A few Python dependency vulnerabilities are currently reported in
pgweb by the 'safety'[1] check tool.
pgweb doesn't appear to be susceptible to any of these vulnerabilities
in practice; even so, this patch upgrades them to more recent versions
to reduce noise.
This was spotted after attempting an upgrade[2] of pycryptodomex in
the PGPerfFarm server code.
Note: As far as I can tell, we only use PyYAML in order to load Django
fixture data at development & server setup time; it's possible we
could reformat those fixtures as JSON and then remove the dependency
upon PyYAML.
[1] - https://pypi.org/project/safety/
[2] -
https://github.com/PGPerfFarm/pgperffarm_server/pull/66/files#diff-8a5b9809bec8e6161407b913f305ba3d6752fa0043d20753578bd15d34d8919aR5