Replaces unsafe yaml loaders with yaml.safe_load

[zythosec]

Fixes WB-9909

Description

What does the PR do?

FullLoader and Loader should not be used on untrusted data. While it can be argued that the config file can be "trusted" data, this PR replaces unsafe yaml.full_load and yaml.load with yaml.safe_load to eliminate the possibility of a malicious config file being run causing arbitrary code execution.

Testing

How was this PR tested?

make test

Checklist

• Include reference to internal ticket "Fixes WB-NNNN" (and github issue "Fixes #NNNN" if applicable)

[zythosec]

Open question: what warning was this? And do we actually use the functionality of full_load?

[dmitryduev]

It must have been a deprecation warning like shown here yaml/pyyaml#265

[codecov]

Codecov Report

Merging #3753 (9ab415e) into master (c682bb6) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #3753      +/-   ##
==========================================
+ Coverage   81.83%   81.84%   +0.01%     
==========================================
  Files         241      241              
  Lines       29771    29769       -2     
==========================================
+ Hits        24362    24364       +2     
+ Misses       5409     5405       -4     

Flag	Coverage Δ
functest	57.41% <100.00%> (+0.01%)	⬆️
unittest	72.09% <100.00%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
wandb/util.py	85.74% <100.00%> (+0.08%)	⬆️
wandb/sdk/service/server_sock.py	91.87% <0.00%> (-2.04%)	⬇️
wandb/sdk/lib/sock_client.py	92.50% <0.00%> (-1.67%)	⬇️
wandb/sdk/internal/stats.py	65.92% <0.00%> (-0.56%)	⬇️
wandb/sdk/lib/git.py	76.19% <0.00%> (ø)
wandb/sdk/wandb_run.py	89.50% <0.00%> (+0.25%)	⬆️
wandb/filesync/step_prepare.py	94.80% <0.00%> (+1.29%)	⬆️
wandb/sdk/internal/meta.py	90.06% <0.00%> (+3.10%)	⬆️

[dmitryduev]

It must have been a deprecation warning like shown here yaml/pyyaml#265