From 2f5d36da097b49585da83286dacafcf65369a6fc Mon Sep 17 00:00:00 2001
From: Shane McDonald <me@shanemcd.com>
Date: Tue, 26 Jan 2021 13:47:44 -0500
Subject: [PATCH] Pin to latest version of PyYAML

Fixes https://github.com/yaml/pyyaml/issues/478
---
 requirements/requirements.in  | 2 +-
 requirements/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index f13ccb21b34d..9677917cd2c1 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -38,7 +38,7 @@ pygerduty
 pyparsing
 python3-saml
 python-ldap>=3.3.1 # https://github.com/python-ldap/python-ldap/issues/270
-pyyaml>=5.3.1  # minimum version to pull in new pyyaml for CVE-2017-18342
+pyyaml>=5.4.1  # minimum to fix https://github.com/yaml/pyyaml/issues/478
 schedule==0.6.0
 social-auth-core==3.3.1  # see UPGRADE BLOCKERs
 social-auth-app-django==3.1.0  # see UPGRADE BLOCKERs
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index fb05b1a25c4b..43d73ed5be0e 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -98,7 +98,7 @@ python-string-utils==1.0.0  # via openshift
 python3-openid==3.1.0     # via social-auth-core
 python3-saml==1.9.0       # via -r /awx_devel/requirements/requirements.in
 pytz==2019.3              # via django, irc, tempora, twilio
-pyyaml==5.3.1             # via -r /awx_devel/requirements/requirements.in, ansible-runner, djangorestframework-yaml, kubernetes
+pyyaml==5.4.1             # via -r /awx_devel/requirements/requirements.in, ansible-runner, djangorestframework-yaml, kubernetes
 redis==3.4.1              # via -r /awx_devel/requirements/requirements.in, django-redis
 requests-oauthlib==1.3.0  # via kubernetes, msrest, social-auth-core
 requests==2.23.0          # via -r /awx_devel/requirements/requirements.in, adal, azure-keyvault, django-oauth-toolkit, kubernetes, msrest, requests-oauthlib, slackclient, social-auth-core, twilio