ruby.git/test/psych/test_psych.rb, branch v3_3_11 The Ruby Programming Language [ruby/psych] Fix RestrictedYAMLTree allowing the Symbol class should allow all symbols 2023-01-23T02:07:23+00:00 Jean Boussier jean.boussier@gmail.com 2023-01-22T14:04:11+00:00 8fded5f5d12be958ca803627a541e5a5d9323586 Ref: https://github.com/ruby/psych/pull/495 That's how it works for `safe_load`: ```ruby >> YAML.safe_load(':foo', permitted_classes: [Symbol]) => :foo ``` So `safe_dump` should mirror that. https://github.com/ruby/psych/commit/592a75a656 
Ref: https://github.com/ruby/psych/pull/495

That's how it works for `safe_load`:
```ruby
>> YAML.safe_load(':foo', permitted_classes: [Symbol])
=> :foo
```

So `safe_dump` should mirror that.

https://github.com/ruby/psych/commit/592a75a656
[ruby/psych] Fix the test that does not work with libyaml-0.1.7 2021-06-07T23:12:27+00:00 Yusuke Endoh mame@ruby-lang.org 2021-06-07T13:56:47+00:00 8c87efaa8a45166ed977294330c32a4b186b8e7b https://github.com/ruby/psych/commit/542cf9754f 
https://github.com/ruby/psych/commit/542cf9754f
Do not use YAML module in tests of Psych 2021-06-07T10:24:20+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2021-06-07T10:24:20+00:00 bb4a10208c8564a6c080a0de14ef6a5884c6173c 






Use assert_raise instead of assert_raises
2021-06-07T10:21:41+00:00

Hiroshi SHIBATA
hsbt@ruby-lang.org

2021-06-07T10:21:41+00:00

d7146dfd7dbe370ec9b7d6fde75bf1066bf7ed57












[ruby/psych] Implement YAML.safe_dump to make safe_load more usable.
2021-06-07T10:15:14+00:00

Jean Boussier
jean.boussier@gmail.com

2021-05-19T14:07:24+00:00

fd6225c7a974e5154099c9f7be82bebd44a19116

In case where Psych is used as a two way serializers,
e.g. to serialize some cache or config, it is preferable
to have the same restrictions on both load and dump.

Otherwise you might dump and persist some objects payloads
that you later won't be able to read.

https://github.com/ruby/psych/commit/441958396f





In case where Psych is used as a two way serializers,
e.g. to serialize some cache or config, it is preferable
to have the same restrictions on both load and dump.

Otherwise you might dump and persist some objects payloads
that you later won't be able to read.

https://github.com/ruby/psych/commit/441958396f







[ruby/psych] remove deprecated interface
2021-05-17T02:20:46+00:00

Aaron Patterson
tenderlove@ruby-lang.org

2021-05-11T20:49:20+00:00

42b20bdbfe770053e02948e9577bdd412a8c98cf

https://github.com/ruby/psych/commit/0767227051





https://github.com/ruby/psych/commit/0767227051







[ruby/psych] Introduce `Psych.unsafe_load`
2021-05-17T02:20:45+00:00

Aaron Patterson
tenderlove@ruby-lang.org

2021-05-10T16:50:06+00:00

c7c2ad5749f7f0767ef38be160f4b391228396c1

In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method.  In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE).  People that need to load *trusted* documents can use the
`unsafe_load` method.

This commit introduces the `unsafe_load` method so that people can
incrementally upgrade.  For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.

https://github.com/ruby/psych/commit/cb50aa8d3f





In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method.  In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE).  People that need to load *trusted* documents can use the
`unsafe_load` method.

This commit introduces the `unsafe_load` method so that people can
incrementally upgrade.  For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.

https://github.com/ruby/psych/commit/cb50aa8d3f







[ruby/psych] Fix symabolize_name with non-string keys
2021-05-17T02:20:45+00:00

Jean Boussier
jean.boussier@gmail.com

2021-02-25T17:36:15+00:00

a3ceed50b877e57554ec825d7fefe066c81ff0ee

https://github.com/ruby/psych/commit/1c5c29e81f





https://github.com/ruby/psych/commit/1c5c29e81f







[ruby/psych] Use assert_raise instead of assert_raises
2021-05-10T10:09:43+00:00

Hiroshi SHIBATA
hsbt@ruby-lang.org

2021-05-10T10:09:17+00:00

ab785b28e2f3cc879906aeaee0358c0de478499e

https://github.com/ruby/psych/commit/e6ad12b4e1





https://github.com/ruby/psych/commit/e6ad12b4e1







[ruby/psych] Use pend instead of skip
2021-05-10T09:53:56+00:00

Hiroshi SHIBATA
hsbt@ruby-lang.org

2021-05-10T08:54:06+00:00

bae9a21e40a65c0eaacebfd4b3c3a8de08892c74

https://github.com/ruby/psych/commit/efd2a62c9a





https://github.com/ruby/psych/commit/efd2a62c9a