Use YAML.safe_load_file for import/export config (!117027) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-use-yaml-safe-load into master Apr 07, 2023

What does this MR do and why?

YAML.load_file in Psych v4, which is used by Ruby 3.1, defaults to YAML.safe_load_file (https://github.com/ruby/psych/issues/533). This change in behavior breaks the loading of the import_export.yml in Ruby 3.1+ and up. Fix this by using YAML.safe_load_file with aliases and symbols allowed.

Relates to #396231 (closed)

How to set up and validate locally

Check out this branch.
Create a project export.
Import the export.

See Ruby 3.1 pipelines in !114366 (closed).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 07, 2023 by Stan Hu

Use YAML.safe_load_file for import/export config

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports