[DRE-maint] Bug#1050867: support for YAML aliases broken by switch from safe_yaml to Psych
Sébastien Villemot
sebastien at debian.org
Wed Aug 30 15:05:07 BST 2023
Package: jekyll
Version: 4.3.1+dfsg-2
Severity: normal
Tags: patch
Dear Maintainers,
In jekyll 4.3.1+dfsg-1, a Debian-specific patch was added to rely on Psych
instead of safe_yaml for reading YAML files (see #1026427).
This change has however broken support for YAML aliases. More precisely, I’m no
longer able to use the minimal-mistakes theme, because this theme triggers the
parsing of the following YAML file:
https://github.com/mmistakes/minimal-mistakes/blob/master/_data/ui-text.yml
This YAML file has aliases (symbol names starting with an ampersand), which are
not supported by the Psych.safe_load() method with its default arguments. I
thus get this error message (truncated trace):
/usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias': Unknown alias: DEFAULT_EN (Psych::BadAlias)
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each_slice'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `revive_hash'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each_slice'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `revive_hash'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
from /usr/lib/ruby/3.1.0/psych.rb:335:in `safe_load'
from /usr/share/rubygems-integration/all/gems/jekyll-4.3.1/lib/jekyll/utils.rb:321:in `safe_load_yaml'
from /usr/share/rubygems-integration/all/gems/jekyll-4.3.1/lib/jekyll/utils.rb:330:in `safe_load_yaml_file'
[…]
An easy fix is to explicitly allow aliases. I attach a patch (which must be
applied on top of 0016-Drop-usage-of-safe_yaml.patch).
Thanks for your work,
--
⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀ https://www.debian.org
-------------- next part --------------
--- /usr/share/rubygems-integration/all/gems/jekyll-4.3.1/lib/jekyll/utils.rb 2023-04-16 23:35:56.000000000 +0200
+++ utils.rb 2023-08-30 15:56:26.028936881 +0200
@@ -318,7 +318,7 @@
# Safely load YAML strings
def safe_load_yaml(yaml)
- Psych.safe_load(yaml, :permitted_classes => [Date, Time])
+ Psych.safe_load(yaml, :permitted_classes => [Date, Time], aliases: true)
rescue ArgumentError
# Psych versions < 3.1 had a different safe_load API and used
# problematic language.
More information about the Pkg-ruby-extras-maintainers
mailing list