I have a file containing a line like this:
title: "D: presentation"

The library loads and parses without error, but when I try to use the string, I get a stdClass could not be converted to string error.

Looking (print_r) into the object gives me something even weirder:
stdClass Object ( [] => presentation")
The object seems to have an anonymous attribute containing everything behind the colon, including the quote.

If, however, I remove the space after the colon and leave the quoted string as "D:presentation" there's no issue, everything works as expected.

Hello and thank you for this very useful library.

In DumperHandlers.php, line 43, it should be:

if (isset($compound[0] && $compound[0] instanceof YamlObject) {

instead of

if ($compound[0] instanceof YamlObject) {

to avoid a PHP Notice.

Expected yaml

network:
  ethernets:
        enp0s3:
            addresses: ['192.168.1.84/24']
            gateway4: 192.168.1.1
            nameservers:
                addresses: [192.168.1.1]
  version: 2

got

network:
  ethernets:
    enp0s3:
      addresses: [192.168.1.84\/24]
      gateway4: 192.168.1.1
      nameservers:
addresses: [192.168.1.1]
  version: 2

Code

$yaml = new Dallgoot\Yaml\YamlObject(0);

    $network = new \StdClass;
        $ethernets = new \StdClass;

            $enp0s3 = new \StdClass;
            $string = '192.168.1.84/24';
            $enp0s3->addresses = new Dallgoot\Yaml\Compact(array($string));
            $enp0s3->gateway4 = '192.168.1.1';
                $nameservers =  new \StdClass;
                $nameservers->addresses = new Dallgoot\Yaml\Compact(['192.168.1.1']);
            $enp0s3->nameservers = $nameservers;
        $ethernets->enp0s3 = $enp0s3;
    $network->ethernets = $ethernets;
    $network->version = 2;
$yaml->network = $network;
$text = Dallgoot\Yaml::dump($yaml, 0);
file_put_contents('00-installer-config.yaml',$text);

Hi, is there a way to obtain associative array other than json_decode(json_encode($yamlObject), true)?

I have to parse a file that contains something similar to the following:

chapters: [00:00:00.000]

When attempting to parse this however I get the following error: ParseError: Partial value found at line 1

I am guessing this is because of the un-quoted : however as far as I can see most other yaml parsers are parsing this fine, so I'm guessing this qualifies as a bug.

When the file (PHP file, or the yaml strings themselves) are saved with CRLF or LF line endings, these two simple documents parse differently.

<?php
require "./vendor/autoload.php";

use Dallgoot\Yaml\Yaml;

$str1 = "name: Bob
classes:
 - English
 - Spanish";

$str2 = "name: Bob
classes: 
 - English
 - Spanish";

$yaml1 = Yaml::parse($str1);
echo "# YAML 1\n";
echo Yaml::dump($yaml1);

$yaml2 = Yaml::parse($str2);
echo "\n---\n# YAML 2\n";
echo Yaml::dump($yaml2);

When saved as CRLF, outputs:

# YAML 1
name: Bob
---
# YAML 2
name: Bob
classes: 
  - English
  - Spanish

When saved as LF, outputs:

# YAML 1
name: Bob
classes: 
  - English
  - Spanish
---
# YAML 2
name: Bob
classes: 
  - English
  - Spanish

The difference between $str1 and $str2 is a single U+20 SPACE character after the colon on the second line.

Hello

First, thank you for this nice and complete lib

But i'm figuring out a problem that i cannot understand to help solve

When we get sequence like

We got this trace: https://pastebin.com/6RDa7Ccq

My main code is just

$yaml = \Dallgoot\Yaml\Yaml::parseFile(APPLICATION_PATH . "/../plugins/AuthMe/config.yml", NULL, NULL);
print_r($yaml);

Tested with version 0.9.1.2

Given:

$object = new \Dallgoot\Yaml\Types\YamlObject(0);
$object->api = '1';
$object->entries = array('a' => array(array('b1' => 'b', 'b2' => 'b'), array('c1' => 'c', 'c2' => 'c')));
echo \Dallgoot\Yaml\Yaml::dump($object, 0);

Expected:

api: 1
entries: 
  a: 
    - b1: b
      b2: b
    - c1: c
      c2: c

Actual:

api: 1
entries: 
  a: 
    - 
  b1: b
  b2: b
    - 
  c1: c
  c2: c

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.3.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Path to vulnerable library: /yaml/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-3.3.1.min.js (Vulnerable Library)

Found in HEAD commit: 31040d3cb9963e1f4d4ca534e9e9ec874787d4ce

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

Its deprecated and now your package is not working with composer.

commit 3c12e64