From dbfc1aaec697b78573c18d83fd40ba66ff63c0b3 Mon Sep 17 00:00:00 2001
From: Javan lacerda <javanlacerda@google.com>
Date: Wed, 27 Mar 2024 14:01:44 +0000
Subject: [PATCH] scripts: dts: update pyyaml version

The currently used PyYaml version has some vulnerabilies as
described on the pull request description. It updates to
version 6.0, removing these supply chain vulnerabily.
The OSSF Scorecard was the tool used for discovering
 these vulnerabilties.

Signed-off-by: Javan lacerda <javanlacerda@google.com>
---
 doc/requirements.txt                   | 2 +-
 scripts/dts/python-devicetree/setup.py | 2 +-
 scripts/requirements-base.txt          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/requirements.txt b/doc/requirements.txt
index a1055014861a..9655cc6b43aa 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -11,7 +11,7 @@ sphinx-copybutton
 sphinx-togglebutton
 
 # YAML validation. Used by zephyr_module.
-PyYAML>=5.1
+PyYAML>=6.0
 pykwalify
 
 # Used by pytest-twister-harness plugin
diff --git a/scripts/dts/python-devicetree/setup.py b/scripts/dts/python-devicetree/setup.py
index 21315ed2b0ed..acafb4ad91ad 100644
--- a/scripts/dts/python-devicetree/setup.py
+++ b/scripts/dts/python-devicetree/setup.py
@@ -36,7 +36,7 @@
         'Operating System :: Microsoft :: Windows',
     ],
     install_requires=[
-        'PyYAML>=5.1',
+        'PyYAML>=6.0',
     ],
     python_requires='>=3.6',
 )
diff --git a/scripts/requirements-base.txt b/scripts/requirements-base.txt
index 929a4de67d4c..813aabf312d4 100644
--- a/scripts/requirements-base.txt
+++ b/scripts/requirements-base.txt
@@ -8,7 +8,7 @@ pyelftools>=0.27
 
 # used by dts generation to parse binding YAMLs, also used by
 # twister to parse YAMLs, by west, zephyr_module,...
-PyYAML>=5.1
+PyYAML>=6.0
 
 # YAML validation. Used by zephyr_module.
 pykwalify