From 2f18e2dce93a136d62a5608615d126d3b7928a76 Mon Sep 17 00:00:00 2001
From: Stefano Frazzetto <StefanoFrazzetto@users.noreply.github.com>
Date: Thu, 21 Jan 2021 21:07:55 +0000
Subject: [PATCH] Replace unsafe yaml.Loader in config.from_yaml

As I mentioned in [here](https://github.com/ets-labs/python-dependency-injector/issues/369#issuecomment-764913870), Loader is not safe and can be easily exploited.
---
 src/dependency_injector/providers.pyx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dependency_injector/providers.pyx b/src/dependency_injector/providers.pyx
index af236816..2e803bf1 100644
--- a/src/dependency_injector/providers.pyx
+++ b/src/dependency_injector/providers.pyx
@@ -1336,7 +1336,7 @@ cdef class ConfigurationOption(Provider):
 
         try:
             with open(filepath) as opened_file:
-                config = yaml.load(opened_file, yaml.Loader)
+                config = yaml.load(opened_file, yaml.SafeLoader)
         except IOError:
             return