Breaking change with `Yaml.safe_load` #533

poloka · 2022-01-07T19:34:51Z

Issue

It looks like psych-4.x included a breaking change to how YAML.safe_load executes causing a wrong number of arguments error when using the old format for performing a safe_load. Take specific note of the differences in the following output on the testing of Testing 'YAML.safe_load' with options: ([], [], true) using psych-3.3.2 on 2.6.6 vs Testing 'YAML.safe_load' with options: ([], [], true) using psych-4.0.3 on 2.6.6.

Investigation

Using the following code:

require 'yaml'
require 'erb'

def file_path
  file_path = File.join(Dir.pwd, 'test.yml')
end

def safe_load_old(**options)
  puts '*' * 100
  puts "Testing 'YAML.safe_load' with options: ([], [], #{options[:aliases]}) using psych-#{Psych::VERSION} on #{RUBY_VERSION}"
  call_function do
    puts YAML.safe_load(ERB.new(File.read(file_path)).result, [], [], options[:aliases])
  end
end

def safe_load_new(**options)
  puts '*' * 100
  puts "Testing 'YAML.safe_load' with options: (#{options}) using psych-#{Psych::VERSION} on #{RUBY_VERSION}"
  call_function do
    puts YAML.safe_load(ERB.new(File.read(file_path)).result, **options)
  end
end

def call_function
  yield
rescue Psych::DisallowedClass, Psych::BadAlias, Errno::ENOENT, ArgumentError => e
  puts "Error loading the '#{file_path}' located at '#{file_path}'. #{e.message}"
  puts "Backtrace:\n\t#{e.backtrace.join("\n\t")}"
end

safe_load_old(aliases: false)
safe_load_old(aliases: true)
safe_load_new(aliases: false)
safe_load_new(aliases: true)

Loading the following file:

default: &default
 enabled: true
 output: <%= ENV['TIMBER_OUTPUT'] || 'STDOUT' %>
 format: <%= ENV['TIMBER_FORMAT'] || 'JSON' %>

development:
 <<: *default

staging:
 <<: *default

Ruby 2.6 with psych-3.3.2 output

****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], false) using psych-3.3.2 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. Unknown alias: default
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych.rb:362:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:12:in `block in safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:11:in `safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:31:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], true) using psych-3.3.2 on 2.6.6
{"default"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "development"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "staging"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}}
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>false}) using psych-3.3.2 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. Unknown alias: default
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-3.3.2/lib/psych.rb:362:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:20:in `block in safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:19:in `safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:33:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>true}) using psych-3.3.2 on 2.6.6
{"default"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "development"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "staging"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}}

Ruby 2.6 with psych-4.0.3 output

****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], false) using psych-4.0.3 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. wrong number of arguments (given 4, expected 1)
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych.rb:323:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:12:in `block in safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:11:in `safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:31:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ([], [], true) using psych-4.0.3 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. wrong number of arguments (given 4, expected 1)
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych.rb:323:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:12:in `block in safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:11:in `safe_load_old'
        /Users/gh7199/temp/psych_tests/safe_load.rb:32:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>false}) using psych-4.0.3 on 2.6.6
Error loading the '/Users/gh7199/temp/psych_tests/test.yml' located at '/Users/gh7199/temp/psych_tests/test.yml'. Unknown alias: default
Backtrace:
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `each_slice'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:343:in `revive_hash'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:30:in `visit'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/visitor.rb:6:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych/visitors/to_ruby.rb:35:in `accept'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/psych-4.0.3/lib/psych.rb:335:in `safe_load'
        /Users/gh7199/temp/psych_tests/safe_load.rb:20:in `block in safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:25:in `call_function'
        /Users/gh7199/temp/psych_tests/safe_load.rb:19:in `safe_load_new'
        /Users/gh7199/temp/psych_tests/safe_load.rb:33:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `require'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:395:in `block in load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `each'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:393:in `load_modules'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb/init.rb:21:in `setup'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/lib/irb.rb:412:in `start'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `load'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/irb:23:in `<main>'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `eval'
        /Users/gh7199/.rvm/gems/ruby-2.6.6@psych_tests/bin/ruby_executable_hooks:22:in `<main>'
****************************************************************************************************
Testing 'YAML.safe_load' with options: ({:aliases=>true}) using psych-4.0.3 on 2.6.6
{"default"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "development"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}, "staging"=>{"enabled"=>true, "output"=>"STDOUT", "format"=>"JSON"}}

