openstack/oslo.serialization
Code Issues Proposed changes

Deprecated the yamlutils module.

Browse Source 
The pyyaml is now safe by default:

https://github.com/yaml/pyyaml/pull/74/files
https://access.redhat.com/security/cve/CVE-2017-18342

So the yamlutils is now useless. We can depracated it and then remove it.

Change-Id: I4ecb34eee942c714d09d2258db80f5b8d61dec89
This commit is contained in:
Daniel Bengtsson 2020-02-13 14:28:56 +01:00
parent 741810aa44
commit 84363e91a0
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
oslo_serialization/yamlutils.py
View File

@ -18,9 +18,16 @@ of yaml manager in all the openstack projects.
Use this module inside openstack projects to handle yaml securely and properly. Use this module inside openstack projects to handle yaml securely and properly.
""" """
from debtcollector import removals
import yaml import yaml
removals.removed_module(
'oslo_serialization.yamlutils', version='3.0.0',
removal_version='4.0.0',
message='The oslo_serialization.yamlutils will be removed')
def load(stream, is_safe=True): def load(stream, is_safe=True):
"""Converts a YAML document to a Python object. """Converts a YAML document to a Python object.

1
requirements.txt
View File

@ -13,3 +13,4 @@ msgpack>=0.5.2 # Apache-2.0
oslo.utils>=3.33.0 # Apache-2.0 oslo.utils>=3.33.0 # Apache-2.0
pytz>=2013.6 # MIT pytz>=2013.6 # MIT
PyYAML>=3.12 # MIT PyYAML>=3.12 # MIT
debtcollector>=1.2.0 # Apache-2.0