remove PyYAML dependency due to security vulnerability

move const to root path for easier access
alpha-xone · Jan 5, 2019 · 12455ae · 12455ae
1 parent 89bdadd
commit 12455ae
Show file tree

Hide file tree

Showing 12 changed files with 61 additions and 44 deletions.
diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ Bloomberg data toolkit for humans
 
 - [pdbdp](https://github.com/matthewgilbert/pdblp) - pandas wrapper for Bloomberg Open API
 
-- numpy, pandas, pyyaml and pyarrow
+- numpy, pandas, ruamel.yaml and pyarrow
 
 ## Installation
 
@@ -39,6 +39,10 @@ pip install blpapi --index-url=https://bloomberg.bintray.com/pip/simple
 pip install xbbg
 ```
 
+## What's New
+
+_0.1.22_ - Remove PyYAML dependency due to security vulnerability
+
 ## Tutorial
 
 ```python

diff --git a/docs/index.rst b/docs/index.rst
@@ -31,7 +31,7 @@ Requirements
 
 - pdblp_ - pandas wrapper for Bloomberg Open API
 
-- numpy, pandas, pyyaml and pyarrow
+- numpy, pandas, ruamel.yaml and pyarrow
 
 .. _pdblp: https://github.com/matthewgilbert/pdblp
 .. _download: https://bloomberg.bintray.com/BLPAPI-Experimental-Generic/blpapi_cpp_3.12.2.1-linux.tar.gz
@@ -44,6 +44,11 @@ Installation
    pip install blpapi --index-url=https://bloomberg.bintray.com/pip/simple
    pip install xbbg
 
+What's New
+==========
+
+*0.1.22* - Remove PyYAML dependency due to security vulnerability
+
 Tutorial
 ========
 

diff --git a/requirements.txt b/requirements.txt
@@ -5,5 +5,5 @@ pandas>=0.23.4
 pdblp>=0.1.7
 pyarrow>=0.11.1
 pytz>=2018.7
-PyYAML>=3.13
+ruamel.yaml>=0.15.0
 pytest
diff --git a/venv/Pipfile b/venv/Pipfile
@@ -19,7 +19,7 @@ pandas = "*"
 blpapi = "*"
 pdblp = "*"
 pyarrow = "*"
-pyyaml = "*"
+ruamel-yaml = "*"
 
 [requires]
 python_version = "3.6"
diff --git a/venv/Pipfile.lock b/venv/Pipfile.lock
diff --git a/xbbg/blp.py b/xbbg/blp.py
@@ -3,8 +3,10 @@
 import sys
 import pytest
 
+from xbbg import const
 from xbbg.io import files, logs, storage
-from xbbg.core import utils, assist, const
+from xbbg.core import utils, assist
+
 from xbbg.core.timezone import DEFAULT_TZ
 from xbbg.core.conn import with_bloomberg, create_connection
 

diff --git a/xbbg/core/const.py → xbbg/const.py b/xbbg/core/const.py → xbbg/const.py
@@ -244,12 +244,9 @@ def market_timing(ticker, dt, timing='EOD', tz='local'):
         logger.error(f'required exchange info cannot be found in {ticker} ...')
         return ''
 
-    if timing == 'BOD':
-        mkt_time = exch.day[0]
-    elif timing == 'FINISHED':
-        mkt_time = exch.allday[-1]
-    else:
-        mkt_time = exch.day[-1]
+    mkt_time = {
+        'BOD': exch.day[0], 'FINISHED': exch.allday[-1]
+    }.get(timing, exch.day[-1])
 
     cur_dt = pd.Timestamp(str(dt)).strftime('%Y-%m-%d')
     if tz == 'local':

diff --git a/xbbg/core/intervals.py b/xbbg/core/intervals.py
@@ -3,8 +3,8 @@
 
 from collections import namedtuple
 
+from xbbg import const
 from xbbg.io import logs, param
-from xbbg.core import const
 
 Session = namedtuple('Session', ['start_time', 'end_time'])
 SessNA = Session(None, None)

diff --git a/xbbg/core/pdblp.py b/xbbg/core/pdblp.py
@@ -9,16 +9,13 @@ def start(self): return False
 
 class BCon(object):
 
-    def __init__(
-            self, host='localhost', port=8194, debug=False,
-            timeout=500, session=None, identity=None
-    ):
-        self.host = host
+    def __init__(self, port=8194, timeout=500, **kwargs):
+        self.host = kwargs.pop('host', 'localhost')
         self.port = port
-        self.debug = debug
         self.timeout = timeout
-        self.session = session
-        self.identity = identity
+        self.debug = kwargs.pop('debug', False)
+        self.session = kwargs.pop('session', None)
+        self.identity = kwargs.pop('identity', None)
         self._session = Session()
 
     @abstractmethod

diff --git a/xbbg/core/timezone.py b/xbbg/core/timezone.py
@@ -26,7 +26,7 @@ def get_tz(tz):
         >>> get_tz('BHP AU Equity')
         'Australia/Sydney'
     """
-    from xbbg.core.const import exch_info
+    from xbbg.const import exch_info
 
     if tz is None: return DEFAULT_TZ
 

diff --git a/xbbg/io/param.py b/xbbg/io/param.py
@@ -1,8 +1,9 @@
 import pandas as pd
 
-import yaml
 import os
 
+from ruamel.yaml import YAML
+
 from xbbg.io import files
 
 PKG_PATH = files.abspath(__file__, 1)
@@ -55,7 +56,7 @@ def _load_yaml_(file_name):
     if not os.path.exists(file_name): return dict()
 
     with open(file_name, 'r', encoding='utf-8') as fp:
-        return yaml.safe_load(fp)
+        return YAML().load(stream=fp)
 
 
 def to_hour(num):

diff --git a/xbbg/io/storage.py b/xbbg/io/storage.py
@@ -2,7 +2,8 @@
 
 import os
 
-from xbbg.core import utils, const, assist
+from xbbg import const
+from xbbg.core import utils, assist
 from xbbg.io import files, logs