From 84363e91a063af99166a8ea1d2d70594540b4c8a Mon Sep 17 00:00:00 2001
From: Daniel Bengtsson <dbengt@redhat.com>
Date: Thu, 13 Feb 2020 14:28:56 +0100
Subject: [PATCH] Deprecated the yamlutils module.

The pyyaml is now safe by default:

https://github.com/yaml/pyyaml/pull/74/files
https://access.redhat.com/security/cve/CVE-2017-18342

So the yamlutils is now useless. We can depracated it and then remove it.

Change-Id: I4ecb34eee942c714d09d2258db80f5b8d61dec89
---
 oslo_serialization/yamlutils.py | 7 +++++++
 requirements.txt                | 1 +
 2 files changed, 8 insertions(+)

diff --git a/oslo_serialization/yamlutils.py b/oslo_serialization/yamlutils.py
index 6d6be40..d540164 100644
--- a/oslo_serialization/yamlutils.py
+++ b/oslo_serialization/yamlutils.py
@@ -18,9 +18,16 @@ of yaml manager in all the openstack projects.
 Use this module inside openstack projects to handle yaml securely and properly.
 """
 
+from debtcollector import removals
 import yaml
 
 
+removals.removed_module(
+    'oslo_serialization.yamlutils', version='3.0.0',
+    removal_version='4.0.0',
+    message='The oslo_serialization.yamlutils will be removed')
+
+
 def load(stream, is_safe=True):
     """Converts a YAML document to a Python object.
 
diff --git a/requirements.txt b/requirements.txt
index 8f3e493..f852d82 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,3 +13,4 @@ msgpack>=0.5.2 # Apache-2.0
 oslo.utils>=3.33.0 # Apache-2.0
 pytz>=2013.6 # MIT
 PyYAML>=3.12 # MIT
+debtcollector>=1.2.0 # Apache-2.0