Fully loaded: testing vulnerable PyYAML versions

PyYAML's API has undergone significant scrutiny and updates to address deserialization vulnerabilities that could allow arbitrary code execution, particularly involving the yaml.load function. Historically, the function was deemed unsafe, leading to the introduction of FullLoader and UnsafeLoader classes to mitigate risks. Despite these efforts, vulnerabilities such as CVE-2020-1747 and CVE-2020-14343 were discovered, prompting further patches in version 5.4. Testing using Tox confirmed that while yaml.safe_load has consistently been secure across all versions, yaml.load and yaml.full_load became safe from known exploits post-version 5.4. As a result, Semgrep's Python YAML deserialization rule was updated to specifically alert on vulnerable APIs from version 5.4 onwards, encouraging users to either upgrade their PyYAML versions or ensure the use of safe_load for security.