security(chevron): use yaml.safe_load instead of yaml.load with configurable loader

[dfgvaetyj3456356-hash]

No description provided.

[greptile-apps]

Greptile Summary

This PR hardens YAML parsing in the chevron template renderer by replacing yaml.load(file, Loader=loader) with yaml.safe_load(file), eliminating the ability to pass an arbitrary YAML loader (including FullLoader or UnsafeLoader) that could deserialize arbitrary Python objects.

• Removes the --yaml-loader / -y CLI argument and the yaml_loader kwarg from main() and _load_data(), simplifying both the API and the CLI surface.
• A grep of the codebase confirms no existing callers pass yaml_loader to main(), so the removal is non-breaking.

Confidence Score: 5/5

Safe to merge — the change is a well-scoped security hardening with no functional regressions in this codebase.

The switch to yaml.safe_load is correct, the removed yaml_loader parameter has no callers anywhere in the repository, and the original lines were already marked # not tested. The simplification is clean with no observed side effects.

No files require special attention.

Important Files Changed

Filename	Overview
metaflow/plugins/cards/card_modules/chevron/main.py	Replaces yaml.load with yaml.safe_load and removes the configurable yaml_loader parameter from both the programmatic API and CLI; no existing callers in the codebase use the removed parameter

_{Reviews (1): Last reviewed commit: "security(chevron): use yaml.safe_load in..." | Re-trigger Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (master@4871fb1). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...etaflow/plugins/cards/card_modules/chevron/main.py	33.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #3216   +/-   ##
=========================================
  Coverage          ?   28.32%           
=========================================
  Files             ?      381           
  Lines             ?    52350           
  Branches          ?     9242           
=========================================
  Hits              ?    14826           
  Misses            ?    36584           
  Partials          ?      940           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.