psych icon indicating copy to clipboard operation
psych copied to clipboard

Published 20 hours ago verified publisher icon ruby

Alias names are too permissive in SnakeYAML-Engine

Open headius opened this issue 1 year ago • 1 comments
trafficstars

See original issue at jruby/jruby#8352.

The following YAML fails to parse in SnakeYAML-Engine, used by the JRuby Psych extension:

--- &1 !ruby/object:Set
hash:
  :one: true
  :two: true
  *1: true

This is due to a bug in SnakeYAML-Engine reported here: https://bitbucket.org/snakeyaml/snakeyaml-engine/issues/54/do-not-allow-colon-to-be-a-part-of-an

This will be fixed shortly in an upcoming release of SnakeYAML-Engine. Psych will need to be updated to the new version and released.

headius avatar Oct 06 '24 20:10 headius

The proper fix is to add a space after the alias:

  *1 : true

It's valid to have a colon in anchor names (and yes, I agree that it should have been forbidden, but it isn't).

perlpunk avatar Oct 06 '24 20:10 perlpunk

@asomov This is the Psych bug for the recent alias issue in SnakeYAML. Let us know if that fix is coming soon. Thank you!

headius avatar Oct 30 '24 02:10 headius

@headius finally: https://bitbucket.org/snakeyaml/snakeyaml-engine/issues/54/insert-a-trailing-space-when-an-alias-is-a

asomov avatar Oct 30 '24 15:10 asomov

@asomov Is that ready for testing on my end?

headius avatar Oct 30 '24 19:10 headius

@headius you can try the latest 2.9-SNAPSHOT

https://oss.sonatype.org/content/repositories/snapshots/org/snakeyaml/snakeyaml-engine/2.9-SNAPSHOT/

asomov avatar Oct 30 '24 20:10 asomov

@asomov Success! Combining your snapshot jar with my other fix jruby/jruby#8394, I can run the example from jruby/jruby#8352.

headius avatar Oct 30 '24 21:10 headius

@headius Great! Do you need an urgent release?

asomov avatar Oct 31 '24 03:10 asomov

@asomov I don't know how much of an issue this is for @mcorino.

Releasing for us would be the psych gem first and then adding that to the JRuby release, but with our next JRuby release a week away it's too close. So whenever you can release is fine for us, and I can update the gem the same day.

headius avatar Oct 31 '24 04:10 headius

@headius @asomov Fine by me.

mcorino avatar Oct 31 '24 07:10 mcorino

@headius @mcorino please ping me in advance (a week) to release when you need it (I will wait for other possible changes)

asomov avatar Oct 31 '24 08:10 asomov

@asomov @headius The issue is currently not blocking for me (I would like it fixed) so any time you get to it is fine by me.

mcorino avatar Oct 31 '24 15:10 mcorino

@asomov I don't think we've had any other changes come in, but we'd like to get this resolved now. When could you put out a release?

headius avatar Jan 15 '25 18:01 headius

@headius 2.9 (2025-01-15) released It may take some time to propagate the version https://central.sonatype.com/artifact/org.snakeyaml/snakeyaml-engine

asomov avatar Jan 15 '25 18:01 asomov

@asomov Thank you!

headius avatar Jan 15 '25 21:01 headius

@hsbt @tenderlove Is this case worth adding a test for?

headius avatar Jan 15 '25 22:01 headius

@hsbt @tenderlove Oh I also need a release 😀

I can do it if you prefer that.

headius avatar Jan 15 '25 22:01 headius

@headius go ahead and ship it!

tenderlove avatar Jan 16 '25 23:01 tenderlove

Psych 5.2.3 has been released! Thanks for the help everyone!

headius avatar Jan 17 '25 15:01 headius