diff --git a/Gemfile b/Gemfile
index 7a65fe3d..676b830c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,8 @@ gem 'rails', '~> 7.0.4', '>= 7.0.8.1'
 # Use old psych for YAML on Ruby 3.1 until we move to Rails 7.0.4
 # so that we can continue to use aliases in config/locales/en.yml
 # cf. https://stackoverflow.com/questions/71191685/visit-psych-nodes-alias-unknown-alias-default-psychbadalias
-gem 'psych', '3.3.2' # Exactly match the version on Ruby 3.0
+gem 'psych', '4.0.4' # Exactly match the version on Ruby 3.1
+gem 'stringio', '3.0.1.2' # psych dependency: exactly match the version on Ruby 3.1
 
 # Use postgresql as the database for Active Record
 gem 'pg', '~> 1.4.6' # All client instance have postgres version >= 9.3
diff --git a/Gemfile.lock b/Gemfile.lock
index b54774d0..cf90898e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -376,7 +376,8 @@ GEM
       method_source (~> 1.0)
     pry-rails (0.3.11)
       pry (>= 0.13.0)
-    psych (3.3.2)
+    psych (4.0.4)
+      stringio
     public_suffix (6.0.1)
     puma (6.4.3)
       nio4r (~> 2.0)
@@ -509,6 +510,7 @@ GEM
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
+    stringio (3.0.1.2)
     terminal-notifier-guard (1.7.0)
     test-unit (3.6.2)
       power_assert
@@ -598,7 +600,7 @@ DEPENDENCIES
   possibly
   pry
   pry-rails
-  psych (= 3.3.2)
+  psych (= 4.0.4)
   puma (~> 6.0)
   puma-daemon
   rack-mini-profiler
@@ -609,6 +611,7 @@ DEPENDENCIES
   sass-rails
   simplecov
   spring
+  stringio (= 3.0.1.2)
   terminal-notifier-guard
   turbolinks (~> 5.x)
   web-console
diff --git a/config/attribute-map.yml b/config/attribute-map.yml
index e457730d..72ddcd41 100644
--- a/config/attribute-map.yml
+++ b/config/attribute-map.yml
@@ -1,12 +1,8 @@
 # Maps attributes from IdP SAML response to SP user model fields.
 # See https://github.com/apokalipto/devise_saml_authenticatable for more.
-default: &default {}
+development: {}
 
-development:
-  <<: *default
-
-test:
-  <<: *default
+test: {}
 
 production:
   objectGuid: object_guid
diff --git a/lib/export/cancer_death_common.rb b/lib/export/cancer_death_common.rb
index 393bf139..3127569b 100644
--- a/lib/export/cancer_death_common.rb
+++ b/lib/export/cancer_death_common.rb
@@ -151,7 +151,8 @@ def initialize(filename, e_type, ppats, filter = 'cd', ppatid_rowids: nil)
     # Load the required mapping file based on @batch.e_type
     def table_mapping
       mapping_file = 'cd_mapping.yml'
-      YAML.load_file(SafePath.new('mappings_config').join(mapping_file))['cd']
+      YAML.safe_load_file(SafePath.new('mappings_config').join(mapping_file),
+                          permitted_classes: [NdrImport::Table, Regexp, Symbol])['cd']
     end
 
     # Does this row match the current extract
diff --git a/lib/export/delimited_file.rb b/lib/export/delimited_file.rb
index 04ba378d..3af5f33d 100644
--- a/lib/export/delimited_file.rb
+++ b/lib/export/delimited_file.rb
@@ -59,7 +59,8 @@ def table_mapping
                        raise "No mapping found for #{@batch.e_type}"
                      end
 
-      YAML.load_file(SafePath.new('mappings_config').join(mapping_file))
+      YAML.safe_load_file(SafePath.new('mappings_config').join(mapping_file),
+                          permitted_classes: [NdrImport::Table, Regexp, Symbol])
     end
 
     # Header rows (including weird capitalisations of some fields)
diff --git a/lib/import/brca/core/brca_base.rb b/lib/import/brca/core/brca_base.rb
index 9e7fa3b3..168f474e 100644
--- a/lib/import/brca/core/brca_base.rb
+++ b/lib/import/brca/core/brca_base.rb
@@ -117,7 +117,8 @@ def table_mapping
                          else
                            raise "No mapping found for #{@batch.e_type}"
                          end
-          YAML.load_file(SafePath.new('mappings_config').join(mapping_file))
+          YAML.safe_load_file(SafePath.new('mappings_config').join(mapping_file),
+                              permitted_classes: [NdrImport::Table, Regexp, Symbol])
         end
       end
     end
diff --git a/lib/import/delimited_file.rb b/lib/import/delimited_file.rb
index 9b85e390..34d46b3f 100644
--- a/lib/import/delimited_file.rb
+++ b/lib/import/delimited_file.rb
@@ -115,7 +115,8 @@ def table_mapping
                        raise "No mapping found for #{@batch.e_type}"
                      end
 
-      YAML.load_file(SafePath.new('mappings_config').join(mapping_file))
+      YAML.safe_load_file(SafePath.new('mappings_config').join(mapping_file),
+                          permitted_classes: [NdrImport::Table, Regexp, Symbol])
     end
 
     # Check that the mappings inherit NdrImport::Table
diff --git a/vendor/cache/psych-3.3.2.gem b/vendor/cache/psych-3.3.2.gem
deleted file mode 100644
index 491ca3ee..00000000
Binary files a/vendor/cache/psych-3.3.2.gem and /dev/null differ
diff --git a/vendor/cache/psych-4.0.4.gem b/vendor/cache/psych-4.0.4.gem
new file mode 100644
index 00000000..e0b8883a
Binary files /dev/null and b/vendor/cache/psych-4.0.4.gem differ
diff --git a/vendor/cache/stringio-3.0.1.2.gem b/vendor/cache/stringio-3.0.1.2.gem
new file mode 100644
index 00000000..12908b7c
Binary files /dev/null and b/vendor/cache/stringio-3.0.1.2.gem differ