ruby.git/test/psych/test_marshalable.rb, branch v4.0.2 The Ruby Programming Language [ruby/psych] Introduce `Psych.unsafe_load` 2021-05-17T02:20:45+00:00 Aaron Patterson tenderlove@ruby-lang.org 2021-05-10T16:50:06+00:00 c7c2ad5749f7f0767ef38be160f4b391228396c1 In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load *trusted* documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly. https://github.com/ruby/psych/commit/cb50aa8d3f 
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method.  In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE).  People that need to load *trusted* documents can use the
`unsafe_load` method.

This commit introduces the `unsafe_load` method so that people can
incrementally upgrade.  For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.

https://github.com/ruby/psych/commit/cb50aa8d3f
[ruby/psych] Fix custom marshalization with symbolize_names: true 2021-05-10T10:17:32+00:00 Jean Boussier jean.boussier@gmail.com 2021-02-11T17:30:58+00:00 c110ade0d235391c2fbfe9291250f744b735a1a8 https://github.com/ruby/psych/commit/ee26f26ab5 
https://github.com/ruby/psych/commit/ee26f26ab5
Merge psych-3.0.0.beta3 from ruby/psych. 2017-07-14T06:15:58+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-07-14T06:15:58+00:00 0b396d588060707e227f21b80e964180674c8a50 * Rely on encoding tags to determine if string should be dumped as binary. https://github.com/ruby/psych/commit/8949a47b8cee31e03e21608406ba116adcf74054 * Specify "frozen_string_literal: true". * Support to binary release for mingw32 platform. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  * Rely on encoding tags to determine if string should be dumped as binary.
    https://github.com/ruby/psych/commit/8949a47b8cee31e03e21608406ba116adcf74054
  * Specify "frozen_string_literal: true".
  * Support to binary release for mingw32 platform.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add frozen_string_literal: false for all files 2015-12-16T05:07:31+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-12-16T05:07:31+00:00 3e92b635fb5422207b7bbdc924e292e51e21f040 When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/psych/lib/psych/visitors/to_ruby.rb: support objects that are 2014-12-01T21:35:11+00:00 tenderlove tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2014-12-01T21:35:11+00:00 12396fda407c5ed2b61edd76db01f4ce37c49626 marshalable, but inherit from basic object. Thanks Sean Griffin <sean@thoughtbot.com> * ext/psych/lib/psych/visitors/yaml_tree.rb: ditto * test/psych/test_marshalable.rb: test for fix git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48675 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  marshalable, but inherit from basic object.
  Thanks Sean Griffin <sean@thoughtbot.com>

* ext/psych/lib/psych/visitors/yaml_tree.rb: ditto

* test/psych/test_marshalable.rb: test for fix

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48675 b2dd03c8-39d4-4d8f-98ff-823fe69b080e