Use YAML.safe_load_file for import/export config

`YAML.load_file` in Psych v4, which is used by Ruby 3.1, defaults to `YAML.safe_load_file` (https://github.com/ruby/psych/issues/533). This change in behavior breaks the loading of the `import_export.yml` in Ruby 3.1+ and up. Fix this by using `YAML.safe_load_file` with aliases and symbols allowed. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/396231 Changelog: changed

Use YAML.safe_load_file for import/export config
d3f7dab0 · Stan Hu · 0598ba1f · d3f7dab0 · d3f7dab0 · d3f7dab0
--- a/lib/gitlab/import_export/config.rb
+++ b/lib/gitlab/import_export/config.rb
@@ -52,7 +52,7 @@ def merge_ee?
      end

      def parse_yaml
-        YAML.load_file(@config)
+        YAML.safe_load_file(@config, aliases: true, permitted_classes: [Symbol])
      end
    end
  end

--- a/spec/lib/gitlab/import_export/attributes_finder_spec.rb
+++ b/spec/lib/gitlab/import_export/attributes_finder_spec.rb
@@ -177,7 +177,8 @@
      end

      def setup_yaml(hash)
-        allow(YAML).to receive(:load_file).with(test_config).and_return(hash)
+        allow(YAML).to receive(:safe_load_file)
+          .with(test_config, aliases: true, permitted_classes: [Symbol]).and_return(hash)
      end
    end
  end

--- a/spec/lib/gitlab/import_export/model_configuration_spec.rb
+++ b/spec/lib/gitlab/import_export/model_configuration_spec.rb
@@ -9,7 +9,7 @@
  include ConfigurationHelper

  let(:all_models_yml) { 'spec/lib/gitlab/import_export/all_models.yml' }
-  let(:all_models_hash) { YAML.load_file(all_models_yml) }
+  let(:all_models_hash) { YAML.safe_load_file(all_models_yml, aliases: true) }
  let(:current_models) { setup_models }
  let(:model_names) { relation_names_for(:project) }