-
Notifications
You must be signed in to change notification settings - Fork 913
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to yaml.safe_load(_all) to prevent YAMLLoadWarning #1688
Conversation
Thanks for the patch. Can you maybe also update the other places in this repo where these functions are used? |
I can have a look. Would you prefer this also to be updated in tests? |
Yes, that would be good. |
So I had not realized about the following (from https://wiki.ros.org/rosparam):
I'm doing some more changes to support this functionality while using the Furthermore I'll also try to see if there are other places where more features than the |
Additional question: which other tools aside of Edit: never mind, I see that also currently it is only supported in these 2, so I'll stick to that. |
Also added convenience functions for using this loader for reuse in `roslaunch`
So tests are passing now.
|
Changes look to me, since I'm getting a lot of YAMLLoadWarning in my console I hope to see this merged. |
@ros-pull-request-builder retest this please |
@dirk-thomas I processed your remarks and all checks have passed. Would you mind doing another check and merging if it's good? |
Thank you for iterating on this. |
* Switch to yaml.safe_load(_all) to prevent YAMLLoadWarning * Change all usages of yaml.load to yaml.safe_load * Extend PyYAML's SafeLoader and use it with `yaml.load` Also added convenience functions for using this loader for reuse in `roslaunch` * fix typo in rosparam.yaml_load_all * Modify Loader and SafeLoader in yaml module directly * Revert whitespace change * Revert unrelated change to import through global variable construction
Fixes #1686.
In yaml/pyyaml#265 it's stated that
safe_load
always existed for this reason, I did a quick double check and it traces back at least to 2006, so this might even be safe to backport to older releases.