FIX: #11

Noted by @chead in [Bug 11](#11). `PyYAML` v6.0 requires `yaml.load` to have a second argument. Switched to using `safe_load` to fix the argument issue as well as a potential security issue.
zabertech · Feb 7, 2023 · 0267c89 · 0267c89
1 parent c8fe725
commit 0267c89
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/VERSIONS.md b/VERSIONS.md
@@ -102,3 +102,7 @@ Update `pyproject.toml` to be a bit more strict about what python versions are b
     AttributeError: 'NoneType' object has no attribute 'name'
     ```
 
+## 30.0.20230207
+
+1. Noted by @chead in [Bug 11](https://github.com/zabertech/python-izaber/issues/11). `PyYAML` v6.0 requires `yaml.load` to have a second argument. Switched to using `safe_load` to fix the argument issue as well as a potential security issue.
+
diff --git a/izaber/zconfig.py b/izaber/zconfig.py
@@ -91,7 +91,7 @@ def load_config( self,
 
         if config_buffer:
             self._config_full_filname = None
-            self._cfg = yaml.load(config_buffer)
+            self._cfg = yaml.safe_load(config_buffer)
         else:
             self.config_fpath = self.config_find() \
                                           or os.path.join(self._config_dirs[0], \
@@ -373,7 +373,7 @@ def config_update_(self,config_amend):
 
         """
         if not isinstance(config_amend,dict):
-            config_amend = yaml.load(config_amend)
+            config_amend = yaml.safe_load(config_amend)
 
         def merge_dicts(source,target,breadcrumbs=None):
             """

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 [tool.poetry]
 name = "izaber"
 description = "Base load point for iZaber code"
-version = '3.0.20221124'
+version = '3.0.20230207'
 authors = ["Aki Mimoto <aki@zaber.com>"]
 
 [build-system]