From 379b519623cbbb72c8b4aa1982eed2b63f387296 Mon Sep 17 00:00:00 2001
From: Johannes Unterstein <johannes.unterstein@neotechnology.com>
Date: Tue, 16 Jun 2020 08:55:37 +0200
Subject: [PATCH] Update pyyaml due to CVE-2017-18342

CVE-2017-18342
high severity
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 74e38b7cd4..3cb6ddb5e7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@ certifi>=14.05.14 # MPL
 six>=1.9.0  # MIT
 python-dateutil>=2.5.3  # BSD
 setuptools>=21.0.0  # PSF/ZPL
-pyyaml>=3.12  # MIT
+pyyaml>=4.2b1  # MIT
 google-auth>=1.0.1  # Apache-2.0
 ipaddress>=1.0.17;python_version=="2.7"  # PSF
 websocket-client>=0.32.0,!=0.40.0,!=0.41.*,!=0.42.* # LGPLv2+