Update pyyaml requirement from >=6.0 to >=6.0.3

[dependabot]

Updates the requirements on pyyaml to permit the latest version.

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

6.0.1 (2023-07-18)

• yaml/pyyaml#702 -- pin Cython build dep to < 3.0

6.0 (2021-10-13)

• yaml/pyyaml#327 -- Change README format to Markdown
• yaml/pyyaml#483 -- Add a test for YAML 1.1 types
• yaml/pyyaml#497 -- fix float resolver to ignore . and ._
• yaml/pyyaml#550 -- drop Python 2.7
• yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
• yaml/pyyaml#556 -- fix representation of Enum subclasses
• yaml/pyyaml#557 -- fix libyaml extension compiler warnings
• yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
• yaml/pyyaml#561 -- always require Loader arg to yaml.load()
• yaml/pyyaml#564 -- remove remaining direct distutils usage

5.4.1 (2021-01-20)

• yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

• yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
• yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
• yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
• yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
• yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

• yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• yaml/pyyaml#270 -- Fix typos and stylistic nit
• yaml/pyyaml#309 -- Fix up small typo
• yaml/pyyaml#161 -- Fix handling of slots
• yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• yaml/pyyaml#285 -- Add use of safe_load() function in README
• yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

... (truncated)

Commits

• 49790e7 Release 6.0.3 (#889)
• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• c42fa3b 6.0.1 release
• ae08bdc block Cython 3.0+ as a build dep (#702)
• f873cfe Add python 3.11 support (#663)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Security Sentinel Report

Severity	Count
CRITICAL	54
HIGH	0
MEDIUM	9

Severity	Finding	File	Details
CRITICAL	Vulnerable dependency: cryptography	pyproject.toml	CVE-2026-34073: cryptography has incomplete DNS name constraint enforcement on peer names
CRITICAL	Vulnerable dependency: cryptography	pyproject.toml	CVE-2026-39892: Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34514: AIOHTTP has CRLF injection through multipart part content type header construction
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34517: AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34520: AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34518: AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34525: AIOHTTP accepts duplicate Host headers
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34513: AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34516: AIOHTTP has a Multipart Header Size Bypass
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34519: AIOHTTP has HTTP response splitting via \r in reason phrase
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-34515: AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windo
CRITICAL	Vulnerable dependency: aiohttp	pyproject.toml	CVE-2026-22815: aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage
CRITICAL	Vulnerable dependency: PyJWT	pyproject.toml	CVE-2026-32597: PyJWT accepts unknown crit header extensions
CRITICAL	Hardcoded secret	tests/test_tunnel_setup.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_tunnel_setup.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_tunnel_setup.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_tunnel_setup.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY
CRITICAL	Hardcoded secret	tests/test_channels.py	Pattern matched: (?:API_KEY

...and 47 more.
This PR is blocked by CRITICAL findings.