Bump dependencies to avoid yaml.v3 vulnerability

[padamstx]

This PR bumps the versions of a few dependencies to try to avoid
using the yaml.v3@v3.0.0 dependency which has a CVE filed against it,
in favor of the 3.0.1 version which has been fixed.

Signed-off-by: Phil Adams phil_adams@us.ibm.com

[padamstx]

@casualjim Could you please take a look and if all is well, please merge and create a new release of the strfmt module. This is to avoid a CVE related to the yaml.v3@v3.0.0 module. Thanks!

[codecov]

Codecov Report

Merging #103 (6ce5980) into master (8ad3739) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #103   +/-   ##
=======================================
  Coverage   81.52%   81.52%           
=======================================
  Files          12       12           
  Lines        2019     2019           
=======================================
  Hits         1646     1646           
  Misses        295      295           
  Partials       78       78           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8ad3739...6ce5980. Read the comment docs.