Upgrade PyYAML 5.1.2 to 5.3.1

[asherf]

https://github.com/yaml/pyyaml/blob/d0d660d035905d9c49fc0f8dafb579d2cc68c0c8/CHANGES#L7

5.3.1 (2020-03-18)

• Prevents arbitrary code execution during python/object/new constructor yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• Use is instead of equality for comparing with None yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• fix typos and stylistic nit yaml/pyyaml#270 -- fix typos and stylistic nit
• Fix up small typo yaml/pyyaml#309 -- Fix up small typo
• Fix handling of __slots__ yaml/pyyaml#161 -- Fix handling of slots
• Allow calling add_multi_constructor with None yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• Add use of safe_load() function in README yaml/pyyaml#285 -- Add use of safe_load() function in README
• Fix reader for Unicode code points over 0xFFFF yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF
• Enable certain unicode tests when maxunicode not > 0xffff yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff
• Use full_load in yaml-highlight example yaml/pyyaml#359 -- Use full_load in yaml-highlight example
• Document that PyYAML is implemented with Cython yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython
• Fix for Python 3.10 yaml/pyyaml#329 -- Fix for Python 3.10
• increase size of index, line, and column fields yaml/pyyaml#310 -- increase size of index, line, and column fields
• remove some unused imports yaml/pyyaml#260 -- remove some unused imports
• Create timezone-aware datetimes when parsed as such yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such
• Add tests for timezone yaml/pyyaml#363 -- Add tests for timezone

5.2 (2019-12-02)

• Repair incompatibilities introduced with 5.1. The default Loader was changed,
  but several methods like add_constructor still used the old default
  A more flexible fix for custom tag constructors yaml/pyyaml#279 -- A more flexible fix for custom tag constructors
  Change default loader for yaml.add_constructor yaml/pyyaml#287 -- Change default loader for yaml.add_constructor
  Change default loader for add_implicit_resolver, add_path_resolver yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver
• Make FullLoader safer by removing python/object/apply from the default FullLoader
  Move constructor for object/apply to UnsafeConstructor yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor
• Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
  Fix logic for quoting special characters yaml/pyyaml#276 -- Fix logic for quoting special characters
• Other PRs:
  Update CHANGES for 5.1 yaml/pyyaml#280 -- Update CHANGES for 5.1

[Eric-Arellano]

How about we use PyYAML>=5.3.1,<5.4? Then we give slightly more flexibility for library users and still get a fairly tight pin for people using Pants as a binary.

[Eric-Arellano]

Thank you!

If you feel compelled, please generally feel free to loosen some of these pins like you're doing here. We haven't yet reached consensus about allowing really loose pins, like PyYAML>=5.3,<6, but some flexibility in patch versions is non-controversial, I think.

[stuhood]

If you feel compelled, please generally feel free to loosen some of these pins like you're doing here. We haven't yet reached consensus about allowing really loose pins, like PyYAML>=5.3,<6, but some flexibility in patch versions is non-controversial, I think.

Until we have lockfiles enabled, IMO its best to continue to treat our requirements as standins for lockfiles, and keep narrow ranges.

[asherf]

ping

[stuhood]

Good to go from my perspective: CI is a little backed up right now, so I'll merge this after hours.