-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
json.decode is too strict; fails on duplicate keys #15605
Comments
What is the most useful and still rational behavior here? You could plausibly argue four approaches:
|
experiment:
So the answer I'd most like coming from a NodeJS ecosystem is to take your option 2. I dunno if that's formally documented in the nodejs spec. |
Taking the last entry seems preferable over taking the first, since it's more consistent with |
ping! @brandjon will you take PRs for this? |
ECMA-262 says under 25.5.1.1
This aligns with option 2. |
ping! @brandjon would you accept a PR? Another user on Slack tripped over this. |
Different JSON parsers diverge on this point: https://stackoverflow.com/questions/21832701/does-json-syntax-allow-duplicate-keys-in-an-object Javascript, and anything that tries to be compatible with Javascript, of course allows duplicate keys and keeps the last value. C and C++ based JSON parsers typically don't allow duplicate keys. I have no strong opinion on which way to go, but given the need to integrate with npm, we may as well follow Javascript's behavior. |
I think the critical observation is that Bazel is meant to be the orchestration for a bunch of third-party package managers and tools, so it should follow the https://en.wikipedia.org/wiki/Robustness_principle |
Rationale for accepting the change:
(The "Robustness principle" can be problematic -- think HTML. But we're maintaining a parser, not writing a new standard.) |
@brandjon @tetromino I don't suppose you guys know which release this will hit? |
Given that this doesn't change the behavior on inputs that didn't hard fail before this change, I would propose to cherry-pick it into 6.2.0. Otherwise it would naturally make its way into 7.0.0. |
I am asking for a cherry-pick at #17868 |
Resolves #15605 Closes #17645. PiperOrigin-RevId: 514491743 Change-Id: I17ea9fb57682b668bff02bc64fefd75edb2cf2ee Co-authored-by: Adam Lavin <[email protected]>
Resolves bazelbuild#15605 Closes bazelbuild#17645. PiperOrigin-RevId: 514491743 Change-Id: I17ea9fb57682b668bff02bc64fefd75edb2cf2ee
Description of the bug:
A couple of packages are published to npm with a JSON descriptor which is valid in every context it's used.
However
json.decode
fails on this part of the file:More context here:
aspect-build/rules_js#148
I agree with the library author that it's really a Bazel bug, which should follow the https://en.wikipedia.org/wiki/Robustness_principle of "be permissive in what you accept". Author points this out:
wooorm/decode-named-character-reference#2
wooorm/stringify-entities#11
What's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.
What is the output of
bazel info release
?5.x
The text was updated successfully, but these errors were encountered: