In #59 you used ruamel as a default parser if present, and in setup.py and README.md files you blame that you use PyYAML by default.

Could you install ruamel by default and add PyYAML as an optional dependency?

According to release notes in 1.6, pyyaml is deprecated and will be replaced by ruamel in 1.7. pykwalify is still in 1.6 :)

I don't see any mentioning of this in README.md, github release notes and release notes on readthedocs site (both stable and unstable links).

I see only a mentioning that PyYAML is abandoned.

https://pykwalify.readthedocs.io/en/unstable/release-notes.html#nov-12-2016

1.5.2 release has specified that ruamel will be default in 1.7, but coupld be clarified in readme as well.
Feel free to do a pr. :)

If PyYAML was deprecated in 1.5.2, why it is still the default in setup and readme?

In principal there is a difference between "deprecated" and no longer supported. The idea i had when i put pyyaml as deprectaed in a earlier release was that to have both version supported over some time and/or major releases so that you could more easily do a upgrade from pyyaml to ruamel yaml within one release, but still maintain the support and compatibility with that old lib.

So basically the progress would be

1. Add support for ruamel yaml
2. Deprecate pyyaml
3. Make ruamel yaml the new default and pyyaml optinoal/supported
4. Remove explicit support for pyyaml, but possibly maintain it as long as ruamel yaml is compatible with pyyaml.

This would probably be done over 3 major releases if done properly.

In #59 you did it already up to third point. except the documentation.

Additionally, there's no developer choice which library to use for YAML. Some libraries did it with passing loads and dumps functions as a parameter with some known default. This is an easiest way to have something default and developer may choose something else.

Moreso, you distinguish for some unknown reason YAML and JSON while YAML is a superset of and whole syntax of JSON is supported.

There has never been a need for the developer to have any capability to choose any other YAML parser becuase there has only in general ever been one to choose from. There has been some cases where the open() function would benefit from some capability to open with different encodings. Pyyaml has for a very long time been the defacto standard yaml parser and using that one has been a good option and solution for 99% of people using this lib. When ruamel entered the scene it changed some things where support for both solutions has to exists.

The reason for the seperate yaml and json is becuase they work through 2 different parsers. I do not really care if pyyaml has the ability to understand json and the capability to parse it, because in all other places where you have the option to load json and yaml, you load json with the built-in json parser, and you load yaml with pyyaml. If i ask people or i tell that a lib has the capability to load the 2 different types, i would expect it to work in that way, unless it was explicitly stated otherwise that json was loaded with pyyaml as parser. This is not a thing that i will change.

@eirnym Fixed added to Master branch now to make it default, will be part of the next major release 1.8.0 that will drop pyyaml and make rumael.yaml the default. No ETA when it will be released.

A release, even just a point release, would be super nice! PyYaml apparently has a security issue: https://nvd.nist.gov/vuln/detail/CVE-2017-18342

It appears that pykwalify 1.7.0 may not be vulnerable due to its use of yaml.safe_load() instead of the unsafe yaml.load(). However, the vulnerabilities in PyYaml will likely increase over time since it's not maintained, so it would cut down on unnecessary risk to just drop the library altogether.