openstack/oslo.serialization
Code Issues Proposed changes

Deprecated the yamlutils module.

Browse Source 
The pyyaml is now safe by default:

https://github.com/yaml/pyyaml/pull/74/files
https://access.redhat.com/security/cve/CVE-2017-18342

So the yamlutils is now useless. We can depracated it and then remove it.

Change-Id: I4ecb34eee942c714d09d2258db80f5b8d61dec89
This commit is contained in:
Daniel Bengtsson 2020-02-13 14:28:56 +01:00
parent 741810aa44
commit 84363e91a0
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
oslo_serialization/yamlutils.py
View File

@ -18,9 +18,16 @@ of yaml manager in all the openstack projects.
Use this module inside openstack projects to handle yaml securely and properly.
"""
from debtcollector import removals
import yaml
removals.removed_module(
'oslo_serialization.yamlutils', version='3.0.0',
removal_version='4.0.0',
message='The oslo_serialization.yamlutils will be removed')
def load(stream, is_safe=True):
"""Converts a YAML document to a Python object.

1
requirements.txt
View File

@ -13,3 +13,4 @@ msgpack>=0.5.2 # Apache-2.0
oslo.utils>=3.33.0 # Apache-2.0
pytz>=2013.6 # MIT
PyYAML>=3.12 # MIT
debtcollector>=1.2.0 # Apache-2.0