Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

🐛 yaml.load is safe by default! Please stop using yaml.safeLoad!

See original GitHub issue

Hello there,

So I recently found an issue with the NPM package. Whenever I try to reinstall the module it goes all fine. When I run my code for the second time I keep getting an error from the node_modules\discord-giveaways\src\Constants.js file. The error has to do with the module js-yaml. For some reason I can’t find the code that’s giving me the errors in the GitHub repo, but I can find it in the installed module. The following code is giving me the error shown in attachments:

function loadFile(file) { return (myFile = yaml.safeLoad(fs.readFileSync(`${file}`, 'utf8'))) `}

js-yaml Doesn’t want to load the file because yaml.safeLoad is not supported anymore. The following code is a fix for the issue just I don’t know where to push it to. This fixes the issue and doesn’t remove any safety loading as yaml.load is safe by default

function loadFile(file) { return (myFile = yaml.load(fs.readFileSync(`${file}`, 'utf8'))) `}

I hope you can do anything with this issue/bug report

Attachments: Error Logs.txt Error Logs Trace-Warnings.txt

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:12

github_iconTop GitHub Comments

GamingMinebloxcommented, Apr 6, 2021

When I use the following command it downloads the normal file for 10 seconds and then the weird command shows up again:

git pull && npm install Androz2091/discord-giveaways#develop && node index.js

if I keep that as the startup command it works, but it almost hits the CPU limit for my bot (50% of one core) when i start it up.

I’ll try to find the origin of the issue and try to fix it as this isn’t a bug with discord-giveaways

GamingMinebloxcommented, Apr 6, 2021

I have, it doesn’t download it on that (it was downloaded outside of docker)

Read more comments on GitHub >

github_iconTop Results From Across the Web

yaml.load() without Loader=... is deprecated #462 - GitHub
My setup is a conda environment with python3.6 and bioconda-utils installed. Has anyone seen this problem before? or can point me in a...
Read more >
Python read YAML: where does it go wrong: with open() or ...
I have a script which loads a YAML file as an object. The related part is very simple: def run_test_spec(self, file_path): try: with...
Read more >
YAML: The Missing Battery in Python
In this tutorial, you'll learn how to work with YAML in Python using the available third-party libraries, with a focus on PyYAML.
Read more >
Loading Dangerously: PyYAML and Safety by Design
Part 2: Changing to Safe by Default: A PyYAML Story. Introducing PyYAML and YAML. PyYAML is a Python library for opening and creating...
Read more >
CVE-2017-18342 PyYAML: yaml.load() API could execute ...
Also note that the fact that yaml.load() is not safe has been known for centuries, so please don't rush with this fix: *...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found