The reason it isn’t fixed here is because yaml.load() is the problem with that module. The module comes with yaml.safe_load() which is the proper way to use it. While it’s fair that scanners are treating it as a vulnerability, the assumption that most have taken is “newer version fixes this” when all the newer versions really did was deprecate the usage of yaml.load().
I wouldn’t be concerned about this vulnerability. Almost all components of the distribution that uses pyyaml in some form will be using the “safe” form of loader.
It may be worth notifying the vendor (if you have a support contract with them) of this bugzilla.