The text was updated successfully, but these errors were encountered:

ixti · 2022-01-08T16:53:39Z

It's not only about safe_load it also breaks load and load_file as well when anchors are used:

# file: test.rb
require "yaml"

puts "RUBY:    #{RUBY_VERSION}"
puts "PSYCH:   #{Psych::VERSION}"
puts "LIBYAML: #{Psych::LIBYAML_VERSION}"

source = <<~YAML
  foo: &foo
    a: 1
    b: 2
  bar:
    <<: *foo
    a: 2
YAML

puts YAML.load(source)

$ chruby-exec ruby-3.0 -- ruby ./test.rb
RUBY:    3.0.3
PSYCH:   3.3.2
LIBYAML: 0.2.5
{"foo"=>{"a"=>1, "b"=>2}, "bar"=>{"a"=>2, "b"=>2}}

$ chruby-exec ruby-3.1 -- ruby ./test.rb
RUBY:    3.1.0
PSYCH:   4.0.3
LIBYAML: 0.2.5
/home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias': Unknown alias: foo (Psych::BadAlias)
	from /home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
	from /home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
	from /home/ixti/.rubies/ruby-3.1.0/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
        ...

colemannugent · 2022-01-14T19:19:23Z

Ran into this issue when devise_ldap_authenticatable attempted to parse a LDAP YAML config file that is almost identical to @poloka's original example.

It looks like load internally calls safe_load with a few preset options:

psych/lib/psych.rb

Lines 369 to 376 in ba203f1

    
           def self.load yaml, permitted_classes: [Symbol], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false, freeze: false 
        
             safe_load yaml, permitted_classes: permitted_classes, 
        
                             permitted_symbols: permitted_symbols, 
        
                             aliases: aliases, 
        
                             filename: filename, 
        
                             fallback: fallback, 
        
                             symbolize_names: symbolize_names, 
        
                             freeze: freeze

Based on a quick glance, it looks like this commit 1764942 8 months ago by @tenderlove is when this behavior was introduced.

I'm currently working around this by removing the anchor and aliases and manually duplicating some config.

I'm still kinda new to the Ruby software ecosystem, but this seems particularly annoying since most users of Psych don't pull it in as a gem and thus don't explicitly vendor it in their Gemfiles.

tenderlove · 2022-01-22T21:48:08Z

@colemannugent if the YAML documents you're loading are trusted (IOW can't be controlled by external users) you can use YAML.unsafe_load

colemannugent · 2022-01-27T19:22:06Z

@tenderlove In this case I'm not calling Psych directly. I ran into this issue when a gem I use (devise_ldap_authenticatable) attempted to parse a YAML config file that I used anchors and aliases in to avoid repetition.

It looks like the way to resolve this is to alert most downstream users of Psych that they'll have examine where they load YAML and determine if it's safe to use unsafe_load.

nbeyer · 2022-02-09T18:27:50Z

FWIW - A contributor to this situation is an update to rdoc for version 6.4. Version 6.4 of rdoc added a psych >= 4.0.0 dependency. It seems rdoc is requiring a major version change to a dependency in a minor version change.

dgm · 2022-02-28T15:56:43Z

I also ran into this from a github dependabot upgrade of rdoc. (sdoc -> rdoc -> psych)

Psych (aka YAML) 4.x included a breaking change to how `YAML.load` works In Psych 4.0, `load` calls `safe_load` under the hood, and is therefore "safe" by default, but that breaks configurations that support (among other things) aliases, which are disabled when using "safe" loading. `unsafe_load` is now the canonical way to load trusted documents (i.e., config files): ruby/psych#533 (comment) To ensure maximum compatibility with old versions of Psych, we also need to set a minimum version of Psych to ensure `unsafe_load` is defined. The methods were introduced in v3.3.2: ruby/psych@cb50aa8 Resolves #116

Psych (aka YAML) 4.x included a breaking change to how `YAML.load` works In Psych 4.0, `load` calls `safe_load` under the hood, and is therefore "safe" by default, but that breaks configurations that support (among other things) aliases, which are disabled when using "safe" loading. `unsafe_load` is now the canonical way to load trusted documents (i.e., config files): ruby/psych#533 (comment) To ensure maximum compatibility with old versions of Psych, we also need to set a minimum version of Psych to ensure `unsafe_load` is defined. The methods were introduced in v3.3.2: ruby/psych@cb50aa8 Resolves #60

ashish-dimri4 · 2022-05-18T15:00:23Z

sdoc -> rdoc -> psych

@dgm I also ran into this issue. Please guide if there is any solution.

