You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2019/04/17 20:56:12 UTC

[GitHub] [airflow] feluelle commented on issue #5120: [AIRFLOW-4338] Change k8s pod_request_factory to use yaml safe_load

feluelle commented on issue #5120: [AIRFLOW-4338] Change k8s pod_request_factory to use yaml safe_load
URL: https://github.com/apache/airflow/pull/5120#issuecomment-484258154
 
 
   The issue I had was only related to mypy (I still don't get) but has been worked-around by using a shortcut function where mypy don't need to check the Loader classes. - So yes it is fixed.
   
   Just to summarize it for you:
   
   If we use the `FullLoader` / `load_full` we don't change any functionality. It just will fix the deprecation warning.
   > Loads the full YAML language. Avoids arbitrary code execution. This is currently (PyYAML 5.1) the default loader called by yaml.load(input) (after issuing the warning).
   
   If we use the `SafeLoader` / `load_safe` we may change functionality - but tests run successfully so it is probably fine.
   > Loads a subset of the YAML language, safely. This is recommended for loading untrusted input.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services