Skip to content

Reconsider SafeYAML gem dependency #249

Open
Open
Reconsider SafeYAML gem dependency#249
@olleolleolle

Description

@olleolleolle
olleolleolle
opened on Feb 24, 2020

This Issue is extracted from #241.

I think, SafeYAML is also deprecated in Ruby 2.3+.
Use YAML.safe_load instead of SafeYAML.load.

class ParseYaml < ResponseMiddleware
  define_parser do |body, parser_options|
    YAML.safe_load(body, **(parser_options || {}))
  end
end

But there are two problems.

SafeYAML and YAML's option is not compatible.

This makes a breaking change.

  • SafeYAML
    • :deserialize_symbols
    • :whitelisted_tags
    • :custom_initializers
    • :raise_on_unknown_tag
  • YAML
    • :permitted_classes
    • :permitted_symbols
    • :aliases
    • :filename
    • :fallback
    • :symbolize_names

YAML.safe_load option is not compatible in Ruby 2.3-2.7

Supporting all of this is a bit too complicated.

2.3, 2.4:

def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil

2.5: symbolize_names is added as kwargs

def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil, symbolize_names: false

2.6+: all arguments are now kwargs

def self.safe_load yaml, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions