CVE-2020-14343 - upgrade pyyaml from 5.3.1 to 5.4

[jamiemccrindle]

Version 5.3.1 of pyyaml contains CVE-2020-14343, could you please upgrade it to 5.4.

yaml/pyyaml#420

[yonzhan]

@jiasli for awareness.

[RasmusWL]

@jamiemccrindle since this is not an issue if using the SafeLoader (with yaml.safe_load), have you seen any places where safe_load is not used? I don't know a lot about this codebase, but just want to highlight that it might never have been affected by CVE-2020-14343 😊

[jiasli]

Knack always uses the latest version:

https://github.com/microsoft/knack/blob/7aa098ad2a4b6b17241690675527fe3735cc59c9/setup.py#L19

DEPENDENCIES = [
    ...
    'pyyaml',

Azure CLI doesn't depend on PyYAML directly anymore: #12869.

@jamiemccrindle, if you are using pip to install Azure CLI, please upgrade underlying dependencies using:

pip install --upgrade --upgrade-strategy eager azure-cli

[jamiemccrindle]

Thanks @jiasli and @RasmusWL