Bump pyyaml from 5.3.1 to 5.4.1 (#6511)

RCE resolved in new version https://github.com/yaml/pyyaml/issues/420
2021-01-28 10:46:56 -08:00 · 2021-01-28 10:46:56 -08:00 · 1c8d5ec500
commit 1c8d5ec500
parent 5985d949fa
4 changed files with 5 additions and 5 deletions
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@ -429,8 +429,8 @@ RUN pip3 uninstall -y enum34
 RUN pip2 install j2cli==0.3.10

 # For sonic-mgmt-framework
-RUN pip2 install "PyYAML==5.3.1"
-RUN pip3 install "PyYAML==5.3.1"
+RUN pip2 install "PyYAML==5.4.1"
+RUN pip3 install "PyYAML==5.4.1"
 RUN pip2 install "lxml==4.6.2"
 RUN pip3 install "lxml==4.6.2"

--- a/src/sonic-bgpcfgd/setup.py
+++ b/src/sonic-bgpcfgd/setup.py
@ -17,7 +17,7 @@ setuptools.setup(
    install_requires = [
        'jinja2>=2.10',
        'netaddr==0.8.0',
-        'pyyaml==5.3.1',
+        'pyyaml==5.4.1',
    ],
    setup_requires = [
        'pytest-runner',
--- a/src/sonic-config-engine/setup.py
+++ b/src/sonic-config-engine/setup.py
@ -9,7 +9,7 @@ dependencies = [
    'ipaddress==1.0.23',
    'lxml==4.6.2',
    'netaddr==0.8.0',
-    'pyyaml==5.3.1',
+    'pyyaml==5.4.1',
    'sonic-py-common',
 ]

--- a/src/sonic-frr-mgmt-framework/setup.py
+++ b/src/sonic-frr-mgmt-framework/setup.py
@ -14,7 +14,7 @@ setuptools.setup(
    install_requires = [
        'jinja2>=2.10',
        'netaddr==0.8.0',
-        'pyyaml==5.3.1',
+        'pyyaml==5.4.1',
        'zipp==1.2.0', # importlib-resources needs zipp and seems to have a bug where it will try to import too new of a version for Python 2
    ],
    setup_requires = [