Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

yaml.load(s, Loader=...) requires Loader= argument always #561

Merged
merged 4 commits into from Sep 23, 2021

Conversation

ingydotnet
Copy link
Member

No description provided.

@ingydotnet ingydotnet changed the base branch from master to release/6.0 September 22, 2021 22:59
Copy link
Member

@perlpunk perlpunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it would make sense to keep the warning for another while.
Note that yaml.add_constructor (and other methods) will add given constructors to Loader, FullLoader and UnsafeLoader, so people will be wondering why none of their custom constructors have an effect.
It should be recommended to only use add_constructor for a specific loader, and ideally to their own loader inheriting from one of the existing loaders.
While (hopefully) most users by now are using a specific loader for loading, there is still code out there that just disables the warning, and will stop working if they used custom constructors via yaml.add_constructor.
If something stops working and they enable warnings to investigate, they should be able to see a helpful message saying that the default loader has now been changed.

@ingydotnet
Copy link
Member Author

Maybe it would make sense to keep the warning for another while.

I'll add a warning if Full or Unsafe loaders had constructors added and load() is called without an explicit Loader=

@ingydotnet ingydotnet changed the title yaml.load(s) defaults to yaml.load(s, Loader=yaml.SafeLoader) yaml.load(s, Loader=...) requires Loader= argument always Sep 23, 2021
@ingydotnet
Copy link
Member Author

This started as load() defaults to Loader=SafeLoader but we all decided it was better to require Loader=... arg for load().

Copy link
Member

@perlpunk perlpunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a test for the missing argument case?

tests/lib/test_dump_load.py Show resolved Hide resolved
@@ -1,5 +1,5 @@

.PHONY: default build buildext force forceext install installext test testext dist clean
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this unintended stuff for this PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

@ingydotnet
Copy link
Member Author

Is there a test for the missing argument case?

Done in 1b2f534

@ingydotnet ingydotnet merged commit 1b2f534 into release/6.0 Sep 23, 2021
4 checks passed
@ingydotnet ingydotnet moved this from Review to Done in PyYAML 6.0 Release Planning Sep 23, 2021
@ingydotnet ingydotnet deleted the load-default-safe branch September 23, 2021 21:40
stuhood pushed a commit to pantsbuild/pants that referenced this pull request Oct 20, 2021
PyYAML 6:
```
6.0 (2021-10-13)

* yaml/pyyaml#327 -- Change README format to Markdown
* yaml/pyyaml#483 -- Add a test for YAML 1.1 types
* yaml/pyyaml#497 -- fix float resolver to ignore `.` and `._`
* yaml/pyyaml#550 -- drop Python 2.7
* yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
* yaml/pyyaml#556 -- fix representation of Enum subclasses
* yaml/pyyaml#557 -- fix libyaml extension compiler warnings
* yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
* yaml/pyyaml#561 -- always require `Loader` arg to `yaml.load()`
* yaml/pyyaml#564 -- remove remaining direct distutils usage
```
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Oct 23, 2021
Now uses "vendored" distutils from setuptools by default
rather than from Python stdlib.

Changes
=======

* yaml/pyyaml#327
  -- Change README format to Markdown
* yaml/pyyaml#483
  -- Add a test for YAML 1.1 types
* yaml/pyyaml#497
  -- fix float resolver to ignore `.` and `._`
* yaml/pyyaml#550
  -- drop Python 2.7
* yaml/pyyaml#553
  -- Fix spelling of “hexadecimal”
* yaml/pyyaml#556
  -- fix representation of Enum subclasses
* yaml/pyyaml#557
  -- fix libyaml extension compiler warnings
* yaml/pyyaml#560
  -- fix ResourceWarning on leaked file descriptors
* yaml/pyyaml#561
  -- always require `Loader` arg to `yaml.load()`
* yaml/pyyaml#564
  -- remove remaining direct distutils usage

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
jogo added a commit to jogo/slackminion that referenced this pull request Jan 11, 2022
* Fix `yaml TypeError: load() missing 1 required positional argument: 'Loader'` yaml/pyyaml#561
* wait for bot.run(), this broke when moving to asyncio
  `RuntimeWarning: coroutine 'Bot.run' was never awaited`
anoadragon453 added a commit to matrix-org/matrix-spec-proposals that referenced this pull request Feb 8, 2022
PyYAML 6.0 [requires](yaml/pyyaml#561) a Loader
argument to be passed to yaml.load. We could pass yaml.SafeLoader, or simply
use the yaml.safe_load method instead. This PR opts to do the latter for simplicity.

