A schema and validator for YAML.
Full Changelog: https://github.com/23andMe/Yamale/compare/5.0.0...5.1.0
Supported python versions are now >= 3.8
Full Changelog: https://github.com/23andMe/Yamale/compare/4.0.4...5.0.0
Enable 'yamale -v' for version reporting.
Adds new constraint options for strings.
This release is created to address the following issue: https://github.com/23andMe/Yamale/issues/167
The change in PR https://github.com/23andMe/Yamale/pull/173 mitigates that specific issue. We are unaware of any backwards incompatibility with the introduction of this fix, but we wanted to increment the major version number in case there are users with more complex schemas than what we test again.
We've also included the following warning in our README:
⚠️ Ensure that your schema definitions come from internal or trusted sources. Yamale does not protect against intentionally malicious schemas.
This release fixes a bug where a well-formed schema file can execute arbitrary code on the system running Yamale.
Fixes #119, strict mode was not the default on the command line....but it was for the API. This fix ensures strict mode is the default in all uses.
Note: Due to a packaging bug, users running Python 2.x should pin the major version of Yamale to 2.x.
We're doing a major version jump to include the following changes:
--strict
command line is now replaced with --no-strict
for those that want the old behavior. See the README for more details.Ability to specify schema and data without a filename #104
Removed the printing of stacktraces to the command line (#83) Add support for a "key" constraint to the "map" validator (#95) Make any() accept anything (#93) Empty data file should fail if schema requires something (#81) Add a check for an empty schema file (#70)