PyYAML has a yaml.load() function that provides arbitrary code execution before PyYAML v4.1 and is therefore deprecated - as of v5.1 - with a single file argument as described in

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

A minimum safe version should be provided and the necessary changes in the function call argument list must be upstreamed.