Source: python-canmatrix Version: 0.9.5~github-2 Severity: normal X-Debbugs-Cc: gor...@chronitis.net
We hope to upgrade python3-yaml (aka pyyaml) to version 6 before the freeze, per #1008262 Your package appears to use `yaml.load()` without specifying a `Loader=` argument, which will become an error in pyyaml version 6. This should have emitted a warning message since version 5.1 (from 2019). In most cases this can be fixed by replacing `yaml.load` with `yaml.safe_load`, unless the ability for yaml to create arbitrary python objects is desirable. load() in https://sources.debian.org/src/python-canmatrix/0.9.5~github-2/src/canmatrix/formats/yaml.py/?hl=77#L77 appears to use unqualified yaml.load - and it looks like in this case the desired behaviour is probably not to use safe_load since _init_yaml() declares several tag types, but I think loading (if it is ever used) still needs an explicit Loader= argument. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-1-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
