tag:github.com,2008:https://github.com/go-yaml/yaml/releases Tags from yaml 2022-05-27T08:35:30Z tag:github.com,2008:Repository/17451182/v3.0.1 2022-05-27T08:35:30Z v3.0.1: The Billion Dollar Mistake <p>The Billion Dollar Mistake</p> <p>To be fair, it only happens here because this is a C-style API that was <br />converted to Go but keeping its general shape. The proper fix, to be <br />done eventually, is to replace all these boolean error flags by proper <br />error types.</p> <p><span class="issue-keyword tooltipped tooltipped-se">Fixes</span> <a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/issues/665">#665</a></p> niemeyer tag:github.com,2008:Repository/17451182/v3.0.0 2022-05-21T10:33:21Z v3.0.0 niemeyer tag:github.com,2008:Repository/17451182/v2.4.0 2020-11-17T15:46:20Z v2.4.0: Revert v2 line length change as discussed in #670 <p>Revert v2 line length change as discussed in <a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/pull/670">#670</a></p> <p>It was clearly a mistake to accept the default formatting change in v2, <br />and now there's no ideal choice. Either we revert the change and break <br />some projects twice, or we keep the change and break some projects once. <br />Given the report comes from Kubernetes, which has a relevant community <br />and code size, we'll revert it. At the same time, to simplify the life <br />of those that already started migrating towards the v3 behavior, a new <br />FutureLineWrap function is being introduced to trivially preserve the <br />new behavior where desired.</p> <p>The v3 branch is not affected by this, and will retain the default <br />non-wrapping behavior. It will also be changed soon to support per <br />arbitrary line-wrapping for individual encoding operations.</p> <p>Thanks to everyone who offered code and ideas, and apologies for <br />the trouble.</p> niemeyer tag:github.com,2008:Repository/17451182/v2.3.0 2020-05-06T23:08:38Z v2.3.0 laverya tag:github.com,2008:Repository/17451182/v2.2.8 2020-01-21T17:19:40Z v2.2.8: Optimize cases with long potential simple_keys (#555) <p>Optimize cases with long potential simple_keys (<a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/pull/555">#555</a>)</p> <p>This change introduces an index to lookup token numbers referenced by simple_keys in O(1), <br />thus significantly reducing the performance impact of certain abusively constructed snippets.</p> <p>When we build up the simple_keys stack, we count on the (formerly named) staleness check to <br />catch errors where a simple key is required but would be &gt; 1024 chars or span lines. The previous <br />simplification that searches the stack from the top can go 1024 keys deep before finding a "stale" <br />key and stopping. I added a test that shows that this consumes ~3s per 1MB of document size.</p> cjcullen tag:github.com,2008:Repository/17451182/v2.2.7 2019-11-19T21:27:36Z v2.2.7 niemeyer tag:github.com,2008:Repository/17451182/v2.2.6 2019-11-19T11:51:43Z v2.2.6 chenrui333 tag:github.com,2008:Repository/17451182/v2.2.5 2019-11-04T18:03:43Z v2.2.5: Fix check for non-map alias merging in v2 (#529) <p>Fix check for non-map alias merging in v2 (<a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/issues/529">#529</a>)</p> <p>The problem does not affect v3.</p> niemeyer tag:github.com,2008:Repository/17451182/v2.2.4 2019-10-02T18:33:36Z v2.2.4: Improve heuristics preventing CPU/memory abuse (#515) <p>Improve heuristics preventing CPU/memory abuse (<a class="issue-link js-issue-link" href="https://github.com/go-yaml/yaml/pull/515">#515</a>)</p> <p>This addresses the following items:</p> <p>==== Parse time of excessively deep nested or indented documents</p> <p>Parsing these documents is non-linear; limiting stack depth to 10,000 keeps parse times of pathological documents sub-second (~.25 seconds in benchmarks)</p> <p>==== Alias node expansion limits</p> <p>The current limit allows 10,000% expansion, which is too permissive for large documents.</p> <p>Limiting to 10% expansion for larger documents allows callers to use input size as an effective way to limit resource usage. Continuing to allow larger expansion rates (up to the current 10,000% limit) for smaller documents does not unduly affect memory use.</p> <p>This change bounds decode operations from alias expansion to ~400,000 operations for small documents (worst-case ~100-150MB) or 10% of the input document for large documents, whichever is greater.</p> liggitt tag:github.com,2008:Repository/17451182/v2.2.3 2019-09-30T19:09:21Z v2.2.3: Add logic to catch cases of alias abuse. <p>Add logic to catch cases of alias abuse.</p> <p>Backport of <a class="commit-link" href="https://github.com/go-yaml/yaml/commit/caeefd850a4388b005740feb8a31067e8654497f"><tt>caeefd8</tt></a>.</p> niemeyer