Description

PyYAML deprecated use of yaml.load() function without Loader argument since 5.1 (seedeprecation doc).

Fixes failing Codebuild unit tests (see failing Codebuild logs inPR #166)

Why is the change necessary?

Unit testtest_cloudformation_export_with_sagemaker_execution_role started failing on 10/14 due to upgrade of PyYAML from 5.4.41 to 6.0.0 with error:

TypeError: load() missing 1 required positional argument: 'Loader'

PyYAML introduced changes in 6.0.0 to always requireLoader arg toyaml.load() (seerelease notes). The use of yaml.load() without Loader argument has been deprecated with warning since 5.1, but was tolerated before the breaking change in v6.0.0.

Solution

Call yaml.safe_load() instead of yaml.load() which was deemed unsafe since its release in 2006.

PyYAML has always provided a safe_load function that can load a subset of YAML without exploit.

Updated existing tests instead of freezing PyYAML tov5.4.1 because:

1. yaml.safe_load() is safer than yaml.load() per PyYAML recommendation: it uses a SafeLoader instead of a FullLoader which allows exploits on untrusted input (see deprecationdoc for more details)
2. Requires minimal change: Only 2 tests call yaml.load()
   • test_cloudformation_export_with_simple_definition
   • test_cloudformation_export_with_sagemaker_execution_role

Testing

Ran the unit tests locally and confirmed they passed.

pip install ".[test]"tox -v tests/unit

Pull Request Checklist

Please check all boxes (including N/A items)

Testing

• Unit tests added -N/A
• Integration test added -N/A
• Manual testing - why was it necessary? could it be automated?

Documentation

• docs: All relevantdocs updated -N/A
• docstrings: All public APIs documented -N/A

Title and description

• Change type: Title is prefixed with change type: and followsconventional commits
• References: Indicate issues fixed via:Fixes #xxx -N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.