The previous default loader was yaml.Loader, and as such this PR changes the
behaviour to yaml.SafeLoader. I don't think this has any actual repurcussions
on the data that we're loading in however. https://msg.pyyaml.org/load has more
details, and even recommends that FullLoader no longer be used.
mtremer pushed a commit to ipfire/ipfire-2.x that referenced this pull request Feb 14, 2022
- Update from 3.13 to 6.0
- Update of rootfile
- Changelog
6.0 (2021-10-13)
* yaml/pyyaml#327 -- Change README format to Markdown
* yaml/pyyaml#483 -- Add a test for YAML 1.1 types
* yaml/pyyaml#497 -- fix float resolver to ignore `.` and `._`
* yaml/pyyaml#550 -- drop Python 2.7
* yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
* yaml/pyyaml#556 -- fix representation of Enum subclasses
* yaml/pyyaml#557 -- fix libyaml extension compiler warnings
* yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
* yaml/pyyaml#561 -- always require `Loader` arg to `yaml.load()`
* yaml/pyyaml#564 -- remove remaining direct distutils usage
5.4.1 (2021-01-20)
* yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it
5.4 (2021-01-19)
* yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
* yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
* yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
* yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
* yaml/pyyaml#378 -- Fix compatibility with Jython
5.3.1 (2020-03-18)
* yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor
5.3 (2020-01-06)
* yaml/pyyaml#290 -- Use `is` instead of equality for comparing with `None`
* yaml/pyyaml#270 -- Fix typos and stylistic nit
* yaml/pyyaml#309 -- Fix up small typo
* yaml/pyyaml#161 -- Fix handling of __slots__
* yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
* yaml/pyyaml#285 -- Add use of safe_load() function in README
* yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF
* yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff
* yaml/pyyaml#359 -- Use full_load in yaml-highlight example
* yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython
* yaml/pyyaml#329 -- Fix for Python 3.10
* yaml/pyyaml#310 -- Increase size of index, line, and column fields
* yaml/pyyaml#260 -- Remove some unused imports
* yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such
* yaml/pyyaml#363 -- Add tests for timezone
5.2 (2019-12-02)
* Repair incompatibilities introduced with 5.1. The default Loader was changed,
  but several methods like add_constructor still used the old default
  yaml/pyyaml#279 -- A more flexible fix for custom tag constructors
  yaml/pyyaml#287 -- Change default loader for yaml.add_constructor
  yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver
* Make FullLoader safer by removing python/object/apply from the default FullLoader
  yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor
* Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
  yaml/pyyaml#276 -- Fix logic for quoting special characters
* Other PRs:
  yaml/pyyaml#280 -- Update CHANGES for 5.1
5.1.2 (2019-07-30)
* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+
5.1.1 (2019-06-05)
* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1
5.1 (2019-03-13)
* yaml/pyyaml#35 -- Some modernization of the test running
* yaml/pyyaml#42 -- Install tox in a virtualenv
* yaml/pyyaml#45 -- Allow colon in a plain scalar in a flow context
* yaml/pyyaml#48 -- Fix typos
* yaml/pyyaml#55 -- Improve RepresenterError creation
* yaml/pyyaml#59 -- Resolves #57, update readme issues link
* yaml/pyyaml#60 -- Document and test Python 3.6 support
* yaml/pyyaml#61 -- Use Travis CI built in pip cache support
* yaml/pyyaml#62 -- Remove tox workaround for Travis CI
* yaml/pyyaml#63 -- Adding support to Unicode characters over codepoint 0xffff
* yaml/pyyaml#75 -- add 3.12 changelog
* yaml/pyyaml#76 -- Fallback to Pure Python if Compilation fails
* yaml/pyyaml#84 -- Drop unsupported Python 3.3
* yaml/pyyaml#102 -- Include license file in the generated wheel package
* yaml/pyyaml#105 -- Removed Python 2.6 & 3.3 support
* yaml/pyyaml#111 -- Remove commented out Psyco code
* yaml/pyyaml#129 -- Remove call to `ord` in lib3 emitter code
* yaml/pyyaml#149 -- Test on Python 3.7-dev
* yaml/pyyaml#158 -- Support escaped slash in double quotes "\/"
* yaml/pyyaml#175 -- Updated link to pypi in release announcement
* yaml/pyyaml#181 -- Import Hashable from collections.abc
* yaml/pyyaml#194 -- Reverting yaml/pyyaml#74
* yaml/pyyaml#195 -- Build libyaml on travis
* yaml/pyyaml#196 -- Force cython when building sdist
* yaml/pyyaml#254 -- Allow to turn off sorting keys in Dumper (2)
* yaml/pyyaml#256 -- Make default_flow_style=False
* yaml/pyyaml#257 -- Deprecate yaml.load and add FullLoader and UnsafeLoader classes
* yaml/pyyaml#261 -- Skip certain unicode tests when maxunicode not > 0xffff
* yaml/pyyaml#263 -- Windows Appveyor build

