Commit Graph

216 Commits

Author SHA1 Message Date
Tina Müller
07c88c6c1b Allow to turn off sorting keys in Dumper 2019-03-08 09:09:48 -08:00
Jon Dufresne
611ba39507 Include license file in the generated wheel package
The wheel package format supports including the license file. This is
done using the [metadata] section in the setup.cfg file. For additional
information on this feature, see:

https://wheel.readthedocs.io/en/stable/index.html#including-the-license-in-the-generated-wheel-file

Distributing the wheel now complies with the license:

> The above copyright notice and this permission notice shall be
> included in all copies or substantial portions of the Software.
2019-03-08 09:09:48 -08:00
Tina Müller
857dff153d Apply FullLoader/UnsafeLoader changes to lib3 2019-03-08 09:09:48 -08:00
Ingy döt Net
0cedb2a069 Deprecate/warn usage of yaml.load(input)
The `load` and `load_all` methods will issue a warning when they are
called without the 'Loader=' parameter. The warning will point to a URL
that is always up to date with the latest information on the usage of
`load`.

There are several ways to stop the warning:

* Use `full_load(input)` - sugar for `yaml.load(input, FullLoader)`
  * FullLoader is the new safe but complete loader class
* Use `safe_load(input)` - sugar for `yaml.load(input, SafeLoader)`
  * Make sure your input YAML consists of the 'safe' subset
* Use `unsafe_load(input)` - sugar for `yaml.load(input, UnsafeLoader)`
  * Make sure your input YAML consists of the 'safe' subset
* Use `yaml.load(input, Loader=yaml.<loader>)`
  * Or shorter `yaml.load(input, yaml.<loader>)`
  * Where '<loader>' can be:
    * FullLoader - safe, complete Python YAML loading
    * SafeLoader - safe, partial Python YAML loading
    * UnsafeLoader - more explicit name for the old, unsafe 'Loader' class
* yaml.warnings({'YAMLLoadWarning': False})
  * Use this when you use third party modules that use `yaml.load(input)`
  * Only do this if input is trusted

The above `load()` expressions all have `load_all()` counterparts.

You can get the original unsafe behavior with:
* `yaml.unsafe_load(input)`
* `yaml.load(input, Loader=yaml.UnsafeLoader)`

In a future release, `yaml.load(input)` will raise an exception.

The new loader called FullLoader is almost entirely complete as
Loader/UnsafeLoader but it does it avoids all known code execution
paths. It is the preferred YAML loader, and the current default for
`yaml.load(input)` when you get the warning.

Here are some of the exploits that can be triggered with UnsafeLoader
but not with FullLoader:
```
python -c 'import os, yaml; yaml.full_load("!!python/object/new:os.system [echo EXPLOIT!]")'`
python -c 'import yaml; print yaml.full_load("!!python/object/new:abs [-5]")'
python -c 'import yaml; yaml.full_load("!!python/object/new:eval [exit(5)]")' ; echo $?
python -c 'import yaml; yaml.full_load("!!python/object/new:exit [5]")' ; echo $?
2019-03-08 09:09:48 -08:00
scauligi
d13a3d0f96 Fix for bug https://github.com/yaml/pyyaml/issues/118 2019-02-27 18:07:29 -08:00
Florian Bruhin
9959328b41 Import Hashable from collections.abc
In Python 3.7, importing ABCs directly from the 'collections' module shows a
warning (and in Python 3.8 it will stop working) - see
c66f9f8d39

Since this is only done in lib3/ which is Python 3 only, we can unconditionally
import it from collections.abc instead.

This fixes the following DeprecationWarning:

.../site-packages/yaml/__init__.py:75: in load
    return loader.get_single_data()
.../site-packages/yaml/constructor.py:37: in get_single_data
    return self.construct_document(node)
.../site-packages/yaml/constructor.py:46: in construct_document
    for dummy in generator:
.../site-packages/yaml/constructor.py:398: in construct_yaml_map
    value = self.construct_mapping(node)
.../site-packages/yaml/constructor.py:204: in construct_mapping
    return super().construct_mapping(node, deep=deep)
.../site-packages/yaml/constructor.py:126: in construct_mapping
    if not isinstance(key, collections.Hashable):
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

name = 'Hashable'

    def __getattr__(name):
        # For backwards compatibility, continue to make the collections ABCs
        # through Python 3.6 available through the collections module.
        # Note, no new collections ABCs were added in Python 3.7
        if name in _collections_abc.__all__:
            obj = getattr(_collections_abc, name)
            import warnings
            warnings.warn("Using or importing the ABCs from 'collections' instead "
                          "of from 'collections.abc' is deprecated, "
                          "and in 3.8 it will stop working",
>                         DeprecationWarning, stacklevel=2)
E           DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
2019-02-27 18:06:38 -08:00
Ingy döt Net
ccc40f3e2b Reverting https://github.com/yaml/pyyaml/pull/74
Revert "Make pyyaml safe by default."

This reverts commit bbcf95fa05.
This reverts commit 7b68405c81.
This reverts commit 517e83e805.
2018-06-30 15:46:56 -07:00
Tina Müller
a9c28e0b52 Build libyaml on travis 2018-06-30 15:42:55 -07:00
Anthony Sottile
69244c1cb5 Install cython alongside tox 2018-06-30 22:49:26 +02:00
Tina Müller
d76d037119 Force cython when building sdist
Fixes #182
2018-06-30 22:49:22 +02:00
Alex Gaynor
d3eb7daf88 Changes for 4.1 release 2018-06-26 15:08:15 -07:00
Ingy döt Net
4c2e993321 Changes for 4.01 release
This is the first release under new maintainership. A bunch of things
involving resource URLs and copyright details needed updating; in
addition to the normal version and changelog updates.
2018-06-24 17:08:57 -06:00
Tina Müller
f6049c8cd6 Support escaped slash in double quotes "\/"
YAML 1.2 JSON compat
2018-06-24 22:15:31 +02:00
hugovk
e7a2f886d9 Drop unsupported Python 3.3
See: https://en.wikipedia.org/wiki/CPython#Version_history
2018-06-24 13:49:12 -06:00
Hugo
b6cbfeec35 Test on Python 3.7-dev
Add Python 3.7 classifier
2018-04-11 10:20:16 -07:00
Jon Dufresne
801288d796 Remove commented out Psyco code
From the Psyco website:

> 12 March 2012
>
> Psyco is unmaintained and dead. Please look at PyPy for the
> state-of-the-art in JIT compilers for Python.

http://psyco.sourceforge.net/
2018-04-11 10:02:31 -07:00
Ingy döt Net
0f2afdea77 Revert PR #150 per @asomov
and also explicitly return None if no tokens exist.

Also add a comment to show this.

This 'None' behavior should be tested at some point.
2018-04-10 16:51:43 -07:00
Andrey Somov
a02d17a027 Remove redundant code in Scanner.peek_token() 2018-03-28 10:07:27 +02:00
Donald Stufft
298e07907a Fallback to Pure Python if Compilation fails
