We switched to yaml.load when upgrading pyYAML to 5.4; moving back to full_load would provide some security enhancements but require changing how we represent as_of_time and feature lists in a way that would break compatibility with matrices generated by previous versions of triage, so we should decide if the improvements outweigh that cost.
See discussion associated with #835
We switched to
yaml.load
when upgradingpyYAML
to 5.4; moving back tofull_load
would provide some security enhancements but require changing how we representas_of_time
and feature lists in a way that would break compatibility with matrices generated by previous versions of triage, so we should decide if the improvements outweigh that cost.