[Solved] Python calling yaml.load() without loader=… is deprecated

Starting from PyYAML version 6.0, calling yaml.load() without specifying the Loader argument is deprecated and will raise a warning. This is a security measure to prevent potential code execution vulnerabilities associated with the use of the old yaml.load() method, which could inadvertently execute arbitrary code from untrusted input.

To address this deprecation warning and improve security, you should explicitly provide a safe YAML loader, such as yaml.SafeLoader:

import yaml

data = """
key: value
"""

parsed_data = yaml.load(data, Loader=yaml.SafeLoader)

print(parsed_data)
Code language: Python (python)

In this example, the yaml.SafeLoader ensures that the YAML input is only parsed as data and not executed as code.

Keep in mind that using yaml.unsafe_load() is also an option if you are confident in the source and content of the YAML file, but this is generally discouraged unless you have a specific need for it and are certain of the potential risks.

Always prioritize security when loading YAML files or any other data from external sources into your Python programs.

Read More;

  • Muhammad Nabil

    I am a skilled and experienced Python developer with a huge passion for programming and a keen eye for details. I earned a Bachelor's degree in Computer Engineering in 2019 from the Modern Academy for Engineering and Technology. I am passionate about helping programmers write better Python code, and I am confident that I can make a significant contribution to any team. I am also a creative thinker who can come up with new and innovative ways to improve the efficiency and readability of code. My specialization includes Python, Django, SQL, Apache NiFi, Apache Hadoop, AWS, and Linux (CentOS and Ubuntu). Besides my passion for Python, I am a solo traveler who loves Pink Floyd, online video games, and Italian pizza.

    View all posts

Leave a Comment