psych: Release of 4.0.0 breaks yaml files with dates

With the release of 4.0.0, receiving the following error for yaml files with dates

Tried to load unspecified class: Date (Psych::DisallowedClass)

Yaml file that I am attempting to load is

---
date: 2013-10-16

I was able to reproduce locally between two project by simply running the following code

#!/usr/bin/env ruby
# frozen_string_literal: true

require 'yaml'

path = File.join(__dir__, 'file.yml')
data = YAML.load_file(path)
puts data

The version with a 3.3.2 loads as expected

> ./test.rb 
{"date"=>#<Date: 2013-10-16 ((2456582j,0s,0n),+0s,2299161j)>}

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (4 by maintainers)

Commits related to this issue

Most upvoted comments

@poloka It’s a major version change. You can choose whether or not to upgrade, and if you’d like to add those kind of warnings to the 3.x series, I’m happy to merge your pull requests! 😄

+12
tenderlove on May 14, 2021

@JonRowe we ran into psych being a transitive dependency from another project so we didn’t have knowledge of its version or had initial control over the version being taken. So we were blissfully unaware of the open-ended accepted versions.

Thanks @junaruga , yeah we utilize the lock in our Rails applications but not in our rubygems but luckily the issue we’ve run into is a development concern so we are able to direct our consumers to update the Gemfile to lock in and keep on working.

BTW, thanks for making it a MVB. I’ve run into other gems where breaking changes were in minor versions. Talk about a pain. Thanks guys for the direction!

+4
poloka on May 14, 2021

I ran into this while upgrading to Ruby 3.1 and I do feel that the messaging on this breaking change could be improved.

The Ruby 3.1.0 release notes list the breaking change as basically a footnote in the “Other changes” section and don’t provide a direct migration recommendation, they just link to an issue with discussion on whether Psych 4 should be included in Ruby 3.1 or not.

When going to the official documentation or to this repo I can’t find any official changelog or guide on what exactly changed. The releases tab on this repo also doesn’t have a changelog for 4.0.0.

It seems to me like Pull Request 487 is the most official looking warning/guide/documentation on what changed but it’s not prominently linked from the obvious places, so I think a lot of people will waste some time trying to find the relevant information about this change, like I did.

To be clear: I agree with the change and I’m thankful for the work done here, I’m just giving some (hopefully constructive) feedback on how the change was communicated.

+1
ric2b on May 16, 2022

Maybe I should phrase it more like this, it is a ‘courtesy’ to warn our consumers and if we know there is a breaking change that we provide migration guides to assist in the pains of pulling the rug out from under them. I’m just trying to follow best practices to my/our consumers in order to keep them productive and keep disruptions to a minimum. Just trying to give my $0.02 on the topic.

+1
poloka on May 14, 2021

@poloka I’m sure the maintainers would be happy to refund all of the money you gave them to use this gem

+1
jgaskins on May 14, 2021

@JonRowe I am very aware of semantic versioning practices but I also understand the responsibility of a developer to provide warnings of such breaking changes and documentation of said changes when they do occur. Neither has happened in regards to this breaking change. And yes, I will lock in the version to a 3.x until I have determined a way to remove psych from my tech stack.

+1
poloka on May 14, 2021
Read more comments on GitHub
← psych: Psych-based yaml in Ruby 1.9.3 too slow
psych: wrong line reported in 'did not find expected key while parsing a block mapping' →