From 8f8520eac8ee9a1607775e3237a7077b8b105b8d Mon Sep 17 00:00:00 2001
From: Qi Luo <qiluo-msft@users.noreply.github.com>
Date: Thu, 28 Jan 2021 10:46:56 -0800
Subject: [PATCH] Bump pyyaml from 5.3.1 to 5.4.1 (#6511)

RCE resolved in new version https://github.com/yaml/pyyaml/issues/420
---
 sonic-slave-buster/Dockerfile.j2      | 4 ++--
 src/sonic-bgpcfgd/setup.py            | 2 +-
 src/sonic-config-engine/setup.py      | 2 +-
 src/sonic-frr-mgmt-framework/setup.py | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index b8234e19d01..6b0c347d31e 100644
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -412,8 +412,8 @@ RUN pip3 uninstall -y enum34
 RUN pip2 install j2cli==0.3.10
 
 # For sonic-mgmt-framework
-RUN pip2 install "PyYAML==5.3.1"
-RUN pip3 install "PyYAML==5.3.1"
+RUN pip2 install "PyYAML==5.4.1"
+RUN pip3 install "PyYAML==5.4.1"
 RUN pip2 install "lxml==4.6.2"
 RUN pip3 install "lxml==4.6.2"
 
diff --git a/src/sonic-bgpcfgd/setup.py b/src/sonic-bgpcfgd/setup.py
index d6290bccb2b..ab86ca20ec1 100755
--- a/src/sonic-bgpcfgd/setup.py
+++ b/src/sonic-bgpcfgd/setup.py
@@ -17,7 +17,7 @@
     install_requires = [
         'jinja2>=2.10',
         'netaddr==0.8.0',
-        'pyyaml==5.3.1',
+        'pyyaml==5.4.1',
     ],
     setup_requires = [
         'pytest-runner',
diff --git a/src/sonic-config-engine/setup.py b/src/sonic-config-engine/setup.py
index c9dfd3609b9..d167e056643 100644
--- a/src/sonic-config-engine/setup.py
+++ b/src/sonic-config-engine/setup.py
@@ -9,7 +9,7 @@
     'ipaddress==1.0.23',
     'lxml==4.6.2',
     'netaddr==0.8.0',
-    'pyyaml==5.3.1',
+    'pyyaml==5.4.1',
     'sonic-py-common',
 ]
 
diff --git a/src/sonic-frr-mgmt-framework/setup.py b/src/sonic-frr-mgmt-framework/setup.py
index d8681d1bbd8..d3c9f1dae17 100755
--- a/src/sonic-frr-mgmt-framework/setup.py
+++ b/src/sonic-frr-mgmt-framework/setup.py
@@ -14,7 +14,7 @@
     install_requires = [
         'jinja2>=2.10',
         'netaddr==0.8.0',
-        'pyyaml==5.3.1',
+        'pyyaml==5.4.1',
         'zipp==1.2.0', # importlib-resources needs zipp and seems to have a bug where it will try to import too new of a version for Python 2
     ],
     setup_requires = [