Goal: Upgrade legacy app step by step as recommended by the RailsGuides: Upgrading Ruby on Rails (from ruby 2.3.1 and rails 4.2.2)
Expected result: rake assets:precompile completes successfully without a gem psych alias error: Psych::BadAlias
Help needed: Can someone please tell me how to implement the recommended solution: Psych::AliasesNotEnabled: Alias parsing was not enabled. To enable it, pass `aliases: true` to `Psych::load` or `Psych::safe_load` . What is (a) the code and (b) which file does it belong in. Full details follow.
Actual result:
I am updating an application from ruby 2.3.1 and rails 4.2.2: I stepped through major ruby revisions, i.e., 2.4, 2.5, 2.6, and am currently running 2.7.0 I updated rails to ~> 5.0 and then issues with the psych gem arose:
Problem: Running: rake assets:precompile led to: rake aborted! / Psych::BadAlias: Cannot load database configuration / Unknown alias: default / Caused by: Psych::BadAlias: Unknown alias: default / error: Precompiling assets failed
The recommended solution is: Psych::AliasesNotEnabled: Alias parsing was not enabled. To enable it, pass `aliases: true` to `Psych::load` or `Psych::safe_load`
I learned that psych 3.1.0 is a "default gem" (when I tried to delete / reinstall psych since it wasn't in my Gemfile or Gemfile.lock). So, I added gem 'psych', '~> 5.0', '>= 5.0.1' to the Gemfile and installed it, ran bundle install, and then ```rake assets:precompile`` -- which returned the same psych aliases error.
Unfortunately, I don't know how to pass `aliases: true` to `Psych::load` or `Psych::safe_load`
The accepted answer to this SO Q&A was helpful: visit_Psych_Nodes_Alias: Unknown alias: default (Psych::BadAlias)
Adding the recommended module YAML as lib/yaml.rb (the right place?) didn't resolve the issue.
I did more research and discovered a Rails patch: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 which noted that rails 5.2.8.1 (among others was "fixed"). So I upgraded to rails 5.2.8.1 and the error persisted.
Then, since the SO Q&A cited above ended with a "Note for Rails users (>= 7.0.3.1)" and the rails patch said rails 7.0.3.1 was a "fixed version", I upgraded to rails 7.0.3.1 and added the recommended code - from the Note - to resolve the psych issue:
# config/initializers/activerecord_yaml.rb
ActiveRecord.use_yaml_unsafe_load = true
It didn't work. rails app:update recommended numerous changes and, when running rake assets:precompile, I get an unrelated sprockets / popper.js error (probably higher in the stack than the psych error). So, I downgraded the app to rails 5.2.8.1 (with ruby 2.7.0) and am again getting the psych alias error when running rake assets:precompile
Hopefully, resolution is as simple as someone telling me how to implement the recommended solution: Psych::AliasesNotEnabled: Alias parsing was not enabled. To enable it, pass `aliases: true` to `Psych::load` or `Psych::safe_load` .
Also, what's a reasonable approach for the step-by-step upgrade of my code. I.e., once this issue is resolved for rails 5.2.8.1 should I skip ahead to the next fixed version (6.0.5.1)? The SO Q&A suggests different versions of psych for different versions of ruby; the issues are also related to different versions of rails.
Thank you in advance for your help. (I've returned to coding after a 3+ year break.)