build(deps): [security] bump pyyaml from 3.13 to 5.2

[dependabot-preview[bot]]

Bumps pyyaml from 3.13 to 5.2. This update includes a security fix.

Vulnerabilities fixed

*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects pyyaml** > In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used. > > Affected versions: < 4.2b1

Changelog

*Sourced from [pyyaml's changelog](https://github.com/yaml/pyyaml/blob/5.2/CHANGES).* > 5.2 (2019-12-02) > ------------------ > > * Repair incompatibilities introduced with 5.1. The default Loader was changed, > but several methods like add_constructor still used the old default > [yaml/pyyaml#279](https://github-redirect.dependabot.com/yaml/pyyaml/pull/279) -- A more flexible fix for custom tag constructors > [yaml/pyyaml#287](https://github-redirect.dependabot.com/yaml/pyyaml/pull/287) -- Change default loader for yaml.add_constructor > [yaml/pyyaml#305](https://github-redirect.dependabot.com/yaml/pyyaml/pull/305) -- Change default loader for add_implicit_resolver, add_path_resolver > * Make FullLoader safer by removing python/object/apply from the default FullLoader > [yaml/pyyaml#347](https://github-redirect.dependabot.com/yaml/pyyaml/pull/347) -- Move constructor for object/apply to UnsafeConstructor > * Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff > [yaml/pyyaml#276](https://github-redirect.dependabot.com/yaml/pyyaml/pull/276) -- Fix logic for quoting special characters > * Other PRs: > [yaml/pyyaml#280](https://github-redirect.dependabot.com/yaml/pyyaml/pull/280) -- Update CHANGES for 5.1 > > 5.1.2 (2019-07-30) > ------------------ > > * Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+ > > 5.1.1 (2019-06-05) > ------------------ > > * Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1 > > 5.1 (2019-03-13) > ---------------- > > * [yaml/pyyaml#35](https://github-redirect.dependabot.com/yaml/pyyaml/pull/35) -- Some modernization of the test running > * [yaml/pyyaml#42](https://github-redirect.dependabot.com/yaml/pyyaml/pull/42) -- Install tox in a virtualenv > * [yaml/pyyaml#45](https://github-redirect.dependabot.com/yaml/pyyaml/pull/45) -- Allow colon in a plain scalar in a flow context > * [yaml/pyyaml#48](https://github-redirect.dependabot.com/yaml/pyyaml/pull/48) -- Fix typos > * [yaml/pyyaml#55](https://github-redirect.dependabot.com/yaml/pyyaml/pull/55) -- Improve RepresenterError creation > * [yaml/pyyaml#59](https://github-redirect.dependabot.com/yaml/pyyaml/pull/59) -- Resolves [#57](https://github-redirect.dependabot.com/yaml/pyyaml/issues/57), update readme issues link > * [yaml/pyyaml#60](https://github-redirect.dependabot.com/yaml/pyyaml/pull/60) -- Document and test Python 3.6 support > * [yaml/pyyaml#61](https://github-redirect.dependabot.com/yaml/pyyaml/pull/61) -- Use Travis CI built in pip cache support > * [yaml/pyyaml#62](https://github-redirect.dependabot.com/yaml/pyyaml/pull/62) -- Remove tox workaround for Travis CI > * [yaml/pyyaml#63](https://github-redirect.dependabot.com/yaml/pyyaml/pull/63) -- Adding support to Unicode characters over codepoint 0xffff > * [yaml/pyyaml#75](https://github-redirect.dependabot.com/yaml/pyyaml/pull/75) -- add 3.12 changelog > * [yaml/pyyaml#76](https://github-redirect.dependabot.com/yaml/pyyaml/pull/76) -- Fallback to Pure Python if Compilation fails > * [yaml/pyyaml#84](https://github-redirect.dependabot.com/yaml/pyyaml/pull/84) -- Drop unsupported Python 3.3 > * [yaml/pyyaml#102](https://github-redirect.dependabot.com/yaml/pyyaml/pull/102) -- Include license file in the generated wheel package > * [yaml/pyyaml#105](https://github-redirect.dependabot.com/yaml/pyyaml/pull/105) -- Removed Python 2.6 & 3.3 support > * [yaml/pyyaml#111](https://github-redirect.dependabot.com/yaml/pyyaml/pull/111) -- Remove commented out Psyco code > * [yaml/pyyaml#129](https://github-redirect.dependabot.com/yaml/pyyaml/pull/129) -- Remove call to `ord` in lib3 emitter code > * [yaml/pyyaml#149](https://github-redirect.dependabot.com/yaml/pyyaml/pull/149) -- Test on Python 3.7-dev > * [yaml/pyyaml#158](https://github-redirect.dependabot.com/yaml/pyyaml/pull/158) -- Support escaped slash in double quotes "\/" > * [yaml/pyyaml#175](https://github-redirect.dependabot.com/yaml/pyyaml/pull/175) -- Updated link to pypi in release announcement > * [yaml/pyyaml#181](https://github-redirect.dependabot.com/yaml/pyyaml/pull/181) -- Import Hashable from collections.abc > * [yaml/pyyaml#194](https://github-redirect.dependabot.com/yaml/pyyaml/pull/194) -- Reverting [yaml/pyyaml#74](https://github-redirect.dependabot.com/yaml/pyyaml/pull/74) > ... (truncated)

Commits

- [`a5c2a04`](https://github.com/yaml/pyyaml/commit/a5c2a043a26a6bf2787870eec9006b96ba6bca91) Version 5.2 - [`f4fd3fb`](https://github.com/yaml/pyyaml/commit/f4fd3fbf874db649112f7f02add8eb42ef183741) Windows build tweaks - [`f813bc0`](https://github.com/yaml/pyyaml/commit/f813bc00f5d0f6f42984edd89ca11f4b5245d5e7) Changes for 5.2b1 - [`3f3c373`](https://github.com/yaml/pyyaml/commit/3f3c373f5027ae2a0d305fc63eb453daaf952413) bump version to 5.2b1 - [`8c5e47f`](https://github.com/yaml/pyyaml/commit/8c5e47fe62d7b9e0282a176a4b79b8b2980dc704) Move constructor for object/apply to Unsafe - [`4a31b16`](https://github.com/yaml/pyyaml/commit/4a31b16b04c08f926f01d3f297140634665f004a) Change default loader for add_implicit_resolver, add_path_resolver - [`a5394c0`](https://github.com/yaml/pyyaml/commit/a5394c04a2ef67ee218b49d7d8319f9ed8bcbbe5) Add custom constructors to multiple loaders - [`8d7a780`](https://github.com/yaml/pyyaml/commit/8d7a78003ae59752cb33e65d54cbc7b37f1fa359) Change default loader for yaml.add_constructor ([#287](https://github-redirect.dependabot.com/yaml/pyyaml/issues/287)) - [`8a7d0ed`](https://github.com/yaml/pyyaml/commit/8a7d0ed1628dc3b21e391b6cabd002dcadd2eee7) Update CHANGES for 5.1 ([#280](https://github-redirect.dependabot.com/yaml/pyyaml/issues/280)) - [`31f2279`](https://github.com/yaml/pyyaml/commit/31f2279252e9d1a3093b738570c26f44a829f0a0) Fix logic for quoting special characters ([#276](https://github-redirect.dependabot.com/yaml/pyyaml/issues/276)) - Additional commits viewable in [compare view](https://github.com/yaml/pyyaml/compare/3.13...5.2)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #178.