From 6a8a32d3a8310fbc564a649a389919ea2029ae6d Mon Sep 17 00:00:00 2001
From: alfarel <alfarelcynthesis@proton.me>
Date: Mon, 25 May 2026 22:24:03 -0400
Subject: [PATCH 1/2] convert-scheme: do not allow arbitrary python code
 execution

Probably not relevant, but there doesn't seem to be a reason
to use the full loader as far as I can tell...
---
 packages/convert-scheme/package.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/convert-scheme/package.nix b/packages/convert-scheme/package.nix
index eae23c9..121a54c 100644
--- a/packages/convert-scheme/package.nix
+++ b/packages/convert-scheme/package.nix
@@ -9,7 +9,7 @@ pkgs.writers.writePython3Bin "convert-scheme" {
 
   def yaml_to_json(yaml_file, json_file):
       with open(yaml_file, 'r') as yml_file:
-          data = yaml.load(yml_file, Loader=yaml.FullLoader)
+          data = yaml.safe_load(yml_file)
 
       with open(json_file, 'w') as json_file:
           json.dump(data, json_file, indent=4)

From 2220b3fa517c5c68ec693839ff7f302f939bc117 Mon Sep 17 00:00:00 2001
From: alfarel <alfarelcynthesis@proton.me>
Date: Mon, 25 May 2026 22:36:06 -0400
Subject: [PATCH 2/2] convert-scheme: fix pyyaml provisioning

---
 packages/convert-scheme/package.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/convert-scheme/package.nix b/packages/convert-scheme/package.nix
index 121a54c..5bdfb6a 100644
--- a/packages/convert-scheme/package.nix
+++ b/packages/convert-scheme/package.nix
@@ -1,6 +1,6 @@
 {pkgs, ...}:
 pkgs.writers.writePython3Bin "convert-scheme" {
-  libraries = with pkgs.python311Packages; [pyyaml];
+  libraries = with pkgs.python3Packages; [pyyaml];
   flakeIgnore = ["E302" "E305" "E501"];
 } ''
   import argparse