Upgrade pyyaml to the latest version

[Kami]

This pull request updates pyyaml to the latest version.

Keep in mind that the security issue which has been addressed with a safer default doesn't affect any of our code since we already use yaml.safe_load everywhere, but it's still a good idea to upgrade to avoid pack content or similar using potentially unsafe yaml.load.

Sadly flex library depends on the old version of pyyaml so I needed to fork it so we can upgrade pyyaml in this repo. I tried to submit the change upstream, but it looks like the repo is not maintained anymore - https://github.com/pipermerriam/flex.

[blag]

I'm wondering if it might be easier to simply maintain the upstream project.

Edit: Meaning the flex project.

[blag]

@Kami I am now a maintainer for the flex project on GitHub and PyPI, and you should be added today or tomorrow.

Instead of maintaining our own fork, lets just maintain the upstream fork. People are more likely to submit PRs to the upstream project than to our fork, so instead of carrying 100% of the maintenance burden, we can get community involvement. Also note that the upstream project already has issues and PRs stacked up already, so we have immediate community involvement instead of having to cultivate our own.

I'll work on a PR for the upstream flex project.

[blag]

Upstream PR is here: pipermerriam/flex#213

Given that, I don't think we need our own fork anymore. 😄

[blag]

Tweaked the PR to use PyYAML between v4.2b and v5.1 (inclusive) and the current (v6.13.2) or the very next version (v6.13.3).

That way, when PyYAML 4.2b gets yanked from PyPI it doesn't break our build, and we don't have to revisit this when the flex PR gets merged and released to PyPI.

[Kami]

Great 👍

So we should be good to go once upstream change is merged and new version published to PyPi, right?

[blag]

Yep, exactly.