requirements: ensure safe version of PyYAML >= 5.4 (CVE-2020-1747)

PyYAML versions 5.1–5.3.1 are vulnerable to CVE-2020-1747, which allows arbitrary code execution through yaml.FullLoader. While PyYAML 5.4+ patches this, the dependency specification (pyyaml >= 5.1) doesn't guarantee a safe version. Let's increase the requirement to version 5.4 to ensure a safe version of is used. This patch is based on suggestions from: "YanTong C <chyeyantong03@gmail.com>" Change-Id: I901c76c59e9c1bab030eab81038e04a475b32510
2026-04-15 14:14:35 +02:00
parent 816b31eb07
commit c50f4b4a02
3 changed files with 3 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -97,7 +97,7 @@ Please install the following dependencies:
 - pyscard
 - pyserial
 - pytlv
- - pyyaml >= 5.1
+ - pyyaml >= 5.4
 - smpp.pdu (from `github.com/hologram-io/smpp.pdu`)
 - termcolor