Comment 1 for bug 1839398

Converting to public as I've pushed a patch for this in https://review.opendev.org/c/openstack/oslo.config/+/776481

Also, it's not really a vulnerability in oslo.config itself, so it's probably just as well that our users be able to see that they should use a newer PyYAML.