From dbfc1aaec697b78573c18d83fd40ba66ff63c0b3 Mon Sep 17 00:00:00 2001
From: Javan lacerda <javanlacerda@google.com>
Date: Wed, 27 Mar 2024 14:01:44 +0000
Subject: [PATCH] scripts: dts: update pyyaml version

The currently used PyYaml version has some vulnerabilies as
described on the pull request description. It updates to
version 6.0, removing these supply chain vulnerabily.
The OSSF Scorecard was the tool used for discovering
 these vulnerabilties.

Signed-off-by: Javan lacerda <javanlacerda@google.com>
---
 doc/requirements.txt                   | 2 +-
 scripts/dts/python-devicetree/setup.py | 2 +-
 scripts/requirements-base.txt          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/requirements.txt b/doc/requirements.txt
index a105501486..9655cc6b43 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -11,7 +11,7 @@ sphinx-copybutton
 sphinx-togglebutton
 
 # YAML validation. Used by zephyr_module.
-PyYAML>=5.1
+PyYAML>=6.0
 pykwalify
 
 # Used by pytest-twister-harness plugin
diff --git a/scripts/dts/python-devicetree/setup.py b/scripts/dts/python-devicetree/setup.py
index 21315ed2b0..acafb4ad91 100644
--- a/scripts/dts/python-devicetree/setup.py
+++ b/scripts/dts/python-devicetree/setup.py
@@ -36,7 +36,7 @@ setuptools.setup(
         'Operating System :: Microsoft :: Windows',
     ],
     install_requires=[
-        'PyYAML>=5.1',
+        'PyYAML>=6.0',
     ],
     python_requires='>=3.6',
 )
diff --git a/scripts/requirements-base.txt b/scripts/requirements-base.txt
index 929a4de67d..813aabf312 100644
--- a/scripts/requirements-base.txt
+++ b/scripts/requirements-base.txt
@@ -8,7 +8,7 @@ pyelftools>=0.27
 
 # used by dts generation to parse binding YAMLs, also used by
 # twister to parse YAMLs, by west, zephyr_module,...
-PyYAML>=5.1
+PyYAML>=6.0
 
 # YAML validation. Used by zephyr_module.
 pykwalify