Update unsafe requirements

[mib1185]

Update py , pyyaml and jinja2 because of safety warnings:

nox > safety check --file=.nox/safety/tmp/requirements.txt --full-report
+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
| checked 85 packages, using default DB                                        |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| jinja2                     | 2.11.2    | >=0.0.0,<2.11.3          | 39525    |
+==============================================================================+
| This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS      |
| vulnerability of the regex is mainly due to the sub-pattern                  |
| [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to   |
| format user content instead of the urlize filter, or by implementing request |
| timeouts and limiting process memory. See CVE-2020-28493.                    |
+==============================================================================+
| py                         | 1.9.0     | <=1.9.0                  | 39253    |
+==============================================================================+
| A denial of service via regular expression in the py.path.svnwc component of |
| py (aka python-py) through 1.9.0 could be used by attackers to cause a       |
| compute-time denial of service attack by supplying malicious input to the    |
| blame functionality. See CVE-2020-29651.                                     |
+==============================================================================+
| pyyaml                     | 5.3.1     | <5.4                     | 39611    |
+==============================================================================+
| A vulnerability was discovered in the PyYAML library in versions before 5.4, |
| where it is susceptible to arbitrary code execution when it processes        |
| untrusted YAML files through the full_load method or with the FullLoader     |
| loader. Applications that use the library to process untrusted input may be  |
| vulnerable to this flaw. This flaw allows an attacker to execute arbitrary   |
| code on the system by abusing the python/object/new constructor. This flaw   |
| is due to an incomplete fix for CVE-2020-1747. See CVE-2020-14343.           |
+==============================================================================+
nox > Command safety check --file=.nox/safety/tmp/requirements.txt --full-report failed with exit code 255
nox > Session safety failed.

[mib1185]

@oncleben31 may be you could also have a look into this PR 😇