From cfa256464e519468f227e676e2ca0829bf5c7e02 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Thu, 18 Feb 2021 15:44:40 +0000
Subject: Bump minimum version for PyYAML to 5.1

This addresses CVE-2017-18342. I doubt anyone is actually using an
old version of PyYAML with oslo.config at this point, but that means
it shouldn't hurt to bump the minimum either.

Change-Id: I4f440eb9511333ce70db4184857dcbcdd0ed1b97
Closes-Bug: 1839398
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 9c1d5c3..58bd439 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,6 +7,6 @@ netaddr>=0.7.18 # BSD
 stevedore>=1.20.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0
 rfc3986>=1.2.0 # Apache-2.0
-PyYAML>=3.12 # MIT
+PyYAML>=5.1 # MIT
 requests>=2.18.0 # Apache-2.0
 importlib_metadata>=1.7.0;python_version<'3.8' # Apache-2.0
-- 
cgit v1.2.1