Deprecation Warning about yaml.load()
Closed this issue · 4 comments
renky commented
Distribution: ubuntu 20.04
installed via apt
version: policyd-rate-limit_1.0.0-1_all.deb
policyd-rate-limit ist throwing a warning:
/usr/lib/python3/dist-packages/policyd_rate_limit/utils.py:88: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
self._config = yaml.load(f)
nitmir commented
I'll say FullLoader.
It's should not be a security issue as we do not load user crafted yaml (only the config wrotten by the admin), and it do not change the current behavior in case someone load some python structure.
I, personally, do not use python extended yaml, so SafeLoader will also work with my config. What do you think ?
renky commented
From my point of view I think what's not needed doesn't need to be loaded... so if SaveLoader is enough, I'd prefer that - just my 2 cents
P-EB commented
Let's go for a SafeLoader then. :)