CLI v1.18.218 uses version(s) of PyYAML that has a known vulnerability

[smimani-godaddy]

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• [x ] I've gone though the User Guide and the API reference
• [ x] I've searched for previous similar issues and didn't find any solution

Describe the bug
A clear and concise description of what the bug is.
AWS cli requires PyYAML<5.4,>=3.10 but these versions have a known vulnerability. https://snyk.io/vuln/pip:pyyaml
SDK version number
latest
Platform/OS/Hardware/Device
What are you running the cli on?
macOS

To Reproduce (observed behavior)
Steps to reproduce the behavior

Expected behavior
A clear and concise description of what you expected to happen.
Use a version of PyYAML that is vulnerability free
Logs/output
awscli 1.18.218 has requirement PyYAML<5.4,>=3.10; python_version != "3.4", but you'll have pyyaml 5.4 which is incompatible.
Get full traceback and error logs by adding --debug to the command.

Additional context
Add any other context about the problem here.

[nateprewitt]

Hi @smimani-godaddy, I believe there's already a PR (#5887) open around this. The CLI only uses safe_load, so it's not impacted by the current CVEs in PyYAML. We're working to validate we can raise the allowed pin, allowing other software to use an updated version.

Users who upgrade to the CLI v2 will avoid these routine CVEs with PyYAML since the dependency has been dropped entirely.