Update pyaml reference to 4.1+ to avoid Arbitrary Code Execution issues.

[SeppPenner]

The currently used PyYAML@3.13 contains a Arbitrary Code Execution issue. Check https://app.snyk.io/vuln/SNYK-PYTHON-PYYAML-42159 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342 for more information.

[ViktorHaag]

This is likely a duplicate issue. There is a PR in flight that would cover this already.

See also issues:

• PyYAML requires python-dev dependency -- issue PyYAML requires python-dev dependency #2290
• Please support python-rsa 4.0 (discusses underlying challenge of continuing to support Python 2.6) -- issue Please support python-rsa 4.0 #3660
• PyYAML is vulnerable -- issue PyYAML is vulnerable #3828
• Please port to a newer version of PyYAML -- issue Please port to a newer version of PyYAML #4042

It seems logical to close this issue to avoid adding confusion and further duplication, and potentially adding the info-references you posted here to another issue's comments?

[SeppPenner]

It seems logical to close this issue to avoid adding confusion and further duplication, and potentially adding the info-references you posted here to another issue's comments?

I agree with you. I haven't seen the other issues while searching... I added the information to two of the other issues.