[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1869982 - in /subversion/trunk/tools/dist: release-lines.yaml release.py

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 19 Nov 2019 17:13:17 +0000

julianfoad_at_apache.org wrote on Mon, 18 Nov 2019 17:00 +00:00:
> +++ subversion/trunk/tools/dist/release.py Mon Nov 18 17:00:16 2019
> @@ -70,43 +71,22 @@ except ImportError:
> +# Read the dist metadata (about release lines)
> +with open(get_dist_metadata_file_path(), 'r') as stream:
> + dist_metadata = yaml.load(stream)

yaml.load() is/was unsafe:

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation

yaml.safe_load() should be used instead.

----
Separately, at the risk of bikeshedding, I'd suggest to use json, for
two reasons:
- It's part of the Python stdlib.
- jq(1) exists.
(Yes, I'm happy to make the change myself if needed.)
Cheers,
Daniel
Received on 2019-11-19 18:13:42 CET

This is an archived mail posted to the Subversion Dev mailing list.