Closed mbyczkowski closed 1 month ago
I think YAML.safe_load(yaml, [], [], true)
would probably work here. According to the documentation this particular invocation would allow for aliases in YAML files (the default for safe_load
is to raise an exception in such a case).
When I was upgrading the version of rubocop in #53, I've temporarily disabled a cop in https://github.com/square/rails-auth/blob/803225fed67091673a45439c915aed9abfc6faaf/lib/rails/auth/acl.rb#L21-L24, because I wasn't 100% sure on the implications of this change. Nonetheless, this should be something that someone should look at.