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>

 --git a/config/rootfiles/packages/python3-yaml b/config/rootfiles/packages/python3-yaml
x 0870a2346..bd4009a08 100644
* yaml/pyyaml#195 -- Build libyaml on travis
* yaml/pyyaml#196 -- Force cython when building sdist
* yaml/pyyaml#254 -- Allow to turn off sorting keys in Dumper (2)
* yaml/pyyaml#256 -- Make default_flow_style=False
* yaml/pyyaml#257 -- Deprecate yaml.load and add FullLoader and Uns
oader classes
* yaml/pyyaml#261 -- Skip certain unicode tests when maxunicode not
xffff
* yaml/pyyaml#263 -- Windows Appveyor build

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
woodsts pushed a commit to woodsts/buildroot that referenced this pull request Feb 21, 2022
… pyaml 6.0

Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/2088684091

python sample_python_pyyaml_dec.py
Traceback (most recent call last):
  File "/root/sample_python_pyyaml_dec.py", line 5, in <module>
    data = yaml.load(serialized)
TypeError: load() missing 1 required positional argument: 'Loader'

yaml.load() requires a loader argument since the move to version 6.0:
yaml/pyyaml#561

The test does not need the extra functionality of load(), so instead move to
the recommended safe_load().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
gnuoy pushed a commit to gnuoy/zaza-openstack-tests that referenced this pull request Mar 25, 2022
Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
ajkavanagh pushed a commit to openstack-charmers/zaza-openstack-tests that referenced this pull request Mar 25, 2022
* Use yaml.safe_load()

Pyyaml>=6.0 requires to pass the Loader arg to yaml.load(), switching to
yaml.safe_load() recovers the old and expected behavior.

yaml/pyyaml#561

Closes-Bug: #1951650

* Use snapshot_support=True for manila share type

The extra specs of a manila share type need to match the
share service's capabilities. [1]

[1] https://docs.openstack.org/manila/pike/admin/shared-file-systems-troubleshoot.html#id2

Closes-Bug: #1962204

Co-authored-by: Felipe Reyes <felipe.reyes@canonical.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
carlwgeorge added a commit to carlwgeorge/python-multipart that referenced this pull request Apr 20, 2022
yaml.load in PyYAML 6 requires a Loader argument.  PyYAML recommends
using SafeLoader, which is implied if you call yaml.safe_load instead.

yaml/pyyaml#561
https://msg.pyyaml.org/load

Fixes andrew-d#41
andrew-d pushed a commit to andrew-d/python-multipart that referenced this pull request Apr 20, 2022
yaml.load in PyYAML 6 requires a Loader argument.  PyYAML recommends
using SafeLoader, which is implied if you call yaml.safe_load instead.

yaml/pyyaml#561
https://msg.pyyaml.org/load

Fixes #41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants