Reconsider SafeYAML gem dependency #249
Description
This Issue is extracted from #241.
I think, SafeYAML is also deprecated in Ruby 2.3+.
Use YAML.safe_load instead of SafeYAML.load.
class ParseYaml < ResponseMiddleware
define_parser do |body, parser_options|
YAML.safe_load(body, **(parser_options || {}))
end
endBut there are two problems.
SafeYAML and YAML's option is not compatible.
This makes a breaking change.
- SafeYAML
:deserialize_symbols:whitelisted_tags:custom_initializers:raise_on_unknown_tag
- YAML
:permitted_classes:permitted_symbols:aliases:filename:fallback:symbolize_names
YAML.safe_load option is not compatible in Ruby 2.3-2.7
Supporting all of this is a bit too complicated.
2.3, 2.4:
def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil2.5: symbolize_names is added as kwargs
def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil, symbolize_names: false2.6+: all arguments are now kwargs
def self.safe_load yaml, permitted_classes: [], permitted_symbols: [], aliases: false, filename: nil, fallback: nil, symbolize_names: false