From bc91d81b74e6964287296122764f7cc21a759039 Mon Sep 17 00:00:00 2001
From: Louis Dionne <ldionne.2@gmail.com>
Date: Mon, 6 Oct 2025 09:16:47 -0400
Subject: [PATCH 1/2] [deps] Bump Pyyaml to 6.0

This resolves a number of Dependatbot alerts. Also, this moves the
pinning down of the depedency from setup.py to requirements.txt, which
is apparently best practice.
---
 requirements.server.txt | 1 +
 setup.py                | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.server.txt b/requirements.server.txt
index 24853b1a..6aa69400 100644
--- a/requirements.server.txt
+++ b/requirements.server.txt
@@ -3,3 +3,4 @@
 psycopg2==2.8
 gunicorn==19.9.0
 progressbar2
+pyyaml==6.0
diff --git a/setup.py b/setup.py
index 8e193256..e4095ffc 100644
--- a/setup.py
+++ b/setup.py
@@ -130,7 +130,6 @@
         "Flask-WTF==0.12",
         "typing",
         "click==6.7",
-        "pyyaml==5.1.2",
         "requests",
         "certifi"
     ],

From 57a6a313becb0e5f1ddcefc0c0d120735a514be6 Mon Sep 17 00:00:00 2001
From: Louis Dionne <ldionne.2@gmail.com>
Date: Mon, 6 Oct 2025 09:27:51 -0400
Subject: [PATCH 2/2] Keep pyyaml in setup.py since we actually import it
 directly

---
 setup.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup.py b/setup.py
index e4095ffc..b508ee40 100644
--- a/setup.py
+++ b/setup.py
@@ -126,6 +126,7 @@
         "itsdangerous==0.24",
         "python-gnupg==0.3.7",
         "pytz==2016.10",
+        "pyyaml",
         "WTForms==2.0.2",
         "Flask-WTF==0.12",
         "typing",