大约 5 小时前,版本 4.1.0
发布。它打破了我的单元测试。这是一个干净的 MVCE 显示:
版本 3.12:
>>> import numpy as np
>>> import yaml
>>> x = np.int64(2)
>>> yaml.dump(x, Dumper=yaml.Dumper)
'!!python/object/apply:numpy.core.multiarray.scalar\n- !!python/object/apply:numpy.dtype\n args: [i8, 0, 1]\n state: !!python/tuple [3, <, null, null, null, -1, -1, 0]\n- !!binary |\n AgAAAAAAAAA=\n'
版本 4.1.0:
>>> import numpy as np
>>> import yaml
>>> x = np.int64(2)
>>> yaml.dump(x, Dumper=yaml.Dumper)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/foo/anaconda3/envs/bar/lib/python3.6/site-packages/yaml/__init__.py", line 217, in dump
return dump_all([data], stream, Dumper=Dumper, **kwds)
File "/foo/anaconda3/envs/bar/lib/python3.6/site-packages/yaml/__init__.py", line 196, in dump_all
dumper.represent(data)
File "/foo/anaconda3/envs/bar/lib/python3.6/site-packages/yaml/representer.py", line 26, in represent
node = self.represent_data(data)
File "/foo/anaconda3/envs/bar/lib/python3.6/site-packages/yaml/representer.py", line 57, in represent_data
node = self.yaml_representers[None](self, data)
File "/foo/anaconda3/envs/bar/lib/python3.6/site-packages/yaml/representer.py", line 229, in represent_undefined
raise RepresenterError("cannot represent an object", data)
yaml.representer.RepresenterError: ('cannot represent an object', 2)
PyYAML
不再支持这些对象类型是否有明确的原因?
最佳答案
在 PyYAML 4.x 中,dump
是 safe_dump
的别名,它不会处理任意对象:
>>> yaml.dump is yaml.safe_dump
True
对旧的 3.x 行为使用 danger_dump
。
>>> yaml.danger_dump(x)
'!!python/object/apply:numpy.core.multiarray.scalar\n- !!python/object/apply:numpy.dtype\n args: [i8, 0, 1]\n state: !!python/tuple [3, <, null, null, null, -1, -1, 0]\n- !!binary |\n AgAAAAAAAAA=\n'
load
/safe_load
也是如此。找不到 4.1.0 的任何文档或发行说明,我只是通过挖掘提交 (here) 才发现的。
Is there a clear reason for why PyYAML no longer supports these object types?
是的。 yaml.load
允许任意代码执行,这样一个危险的功能应该只选择加入,不可能意外使用。按理说,从一开始就应该是这样的。
在当前的 PyYAML 5.x 中:您可以将加载器/转储器类指定为参数,而不是使用不同的函数:
yaml.dump(x, Dumper=yaml.Dumper) # like "danger dump"
yaml.dump(x, Dumper=yaml.SafeDumper) # like "safe_dump", won't dump python objs
与 3.x 一样,“危险”转储在 5.x 中仍然是默认值:
>>> yaml.dump(sys)
"!!python/module:sys ''\n"
>>> yaml.dump(sys, Dumper=yaml.SafeDumper)
RepresenterError: ('cannot represent an object', <module 'sys' (built-in)>)
关于python - 新的 PyYAML 版本在大多数自定义 python 对象上中断 - RepresenterError,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51053903/