Replace yaml.load with yaml.safe_load for Enhanced Security

[aplastunov]

This pull request addresses a security vulnerability in our codebase by replacing the potentially unsafe yaml.load function with the safer yaml.safe_load. The yaml.load function, when used with untrusted input, can execute arbitrary code, leading to potential security risks. By switching to yaml.safe_load, we ensure that only a subset of the YAML language is parsed, effectively mitigating these risks.

Changes Made:

Replaced all instances of yaml.load with yaml.safe_load in the script. Updated the relevant test cases to align with the safe_load usage. Benefits:

Improves security by preventing arbitrary code execution. Maintains functionality while reducing risk from untrusted YAML inputs.

[dfana01]

This pull request addresses a security vulnerability in our codebase by replacing the potentially unsafe yaml.load function with the safer yaml.safe_load. The yaml.load function, when used with untrusted input, can execute arbitrary code, leading to potential security risks. By switching to yaml.safe_load, we ensure that only a subset of the YAML language is parsed, effectively mitigating these risks.

Changes Made:

Replaced all instances of yaml.load with yaml.safe_load in the script. Updated the relevant test cases to align with the safe_load usage. Benefits:

Improves security by preventing arbitrary code execution. Maintains functionality while reducing risk from untrusted YAML inputs.

Execute the pipeline locally to unblock the PR; I will check the issue with the open-source team.

adding 'pinterest_api_sdk-5302025191108.dist-info/WHEEL'
adding 'pinterest_api_sdk-5302025191108.dist-info/top_level.txt'
adding 'pinterest_api_sdk-5302025191108.dist-info/RECORD'
removing build/bdist.macosx-15.0-arm64/wheel
Successfully built pinterest_api_sdk-5302025191107.tar.gz and pinterest_api_sdk-5302025191108-py3-none-any.whl
ls -l dist
total 192
-rw-r--r--@ 1 dfana  staff  41356 May 30 19:11 pinterest_api_sdk-5302025191107.tar.gz
-rw-r--r--@ 1 dfana  staff  53066 May 30 19:11 pinterest_api_sdk-5302025191108-py3-none-any.whl
twine upload -r testpypi dist/*
Uploading distributions to https://test.pypi.org/legacy/
Enter your API token: 
Uploading pinterest_api_sdk-5302025191108-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 66.3/66.3 kB • 00:00 • 173.3 MB/s
Uploading pinterest_api_sdk-5302025191107.tar.gz
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 54.6/54.6 kB • 00:00 • 147.5 MB/s

View at:
https://test.pypi.org/project/pinterest-api-sdk/5302025191107/
https://test.pypi.org/project/pinterest-api-sdk/5302025191108/

[dfana01]

This pull request addresses a security vulnerability in our codebase by replacing the potentially unsafe yaml.load function with the safer yaml.safe_load. The yaml.load function, when used with untrusted input, can execute arbitrary code, leading to potential security risks. By switching to yaml.safe_load, we ensure that only a subset of the YAML language is parsed, effectively mitigating these risks.

Changes Made:

Replaced all instances of yaml.load with yaml.safe_load in the script. Updated the relevant test cases to align with the safe_load usage. Benefits:

Improves security by preventing arbitrary code execution. Maintains functionality while reducing risk from untrusted YAML inputs.