I used yaml for some things back in the stone age (shout out to why the lucky stiff and syck). The more I used it, and the more I came in contact with it I started to dislike that it has so many features, and tries to be overly clever. I'm kind of surprised to see that it's making a comeback (or maybe it never went away).
You mean the executable YAML claims? Some are explicitly listed as for the older spec, but indeed a few are for 1.2. However...
If you configure your YAML loader to run arbitrary, input-controlled deserialization code, then of course you're opening a can of worms. Just, uh, don't do that for untrusted input maybe?
Is $programming_language terrible because some people run user input through eval?
The latest YAML (1.2 currently) gives you the option of doing all that stuff if you want. It's a bad implementation that decides to run random code by default, or heaven forbid, bakes such behavior in.
YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild. Kubernetes really brought it to center stage going on 10 years ago, but it's the config file format for many many applications these days.
That's not meant as an endorsement, just saying it's not "making a comeback" any more than Taylor Swift is in music. It's The Thing right now and has been for a while.
To _why the little stiff favor his libsyck never had the problems of later YAML extensions by Ingy, which should make them represent everything, but also made it totally insecure. That's why perl5 never really followed on to use the newer YAML specs and libraries for its cpan state files. syck was also much faster. I never bought the argument that it wasn't maintained anymore, I was not aware of any bugs.
> This tool is not yet officially supported by Google. It is currently maintained solely by @braydonk, and unless something changes primarily in spare time.
Just and FYI, whilst they are supporting it, they only provide source. If you want the images you need to be a paying customer, or build them yourself.
It's ungodly slow on large projects. I've been using `deno fmt` lately (despite not having any other use for deno), it reformat/checks thousands of files per second, and supports YAML too.
This says YAML support is behind an unstable flag, but I haven't been passing any flags. Works fine anyway.
https://noyaml.com/
reply