TIL https://en.wikipedia.org/wiki/Billion_laughs_attack Looks like Nokogiri is too simplistic (by default) to be affected, but the Psych parser in Ruby isn’t so lucky (if you expand to ruby objects, of course… it parses to a Psych object just fine.)
Silence “Don’t run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.” warning