Python Forum

Full Version: Question about YAMLLoadWarning (PyYAML error / deprecated)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello everyone..

I have to be honest with you: I am totally new to Python and programming in general.

The other day my teacher at university told us to install Python and get started by installing Anaconda Navigator. Afterwards I wanted to verify my installation by starting the navigator from terminal on my Mac. Everything works fine but I am given the following error in the terminal while loading Anaconda Navigator:

//anaconda3/lib/python3.7/site-packages/anaconda_navigator/api/conda_api.py:1364: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
data = yaml.load(f)

I checked the link provided and I understand it is some kind of safety issue from 2006 (an exploit). But should I do something about it? Am I using this unsafe loader? I get the feeling that this error isn't relevant anymore in this version. I am a bit worried to be honest! I can choose to ignore it but I don't want to if I am not doing the right thing Tongue

My Python version is: 3.7.3. I also checked my yaml version by entering the conda list command. It says 0.1.7 but can this really be true? I thought the latest one was 1.2??

Thanks very much in advance and I apologize for my beginner question! I appreciate any help Big Grin
It's not unsafe, it's just that the author depreciated using yaml.load without specific loader=whatever clause apparently there was using just yaml.load is capable of being exploited, not so if loader= clause provided.
(Sep-09-2019, 01:44 AM)Larz60+ Wrote: [ -> ]It's not unsafe, it's just that the author depreciated using yaml.load without specific loader=whatever clause apparently there was using just yaml.load is capable of being exploited, not so if loader= clause provided.

Thanks very much for your reply. It makes sense! However, I just don't understand why that same yaml.load(f) command appears right below the warning? Do you know the reason for this? I am still learning Tongue
Quote:However, I just don't understand why that same yaml.load(f) command appears right below the warning?
Don't know, you would have to ask the author: [email protected]
(Sep-10-2019, 10:29 AM)Larz60+ Wrote: [ -> ]
Quote:However, I just don't understand why that same yaml.load(f) command appears right below the warning?
Don't know, you would have to ask the author: [email protected]

Thanks for your assistance Smile Much appreciated. I will forward my question to the author.