Skip to content

Use yaml.safe_load/safe_dump for meta YAML#99

Merged
reneburghardt merged 1 commit intosensorium-competition:mainfrom
Vrittigyl:use-yaml-safe-functions
Feb 28, 2026
Merged

Use yaml.safe_load/safe_dump for meta YAML#99
reneburghardt merged 1 commit intosensorium-competition:mainfrom
Vrittigyl:use-yaml-safe-functions

Conversation

@Vrittigyl
Copy link
Contributor

@Vrittigyl Vrittigyl commented Feb 27, 2026

Summary

Replaced yaml.load / yaml.dump with yaml.safe_load / yaml.safe_dump in meta YAML handling.

Reason

  • Prevents arbitrary object construction and avoids Python-specific YAML tags.
  • Meta files only require standard Python types, so safe_* functions are sufficient and more secure.

Verification

  • pytest passes locally

Closes #94

@gitnotebooks
Copy link

gitnotebooks bot commented Feb 27, 2026

Found 1 changed notebook. Review the changes at https://app.gitnotebooks.com/sensorium-competition/experanto/pull/99

Copilot AI reviewed Feb 28, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the project’s meta-YAML read/write paths to use PyYAML’s safe_load / safe_dump, aligning with Issue #94’s security and portability goals (avoid arbitrary object construction and Python-specific YAML tags).

Changes:

  • Replaced yaml.dump with yaml.safe_dump in test data generators that write meta.yml files.
  • Replaced yaml.load(..., Loader=yaml.SafeLoader) with yaml.safe_load in Interpolator meta loading/dispatch logic.
  • Updated the sensorium interpolator demo notebook to use yaml.safe_dump when writing a meta file.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/create_time_intervals_data.py Writes meta.yml via yaml.safe_dump for time-interval test fixtures.
tests/create_sequence_data.py Writes meta.yml via yaml.safe_dump for sequence test fixtures.
tests/create_screen_data.py Writes per-frame and root *.yml meta files via yaml.safe_dump.
experanto/interpolators.py Uses yaml.safe_load for meta.yml reads (both load_meta and Interpolator.create).
examples/sensorium/interpolator_demo.ipynb Writes meta YAML using yaml.safe_dump in the demo.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pollytur
pollytur approved these changes Feb 28, 2026
View reviewed changes
Copy link
Contributor

@pollytur pollytur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pollytur pollytur requested a review from schewskone February 28, 2026 12:09
@reneburghardt reneburghardt merged commit 2e63d69 into sensorium-competition:main Feb 28, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@reneburghardt reneburghardt reneburghardt approved these changes

@pollytur pollytur pollytur approved these changes

@schewskone schewskone Awaiting requested review from schewskone

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use yaml.safe_ functions

4 participants

@Vrittigyl @reneburghardt @pollytur