Re: svn commit: r1869982 - in /subversion/trunk/tools/dist: release-lines.yaml release.py

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 19 Nov 2019 17:13:17 +0000

julianfoad_at_apache.org wrote on Mon, 18 Nov 2019 17:00 +00:00:
> +++ subversion/trunk/tools/dist/release.py Mon Nov 18 17:00:16 2019
> @@ -70,43 +71,22 @@ except ImportError:
> +# Read the dist metadata (about release lines)
> +with open(get_dist_metadata_file_path(), 'r') as stream:
> + dist_metadata = yaml.load(stream)

yaml.load() is/was unsafe:

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation

yaml.safe_load() should be used instead.

----
Separately, at the risk of bikeshedding, I'd suggest to use json, for
two reasons:
- It's part of the Python stdlib.
- jq(1) exists.
(Yes, I'm happy to make the change myself if needed.)
Cheers,
Daniel

Received on 2019-11-19 18:13:42 CET

This message: [ Message body ]
Next message: Julian Foad: "Re: svn commit: r1869982 - in /subversion/trunk/tools/dist: release-lines.yaml release.py"
Previous message: Daniel Shahaf: "Re: svn commit: r1869981 - /subversion/trunk/tools/dist/release.py"
Next in thread: Julian Foad: "Re: svn commit: r1869982 - in /subversion/trunk/tools/dist: release-lines.yaml release.py"
Reply: Julian Foad: "Re: svn commit: r1869982 - in /subversion/trunk/tools/dist: release-lines.yaml release.py"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]