From 9fa630b983a6193b9b5dde4aa2c0ac3806071484 Mon Sep 17 00:00:00 2001
From: Colin Orr <colin.orr@gmail.com>
Date: Sat, 27 Jun 2020 17:57:51 +0100
Subject: [PATCH] Specify a loader when loading YAML

This addresses the following deprecation warning when loading the YAML:

```
YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the
default Loader is unsafe. Please read https://msg.pyyaml.org/load for full
details.
```

This change uses the `yaml.FullLoader` which avoids arbitrary code execution and
is the default loader called by `yaml.load(input)`.
---
 frontmatter/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontmatter/__init__.py b/frontmatter/__init__.py
index 619fabd..14e4fa2 100644
--- a/frontmatter/__init__.py
+++ b/frontmatter/__init__.py
@@ -34,7 +34,7 @@ def read(cls, string):
             fmatter = result.group(1)
             body = result.group(2)
         return {
-            "attributes": yaml.load(fmatter),
+            "attributes": yaml.load(fmatter, Loader=yaml.FullLoader),
             "body": body,
             "frontmatter": fmatter,
         }