I used yaml for some things back in the stone age (shout out to why the lucky stiff and syck). The more I used it, and the more I came in contact with it I started to dislike that it has so many features, and tries to be overly clever. I'm kind of surprised to see that it's making a comeback (or maybe it never went away).
You mean the executable YAML claims? Some are explicitly listed as for the older spec, but indeed a few are for 1.2. However...
If you configure your YAML loader to run arbitrary, input-controlled deserialization code, then of course you're opening a can of worms. Just, uh, don't do that for untrusted input maybe?
Is $programming_language terrible because some people run user input through eval?
The latest YAML (1.2 currently) gives you the option of doing all that stuff if you want. It's a bad implementation that decides to run random code by default, or heaven forbid, bakes such behavior in.
YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild. Kubernetes really brought it to center stage going on 10 years ago, but it's the config file format for many many applications these days.
That's not meant as an endorsement, just saying it's not "making a comeback" any more than Taylor Swift is in music. It's The Thing right now and has been for a while.
To _why the little stiff favor his libsyck never had the problems of later YAML extensions by Ingy, which should make them represent everything, but also made it totally insecure. That's why perl5 never really followed on to use the newer YAML specs and libraries for its cpan state files. syck was also much faster. I never bought the argument that it wasn't maintained anymore, I was not aware of any bugs.
> This tool is not yet officially supported by Google. It is currently maintained solely by @braydonk, and unless something changes primarily in spare time.
Just and FYI, whilst they are supporting it, they only provide source. If you want the images you need to be a paying customer, or build them yourself.
It's ungodly slow on large projects. I've been using `deno fmt` lately (despite not having any other use for deno), it reformat/checks thousands of files per second, and supports YAML too.
This says YAML support is behind an unstable flag, but I haven't been passing any flags. Works fine anyway.
I used yaml for some things back in the stone age (shout out to why the lucky stiff and syck). The more I used it, and the more I came in contact with it I started to dislike that it has so many features, and tries to be overly clever. I'm kind of surprised to see that it's making a comeback (or maybe it never went away).
https://noyaml.com/
That site's listed complaints are all either about a really old YAML spec or about self-inflicted, unrelated technical debt.
Granted, Python and other popular languages are also on an ancient YAML version for some inexplicable reason...
The safety concerns are all about the later YAML specs, tags and code. That's why most stayed on the early version, with some white list API.
You mean the executable YAML claims? Some are explicitly listed as for the older spec, but indeed a few are for 1.2. However...
If you configure your YAML loader to run arbitrary, input-controlled deserialization code, then of course you're opening a can of worms. Just, uh, don't do that for untrusted input maybe?
Is $programming_language terrible because some people run user input through eval?
The latest YAML (1.2 currently) gives you the option of doing all that stuff if you want. It's a bad implementation that decides to run random code by default, or heaven forbid, bakes such behavior in.
YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild. Kubernetes really brought it to center stage going on 10 years ago, but it's the config file format for many many applications these days.
That's not meant as an endorsement, just saying it's not "making a comeback" any more than Taylor Swift is in music. It's The Thing right now and has been for a while.
YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild.
Ansible is another tool for devops that uses YAML extensively; it shipped in 2012.
To _why the little stiff favor his libsyck never had the problems of later YAML extensions by Ingy, which should make them represent everything, but also made it totally insecure. That's why perl5 never really followed on to use the newer YAML specs and libraries for its cpan state files. syck was also much faster. I never bought the argument that it wasn't maintained anymore, I was not aware of any bugs.
It really never went away.
Is 2001 the stone age now (the year YAML was conceived)?
> This tool is not yet officially supported by Google. It is currently maintained solely by @braydonk, and unless something changes primarily in spare time.
No thanks. I'm done after Kaniko. https://github.com/GoogleContainerTools/kaniko
fyi, the good chainguard folks (and former googlers who started kaniko) have forked kaniko
Blog post: https://www.chainguard.dev/unchained/fork-yeah-were-bringing...
The fork: https://github.com/chainguard-dev/kaniko
Just and FYI, whilst they are supporting it, they only provide source. If you want the images you need to be a paying customer, or build them yourself.
Of course Google is going to shelve it, but you're free to fork and carry on if needed...
Also available via Homebrew:
Why not use Prettier? Supports YAML since like 2020 - and does other languages too.
It's ungodly slow on large projects. I've been using `deno fmt` lately (despite not having any other use for deno), it reformat/checks thousands of files per second, and supports YAML too.
This says YAML support is behind an unstable flag, but I haven't been passing any flags. Works fine anyway.
https://docs.deno.com/runtime/reference/cli/fmt/
Ha, I use Deno just as a formatter also! It’s great for Markdown formatting.
The package pretty-quick speeds up prettier significantly
doesnt yq already do this? https://github.com/mikefarah/yq
we throw things through yq for formatting