Farom · 2022-05-24T07:17:56Z

This change breaks facter "custom facts" in production.

Please guide if there is any solution.

MadhuraVp7 · 2022-08-07T18:14:14Z

Hi is there any solution, Even I am facing similar kind of issue. Which is working fine locally but failing at Jenkins when running in a container.
Please find the error attached
Error: failed to execute "ruby": /usr/local/lib/ruby/2.7.0/psych.rb:577:in 'initialize': No such file or directory @ rb_sysopen - util/ccr_directory_mapping_v2.yaml (Errno::ENOENT) from /usr/local/lib/ruby/2.7.0/psych.rb:577:in 'open' from /usr/local/lib/ruby/2.7.0/psych.rb:577:in 'load_file'

poloka mentioned this issue Jan 19, 2022

Psych 4.x introduced breaking changes to YAML.load the breaks Rails.application.config_for when using aliases in yaml files rails/rails#44209

Closed

thefloweringash mentioned this issue Jan 21, 2022

Support ruby 3.1 with keyword arguments in YAML.safe_load iknow/loadable_config#12

Merged

olleolleolle mentioned this issue Jan 28, 2022

Use YAML.unsafe_load when available cschiewek/devise_ldap_authenticatable#275

Open

queimadus mentioned this issue Mar 24, 2022

Fix YAML safe_load call arguments adzerk/frise#26

Merged

liveh2o mentioned this issue Apr 26, 2022

Breaking changes in YAML loading (Psych) mxenabled/action_subscriber#116

Closed

yysaki mentioned this issue Apr 27, 2022

YAML.safe_load fails with Ruby 3.1 nishio-dens/convergence#83

Closed

This was referenced Apr 27, 2022

Fix YAML loading mxenabled/action_subscriber#117

Merged

Breaking changes in YAML loading (Psych) mxenabled/active_publisher#60

Closed

liveh2o mentioned this issue Apr 27, 2022

Fix YAML loading mxenabled/active_publisher#61

Merged

afdev82 mentioned this issue Jul 22, 2022

Compatibilty with Psych 4 (and Solidus v3.1.7) AlchemyCMS/alchemy_cms#2361

Closed

ruby locked and limited conversation to collaborators Aug 8, 2022

hsbt converted this issue into discussion #571 Aug 8, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

This issue was moved to a discussion.

Breaking change with `Yaml.safe_load` #533

Breaking change with `Yaml.safe_load` #533

poloka commented Jan 7, 2022

ixti commented Jan 8, 2022

colemannugent commented Jan 14, 2022

tenderlove commented Jan 22, 2022 •

edited

Loading

colemannugent commented Jan 27, 2022

nbeyer commented Feb 9, 2022 •

edited

Loading

dgm commented Feb 28, 2022

ashish-dimri4 commented May 18, 2022

Farom commented May 24, 2022

MadhuraVp7 commented Aug 7, 2022

This issue was moved to a discussion.

This issue was moved to a discussion.

Breaking change with Yaml.safe_load #533

Breaking change with Yaml.safe_load #533

Comments

poloka commented Jan 7, 2022

Issue

Investigation

Ruby 2.6 with psych-3.3.2 output

Ruby 2.6 with psych-4.0.3 output

ixti commented Jan 8, 2022

colemannugent commented Jan 14, 2022

tenderlove commented Jan 22, 2022 • edited Loading

colemannugent commented Jan 27, 2022

nbeyer commented Feb 9, 2022 • edited Loading

dgm commented Feb 28, 2022

ashish-dimri4 commented May 18, 2022

Farom commented May 24, 2022

MadhuraVp7 commented Aug 7, 2022

This issue was moved to a discussion.

Breaking change with `Yaml.safe_load` #533

Breaking change with `Yaml.safe_load` #533

tenderlove commented Jan 22, 2022 •

edited

Loading

nbeyer commented Feb 9, 2022 •

edited

Loading