Fix "play build-module" replacing instances of yaml.load with yaml.safe_load #1462
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes issue #1456, which is an error when "play build-module" is run on Python 3.7.11:
load() missing 1 required positional argument: 'Loader'
This PR follows the recommendation given at https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
A loader argument is now required to yaml.load(), which is more clearer written using their helper function yaml.safe_load(). The web page says that the full_load() function (which would be more backward-compatible) may be removed, so using safe_load() is more future-proof.
The use of safe_load() assumes that dependencies.yml uses standard YAML tags. The extra security is nice but mostly irrelevant since I don't expect "build-module" to be run on a malicious dependencies.yml. The primary motivation is that "build-module" simply doesn't work on some machines and gives warnings on others.