Use yaml.safe_load/safe_dump for meta YAML#99
Merged
reneburghardt merged 1 commit intosensorium-competition:mainfrom Feb 28, 2026
Merged
Use yaml.safe_load/safe_dump for meta YAML#99reneburghardt merged 1 commit intosensorium-competition:mainfrom
reneburghardt merged 1 commit intosensorium-competition:mainfrom
Conversation
|
Found 1 changed notebook. Review the changes at https://app.gitnotebooks.com/sensorium-competition/experanto/pull/99 |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s meta-YAML read/write paths to use PyYAML’s safe_load / safe_dump, aligning with Issue #94’s security and portability goals (avoid arbitrary object construction and Python-specific YAML tags).
Changes:
- Replaced
yaml.dumpwithyaml.safe_dumpin test data generators that writemeta.ymlfiles. - Replaced
yaml.load(..., Loader=yaml.SafeLoader)withyaml.safe_loadinInterpolatormeta loading/dispatch logic. - Updated the sensorium interpolator demo notebook to use
yaml.safe_dumpwhen writing a meta file.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/create_time_intervals_data.py | Writes meta.yml via yaml.safe_dump for time-interval test fixtures. |
| tests/create_sequence_data.py | Writes meta.yml via yaml.safe_dump for sequence test fixtures. |
| tests/create_screen_data.py | Writes per-frame and root *.yml meta files via yaml.safe_dump. |
| experanto/interpolators.py | Uses yaml.safe_load for meta.yml reads (both load_meta and Interpolator.create). |
| examples/sensorium/interpolator_demo.ipynb | Writes meta YAML using yaml.safe_dump in the demo. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
reneburghardt
approved these changes
Feb 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaced
yaml.load/yaml.dumpwithyaml.safe_load/yaml.safe_dumpin meta YAML handling.Reason
safe_*functions are sufficient and more secure.Verification
pytestpasses locallyCloses #94