-
Notifications
You must be signed in to change notification settings - Fork 526
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incompatible changes in version 5.1 #265
Comments
Latest PyYAML (5.1) release breaks ansible-lint execution [1]. Let's stick to an older release to now. [1] yaml/pyyaml#265
Latest PyYAML (5.1) release breaks ansible-lint execution [1]. Let's stick to an older release to now. [1] yaml/pyyaml#265
Latest PyYAML (5.1) release breaks ansible-lint execution [1]. Let's stick to an older release to now. [1] yaml/pyyaml#265
Please see the update. If you are using |
yaml.load() has been deprecated in the patch yaml/pyyaml#265 Change-Id: I24dff0d25d6f8ae4a636b8c64e083fa7ff8603e7
Where are the docs maintained? Doesn't seem to be a part of this repository directly? Although the source link was updated for PyYAML-5.1.tar.gz on PyYAMLDocumentation the info remaining about |
I maintain this small library called saneyaml that is a wrapper of PyYAML to get "sane" defaults (mainly safe loading and block style defaults) at https://github.com/nexB/saneyaml This may be of help to some to see the changes needed to support both versions: As a side note, I wished I would not have had the need to write such a wrapper ;) |
Just to summarize the status of PRs: #273 was replaced with #279 These are all the open tasks in PyYAML release/5.2 branch. The branch also hasn't been touched since March. |
5.1.2 (which is now in meta-oe) is not really recommended by upstream due incompatibilities caused by the release, which are supposed to be fixed in 5.2, but which is pending to be released. More at yaml/pyyaml#265 Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
5.1.2 (which is now in meta-oe) is not really recommended by upstream due incompatibilities caused by the release, which are supposed to be fixed in 5.2, but which is pending to be released. More at yaml/pyyaml#265 Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
5.1.2 (which is now in meta-oe) is not really recommended by upstream due incompatibilities caused by the release, which are supposed to be fixed in 5.2, but which is pending to be released. More at yaml/pyyaml#265 Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
5.1.2 (which is now in meta-oe) is not really recommended by upstream due incompatibilities caused by the release, which are supposed to be fixed in 5.2, but which is pending to be released. More at yaml/pyyaml#265 Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
5.1.2 (which is now in meta-oe) is not really recommended by upstream due incompatibilities caused by the release, which are supposed to be fixed in 5.2, but which is pending to be released. More at yaml/pyyaml#265 Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
5.1.2 (which is now in meta-oe) is not really recommended by upstream due incompatibilities caused by the release, which are supposed to be fixed in 5.2, but which is pending to be released. More at yaml/pyyaml#265 Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Do you guys have an approximate release date for 5.2? My code is broken because of these issues. I need to know if I should search for another solution, or if I could wait for the new release. Thank you! |
I've been trying to get someone to confirm that 5.2 can just be cut as is now in #336 ... The branch has been sitting untouched for a while. |
I was able to talk to @ingydotnet and I'm trying to prepare a 5.2 release now |
We just released 5.2b1 https://pypi.org/project/PyYAML/5.2b1/ |
We released 5.2: https://pypi.org/project/PyYAML/5.2/ |
CentOS 8 ship with PyYAML 3.12 while I used some features introduced with 5.1, which are incompatible. See yaml/pyyaml#265.
Updates the PyYaml version to 5.1. Adds in YamlLoader as per yaml/pyyaml#292 Other incompatible changes were reviewed (yaml/pyyaml#265) and the yaml.Loader appears to the be only concern for now. [Resolves Sceptre#665]
The PyYAML release 5.1 adds some incompatible changes.
If you are getting problems with the new version, that can have several reasons, which are listed here.
Also note that there are things that still need to be fixed. Please wait for release 5.2 and see details at the bottom
The full list of merged PRs can be found here: https://github.com/yaml/pyyaml/blob/master/announcement.msg#L30
The two incompatible changes are:
load: Deprecate yaml.load and add FullLoader and UnsafeLoader classes
For the full story read #257 and #207
YAML is a serialization language, and the
yaml.load
method allowed to execute arbitrary function calls and import modules, which made it unsafe when loading untrusted YAML.With this release, it is deprecated to use yaml.load without a Loader argument and will issue a warning:
use
safe_load
/SafeLoader
yaml.safe_load()
always existed for that purpose, and most of you which are getting a warning now should be able to just replaceyaml.load
withyaml.safe_load
:use
full_load
/FullLoader
If you are actually using the serialization features (e.g.
!!python/object/...
tags) and want to load python objects, you should be fine with using theFullLoader
:FullLoader
is pretty safe, but not completely. For an attack, you would need touse
unsafe_load
/UnsafeLoader
There are two things that the
FullLoader
won't do, though:If you need this then you must:
yaml.Loader
will behave just likeyaml.UnsafeLoader
dump: Make default_flow_style=False
#256
YAML has two styles for collections: block and flow style.
The flow style looks a bit similar to JSON or to Python itself:
block key: { flow: mapping, more: items }
To save some space, the default for dumping was to use flow style on lists and dicts at the lowest level of a data structure, that means, that have no child nodes themselves:
yaml.dump(data, default_flow_style=None)
However, many people were using
default_flow_style=False
to avoid this, so the default didn't seem to be the best.We decided that we change the default in a major release:
yaml.dump(data, default_flow_style=False)
You can still get the old behaviour by using
None
instead ofFalse
.Other important changes
Breakages to be fixed in 5.2
When the default loader
yaml.Loader
foryaml.load()
was changed toFullLoader
, it was forgotten that there are two other places where we need to change the default:yaml.add_constructor
YAMLObject
which you can inherit from so thatfrom_yaml
andto_yaml
are calledAlso the logic for detecting special characters was broken, which results in strings with tabs (for example) to be dumped in plain style on python 2.7 on systems with
sys.maxunicode <= 0xffff
.PRs are ready:
#273
#274
#276
The text was updated successfully, but these errors were encountered: