A loader argument is now required to yaml.load(), which is more clearer written using their helper function yaml.safe_load(). The web page says that the full_load() function (which would be more backward-compatible) may be removed, so using safe_load() is more future-proof.
The use of safe_load() assumes that dependencies.yml uses standard YAML tags. The extra security is nice but mostly irrelevant since I don't expect "build-module" to be run on a malicious dependencies.yml. The primary motivation is that "build-module" simply doesn't work on some machines and gives warnings on others.
This PR fixes issue #1456, which is an error when "play build-module" is run on Python 3.7.11:
load() missing 1 required positional argument: 'Loader'This PR follows the recommendation given at https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
A loader argument is now required to yaml.load(), which is more clearer written using their helper function yaml.safe_load(). The web page says that the full_load() function (which would be more backward-compatible) may be removed, so using safe_load() is more future-proof.
The use of safe_load() assumes that dependencies.yml uses standard YAML tags. The extra security is nice but mostly irrelevant since I don't expect "build-module" to be run on a malicious dependencies.yml. The primary motivation is that "build-module" simply doesn't work on some machines and gives warnings on others.