PyYaml < 5.1 is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2017-18342. This PR forces PyYaml to a patched version without the vulnerability. I've also moved the PyYaml dep to requirements-dev since we do not use the library in the main code, but only to satisfy the dependencies of sphinx-autobuild in requirements-dev.txt.
I verified that I can pip install, setup, run nsot and pass all unit tests with this change.
PyYaml < 5.1 is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2017-18342. This PR forces PyYaml to a patched version without the vulnerability. I've also moved the PyYaml dep to requirements-dev since we do not use the library in the main code, but only to satisfy the dependencies of sphinx-autobuild in requirements-dev.txt.
I verified that I can pip install, setup, run nsot and pass all unit tests with this change.