PR #22 merged an upgrade to PyYAML which broke our existing use of
yaml.load for configuration and state files.
Unfortunately, we can't use safe_load here because we make use of
defaultdict datastructures that don't work with this method:
yaml.constructor.ConstructorError: could not determine a constructor for the tag 'tag:yaml.org,2002:python/object/apply:collections.defaultdict'
So this PR explicitly uses the UnsafeLoader to load the config and state
files.
This should be fine, as we're not accepting any arbitrary data
from untrusted users for this configuration. Anyone who is using this
tool has Docker access, so should be assumed to be an administrator
anyway.
PR #22 merged an upgrade to PyYAML which broke our existing use of yaml.load for configuration and state files.
Unfortunately, we can't use safe_load here because we make use of
defaultdictdatastructures that don't work with this method:So this PR explicitly uses the UnsafeLoader to load the config and state files.
This should be fine, as we're not accepting any arbitrary data from untrusted users for this configuration. Anyone who is using this tool has Docker access, so should be assumed to be an administrator anyway.