Summary

Hi,
We have some code which triggered the unsafe-yaml-load rule

return yaml.load(f, Loader=yaml.cyaml.CSafeLoader)

S506 Probable use of unsafe loader `CSafeLoader` with `yaml.load`. Allows instantiation of arbitrary objects. Consider `yaml.safe_load`.
    --> sounds/models.py:2499:44
     |
2497 |         try:
2498 |             with open(analysis_filepath_base + ".yaml") as f:
2499 |                 return yaml.load(f, Loader=yaml.cyaml.CSafeLoader)
     |                                            ^^^^^^^^^^^^^^^^^^^^^^
2500 |         except Exception:
2501 |             pass
     |

Note that the warning is on the Loader parameter, not the call to yaml.load. I realise that this is because we use the path yaml.cyaml.CSafeLoader to specify the loader. If I update this to

return yaml.load(f, Loader=yaml.CSafeLoader)

Then there is no warning. I note that the pyyaml documentation doesn't mention the cyaml package, so I'm not sure why we originally wrote the code like this. In any case it's not a huge change for us to choose either yaml.safe_load or to specify the loader as yaml.CSafeLoader, but perhaps it makes sense for ruff to not trigger on the use of yaml.cyaml either.

Thanks