From 73914e79f7ba2aacfbfae216a966a0b4cd1d1b93 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Wed, 10 May 2023 17:46:16 -0400
Subject: [PATCH] [sonic_py_common] replace yaml.load to yaml.safe_load
 (#14991)

Why I did it
replace yaml.load to yaml.safe_load because yaml.safe_load is more secure

Work item tracking
Microsoft ADO (number only): 15022050
How I did it
How to verify it
Verified in DUT 201911 which yaml version < 5.1
---
 src/sonic-py-common/sonic_py_common/device_info.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sonic-py-common/sonic_py_common/device_info.py b/src/sonic-py-common/sonic_py_common/device_info.py
index e2f2271e7f72..a502d92066d6 100644
--- a/src/sonic-py-common/sonic_py_common/device_info.py
+++ b/src/sonic-py-common/sonic_py_common/device_info.py
@@ -345,7 +345,7 @@ def get_sonic_version_info():
         if yaml.__version__ >= "5.1":
             sonic_ver_info = yaml.full_load(stream)
         else:
-            sonic_ver_info = yaml.load(stream)
+            sonic_ver_info = yaml.safe_load(stream)
 
     return sonic_ver_info