Support Psych v4.0.0

Ruby master ships with Psych 4.0.0 which makes YAML.load defaults to safe mode (ruby/psych#487). Keep compatibility by using unsafe_load.
alpaca-tc · Jul 13, 2022 · 7eddfc2 · 7eddfc2
1 parent ffc9a46
commit 7eddfc2
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/figaro/application.rb b/lib/figaro/application.rb
@@ -57,7 +57,10 @@ def raw_configuration
     end
 
     def parse(path)
-      File.exist?(path) && YAML.load(ERB.new(File.read(path)).result) || {}
+      return {} unless File.exist?(path)
+
+      payload = ERB.new(File.read(path)).result
+      (YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(payload) : YAML.load(payload)) || {}
     end
 
     def global_configuration

diff --git a/spec/figaro/application_spec.rb b/spec/figaro/application_spec.rb
@@ -105,6 +105,17 @@ def yaml_to_path(yaml)
         expect(application.configuration).to eq("foo" => "bar")
       end
 
+      it "loads alias from YAML" do
+        application = Application.new(path: yaml_to_path(<<-YAML), environment: "development")
+default: &defaults
+  foo: bar
+development:
+  <<: *defaults
+YAML
+
+        expect(application.configuration).to eq("foo" => "bar")
+      end
+
       it "merges environment-specific values" do
         application = Application.new(path: yaml_to_path(<<-YAML), environment: "test")
 foo: bar