PyYaml not using Yaml 1.2?
Lele Gaifax <lele at metapensiero.it>:
> leam hall <leamhall at gmail.com> writes:
>> Tracked down the GitHub repo (https://github.com/yaml/pyyaml) and it seems
>> to be gearing back up. I'll see what I can do to help.
> See also https://bitbucket.org/ruamel/yaml, a fork of PyYAML, it seems more
> actively maintained and already supports format 1.2.
BTW, happened to land on this blog posting that mentions a security
warning regarding PyYAML:
A suggested fix is to always use yaml.safe_load for handling YAML
serialization you can't trust. Still, the current PyYAML default
feels somewhat provoking considering other serialization libraries
tend to use dump/load function names for similar purposes, but in a