Python: Snyk reports kubernetes as using full_load, and then fails the snyk test

What happened (please include outputs or screenshots):

Ran Snyk against my code that uses kubernetes-client. Snyk says "Arbitrary Code Execution", "pyyaml is a YAML parser and emitter for Python.

"Affected versions of this package are vulnerable to Arbitrary Code Execution. It processes untrusted YAML files through the full_load method or with the FullLoader loader. This is due to an incomplete fix for CVE-2020-1747"

What you expected to happen:

No error

How to reproduce it (as minimally and precisely as possible):

Create a python project with kubernetes in requirements.txt. Run Snyk against the project

Anything else we need to know?:

I searched through kubernetes code. It looks like it does not in fact use full_load. Can you liaise with Snyk to figure out why they are reporting it as doing so please?

3.7.7:3.8.3 ~/git/kubernetes (master|✔)$ grep -r 'yaml.*load' . --include '*.py'
./examples/deployment_create.py:        dep = yaml.safe_load(f)
./kubernetes/utils/create_from_yaml.py:        yml_document_all = yaml.safe_load_all(f)
./kubernetes/e2e_test/test_utils.py:            yml_obj = yaml.safe_load(f)
./kubernetes/e2e_test/test_apps.py:            body=yaml.safe_load(deployment % name),
3.7.7:3.8.3 ~/git/kubernetes (master|✔)$ grep -r 'FullLoader' . --include '*.py'
3.7.7:3.8.3 ~/git/kubernetes (master|✔)$ grep -r 'full_load' . --include '*.py'

Environment:

• Kubernetes version (kubectl version): N/A
• OS (e.g., MacOS 10.13.6): ubuntu
• Python version (python --version) 3.7
• Python client version (pip list | grep kubernetes) 12.0.0