[Debian-med-packaging] Bug#1022079: qcat: Uses deprecated yaml.load
Gordon Ball
gordon at chronitis.net
Wed Oct 19 20:08:51 BST 2022
Source: qcat
Version: 1.1.0-3
Severity: normal
X-Debbugs-Cc: gordon at chronitis.net
We hope to upgrade python3-yaml (aka pyyaml) to version 6 before the
freeze, per #1008262
Your package appears to use `yaml.load()` without specifying a `Loader=`
argument, which will become an error in pyyaml version 6. This should
have emitted a warning message since version 5.1 (from 2019).
In most cases this can be fixed by replacing `yaml.load` with
`yaml.safe_load`, unless the ability for yaml to create arbitrary python
objects is desirable.
Found in qcat/adapters.py:
https://sources.debian.org/src/qcat/1.1.0-3/qcat/adapters.py/?hl=37#L37
- the file contains several functions which do use yaml.load with a
Loader= argument, but one case that looks like it has no fallback and
would fail (in `yaml2adapter()`)
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-1-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Debian-med-packaging
mailing list