Update pyyaml on 6.0.1

[ikheifets-splunk]

Hello, @glours !

Yeah 5.4.1 is not affected by CVE, but this version has problem with installation , all the versions < 5.4.1 has this CVE.

I mean that the users which will have problem with 5.4.1, will got version 5.3.1 that have security issue.

I understanding EOL, but security issue anyway should be fixed

Originally posted by @ikheifets-splunk in #11139 (comment)

[glours]

Please keep the conversation in the original issue to avoid discussion splitting

[ikheifets-splunk]

@glours you closed issue before we finished discussion, by this reason I opened new issue.
It's a very high risk that when you installing using pip install docker-compose you will have security issue, because of dependency resolver can choose another that not failing

[glours]

A closed issue can be re-open if needed

[ndeloof]

docker-compose (python) is End of Life after having been deprecated for 1 year, and you should just not install it. We don't offer any maintenance on this package anymore, including security updates. Like Windows 95, docker-compose python is just dead - don't use it.

[alingse]

let's maintain a public docker-compose package

[ndeloof]

@alingse why not just use the actively developed version ?

[eudaimos]

@alingse are you looking for a python package to include in a program or are you using pip to install and use compose as a binary shell command?

[alingse]

I have been assigned to deploy a Python project, which uses docker-compose 1.29.2 to import and export some configurations. It not only depends on the CLI, but also needs to run some Python code. However, docker-compose relies on PyYAML 5.4.1, which cannot be directly installed on Python 3.10 or above versions. So my idea is to remove the limit of 'PyYAML >= 3.10, < 6' in the setup.py file.

see alingse-forks#2 --> setup a python Github Action
alingse-forks#1 --> upgrade PyYAML and make test

@eudaimos @ndeloof