Originally this code attempted to determine if compiling the C ext
would succeed, and if it thought it should, it would then require that
the C extension succeed in order to install. This fails in cases where
the detection code passes, but compiling ultimately fails (one instance
this might happen is if the Python headers are not installed).

Instead of "asking permission", this code will now just attempt to
compile the module, and will fall back to pure Python if that fails,
unless the person has explicitly asked for the C module, in which case
it will still just fail.
2017-09-11 19:23:05 -05:00
hsmtkk
802c4a6dac add 3.12 changelog 2017-09-11 19:22:44 -05:00
Alex Gaynor
bbcf95fa05 Now, for py3k! 2017-08-26 10:26:01 -05:00
Alex Gaynor
517e83e805 wtf, how did this typo happen 2017-08-26 10:26:01 -05:00
Alex Gaynor
7b68405c81 Make pyyaml safe by default.
Change yaml.load/yaml.dump to be yaml.safe_load/yaml.safe_dump, introduced yaml.danger_dump/yaml.danger_load, and the same for various other classes.

(python2 only at this moment)

Refs #5
2017-08-26 10:26:01 -05:00
Jakub Wilk
d856c206fd
Fix typos 2017-08-08 06:05:28 -05:00
Timofei Bondarev
ef744d8609
Improve RepresenterError creation 2017-08-08 06:02:01 -05:00
psanchez
2c55eb6749
Resolves #57, update readme issues link 2017-08-07 19:45:44 -05:00
Jon Dufresne
24979fb90a
Remove tox workaround for Travis CI
No longer necessary.
2017-08-07 19:42:48 -05:00
Jon Dufresne
2ed99483f1
Use Travis CI built in pip cache support
https://docs.travis-ci.com/user/caching/#pip-cache
2017-08-07 19:41:59 -05:00
Jon Dufresne
8bca3eb44d
Document and test Python 3.6 support 2017-08-07 19:40:58 -05:00
Peter Murphy
94c3f07465 Reverting README to old copy 2017-05-10 09:38:57 +10:00
Peter Murphy
c67d8df8e4 Suspicious 'expected an exception' messages trimmed 2017-05-10 07:53:42 +10:00
Peter Murphy
c60232d69a Added emoticon test data files (which will probably break testing) 2017-05-09 23:07:36 +10:00
Peter Murphy
cf1c86cb86 First attack at pyyaml does not support literals in unicode over codepoint 0xffff #25 2017-05-08 16:39:26 +10:00
Peter Murphy
a06c1f644b A change to a message 2017-05-07 08:53:49 +10:00
Daniel Beer
c5b135fe39 Allow colon in a plain scalar in a flow context (#45)
* Allow colon in a plain scalar in a flow context

* Restore behavior of flow mapping with empty value
2017-02-08 13:50:53 -06:00
Ian Cordasco
86a29eb50f
Install tox in a virtualenv
Since TravisCI has an extremely old version of PyPy, we need to use
pyenv to install a more recent version. However, pyenv's shims don't
persist between the install and script portions of Travis. So we have to
use a virtualenv so Travis can find the tox command.
2016-11-23 18:47:28 -06:00
Donald Stufft
2414cad1fc Add Travis Support 2016-09-12 08:28:09 -04:00
Donald Stufft
a27099bb68 Ignore common build/runtime artifacts 2016-09-12 08:21:24 -04:00
Donald Stufft
bdf0794358 Add a tox.ini to run tests 2016-09-12 08:20:01 -04:00
Kirill Simonov
93694d3e42 Added tag 3.12 for changeset 823acfc7b4ff 2016-08-28 18:55:34 -05:00
Kirill Simonov
7e026bfee9 Updated README and announcement. 2016-08-27 16:21:42 -05:00
Kirill Simonov
eb9932ac1c Fixed handling --verbose flag in the test appliance. 2016-08-25 22:24:45 -05:00
Kirill Simonov
37be8e0c17 Merged in scorphus/pyyaml (pull request #9)
scanner: use infinitive verb after auxiliary word could
2016-08-25 22:20:32 -05:00
Kirill Simonov
ca0ed1fefe Corrected libyaml definitions in _yaml.pxd. 2016-08-25 22:03:41 -05:00
Kirill Simonov
16bd7d06c2 Improved check for CPython (fixes issue #58). 2016-08-25 17:52:48 -05:00
Kirill Simonov
153a194e86 Adding an implicit resolver to a derived loader should not affect the base loader (fixes issue #57). 2016-08-25 17:42:41 -05:00
Kirill Simonov
c95586cfb6 Uniform representation for OrderedDict (fixes issue #61). 2016-08-25 17:30:28 -05:00
Kirill Simonov
f10d92f87b Fixed comparison to () (closes #64). 2016-08-25 16:27:19 -05:00
Kirill Simonov
d737907354 Fixed comparison to None warning (closes issue #64). 2016-08-25 15:55:09 -05:00
Kirill Simonov
7eeba34467 removed a test which fails when wheel is imported. 2016-06-16 23:01:38 -05:00