Ruby 3.1’s incompatible changes to its YAML module (Psych 4)

Ruby 3.1’s incompatible changes to its YAML module (Psych 4).
Ruby made its YAML interpreter more secure by default at the cost of backward compatibility. Developers weren’t given heads up warning about the changes.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

2 Likes

Corresponding tweet for this thread:

Share link for this tweet.

2 Likes

Major version bumps are the time to do backwards incompatible changes! Now if only ruby had a tool like rust does to auto-migrate instead of just hoping you manually got it all and not get some weird crash at runtime later, lol.

But yeah, these look like some rather important and useful changes!

2 Likes

That sounds really cool! Any links?

2 Likes

It’s just part of the cargo fix command, it does all manner of things like fix obvious compilation errors to full things like completely read in the entire project as internal AST from one version of code and then spit it out as another version. Like here is how to use it to migrate to the latest edition (in short just run cargo fix --edition then update your Cargo.toml file to the latest edition, or see the advanced page for how to migrate to lower editions too), but it can do more than that as well. Basically cargo fix does all manner of things related to reading in the code as an AST and then working on it ‘as’ an AST before spitting it back out as a syntax file.

3 Likes