1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
3 NAMEBASE= python-ruamel.yaml
7 SDESC[v11]= YAML 1.2 parser/emitter (3.11)
8 SDESC[v12]= YAML 1.2 parser/emitter (3.12)
10 CONTACT= Python_Automaton[python@ironwolf.systems]
13 SITES[main]= PYPIWHL/4b/5d/678d7d15071816cb9a5e015fcd090ddc59a6a195ce8965363313e2044595
14 DISTFILE[1]= ruamel.yaml-0.18.3-py3-none-any.whl:main
19 OPTIONS_AVAILABLE= PY311 PY312
20 OPTIONS_STANDARD= none
21 VOPTS[v11]= PY311=ON PY312=OFF
22 VOPTS[v12]= PY311=OFF PY312=ON
24 DISTNAME= ruamel.yaml-0.18.3.dist-info
28 [PY311].RUN_DEPENDS_ON= python-ruamel.yaml.clib:single:v11
29 [PY311].USES_ON= python:v11,wheel
31 [PY312].RUN_DEPENDS_ON= python-ruamel.yaml.clib:single:v12
32 [PY312].USES_ON= python:v12,wheel
34 [FILE:3471:descriptions/desc.single]
37 `ruamel.yaml` is a YAML 1.2 loader/dumper package for Python.
38 <table class="docutils">
45 <tr> <td>documentation</td>
46 <td>https://yaml.readthedocs.io</td>
48 <tr> <td>repository</td>
49 <td>https://sourceforge.net/projects/ruamel-yaml</td>
52 <td>https://pypi.org/project/ruamel.yaml</td>
56 As announced, in 0.18.0, the old PyYAML functions have been deprecated.
57 (`scan`, `parse`, `compose`, `load`, `emit`, `serialize`, `dump` and their
59 (`_all`, `safe_`, `round_trip_`, etc)). If you only read this after your
61 stopped working: I am sorry to hear that, but that also means you, or the
63 developing your program, has not tested with warnings on (which is the
65 in PEP 565, and e.g. defaultin when using `pytest`). If you have troubles,
68 pip install "ruamel.yaml<0.18.0"
70 or put something to that effects in your requirments, to give yourself
71 some time to solve the issue.
73 There will be at least one more potentially breaking change in the 0.18
74 series: `YAML(typ='unsafe')`
75 now has a pending deprecation warning and is going to be deprecated,
76 probably before the end of 2023.
77 If you only use it to dump, please use the new `YAML(typ='full')`, the
78 result of that can be *safely*
79 loaded with a default instance `YAML()`, as that will get you inspectable,
80 tagged, scalars, instead of
81 executed Python functions/classes. (You should probably add constructors
82 for what you actually need,
83 but I do consider adding a `ruamel.yaml.unsafe` package that will re-add
84 the `typ='unsafe'` option.
85 *Please adjust/pin your dependencies accordingly if necessary.*
87 There seems to be a CVE on `ruamel.yaml`, stating that the `load()`
88 function could be abused
89 because of unchecked input. `load()` was never the default function (that
90 was `round_trip_load()`
91 before the new API came into existence`. So the creator of that CVE was ill
93 probably lazily assumed that since `ruamel.yaml` is a derivative of PyYAML
95 a similar CVE exists), the same problem would still exist, without
97 So the CVE was always inappriate, now just more so, as the call
98 to the function `load()` with any input will terminate your program with an
100 (have to) care about such things as this CVE, my recommendation is to stop
102 completely, as `pickle.load()` can be abused in the same way as `load()`
103 (and like unlike `load()`
104 is only documented to be unsafe, without development-time warning.
106 Version 0.17.21 was the last one tested to be working on Python 3.5 and
108 The 0.16.13 release was the last that was tested to be working on Python
111 There are two extra plug-in packages
112 (`ruamel.yaml.bytes` and `ruamel.yaml.string`)
113 for those not wanting to do the streaming to a
114 `io.BytesIO/StringIO` buffer themselves.
116 If your package uses `ruamel.yaml` and is not listed on PyPI, drop me an
117 email, preferably with some information on how you use the package (or a
118 link to the repository) and I'll keep you informed when the status of
119 the API is stable enough to make the transition.
125 Optional requirements
131 Working with Python classes
132 Dumping Python classes
138 b5d119e1f9678cf90b58f64bbd2a4e78af76860ae39fab3e73323e622b462df9 114666 ruamel.yaml-0.18.3-py3-none-any.whl