You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The README.md or some other docs should make it more obvious whether this is a fork of https://pyyaml.org/wiki/PyYAML (repo) and in which aspects it differs from it. This seems relevant due to
This is not a fork of PyYAML, it's a monkeypatch. It does not address any security vulnerabilities - if you're deserializing untrusted input, you should use the SafeLoader in oyaml just the same as you should in PyYAML.
Previous versions of PyYAML didn't preserve ordering on load, oyaml would patch that. If the version of PyYAML installed preserves ordering then using oyaml is unnecessary to patch loaders. In this case, the only aspect that differs would be the behavior for dumping. PyYAML sorts keys. collections.OrderedDict instances are dumped differently, oyaml will just represent them as normal maps, whereas yaml will either represent them as python objects (yaml.dump) or refuse to serialise them at all (yaml.safe_dump), raising a RepresenterError.
Note that even the most current PyYAML release (5.3.x) will sort keys by default:
>>> yaml.dump({"b":1, "a": 2})
'a: 2\nb: 1\n'
Since PyYAML 5.1 (2019), the sorting can be disabled by passing sort_keys=False, but older versions of PyYAML don't support that option. So, some users may still want to choose oyaml as a dependency if their code should be cross-compatible regardless of the underlying PyYAML installation.
The README.md or some other docs should make it more obvious whether this is a fork of https://pyyaml.org/wiki/PyYAML (repo) and in which aspects it differs from it. This seems relevant due to
The text was updated successfully, but these errors were encountered: