +0000
Subject: [PATCH] Allow PyYAML 5.4.x

PyYAML 5.4 was released a couple of days ago with a fix for:

- https://ubuntu.com/security/CVE-2020-14343
- https://github.com/yaml/pyyaml/issues/420
- https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

The changes otherwise appear to be backwards compatible:

- https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES

Being able to use a later version is important for companies that have
automatic dependency scanning for CVEs.
---
 setup.cfg | 2 +-
 setup.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 80ec154559f6..dadf452e3604 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -7,7 +7,7 @@ requires-dist =
         botocore==1.20.3
         docutils>=0.10,<0.16
         s3transfer>=0.3.0,<0.4.0
-        PyYAML>=3.10,<5.4
+        PyYAML>=3.10,<5.5
         colorama>=0.2.5,<0.4.4
         rsa>=3.1.2,<=4.5.0
 
diff --git a/setup.py b/setup.py
index a52481daa5a8..a934c3bbeef4 100644
--- a/setup.py
+++ b/setup.py
@@ -27,7 +27,7 @@ def find_version(*file_paths):
     'botocore==1.20.3',
     'docutils>=0.10,<0.16',
     's3transfer>=0.3.0,<0.4.0',
-    'PyYAML>=3.10,<5.4',
+    'PyYAML>=3.10,<5.5',
     'colorama>=0.2.5,<0.4.4',
     'rsa>=3.1.2,<=4.5.0',
 ]