Initial move to SnakeYAML Engine

See jruby/jruby#7570 for some of the justification for this move. We only require the parser from SnakeYAML, but in the original form it is encumbered with Java object serialization code that keeps getting flagged as a CVE risk. We disagree with the assessment, at least as it pertains to JRuby (we do not use the code in question) but our inclusion of the library continues to get flagged by auditing tools. This commit starts the process of moving to the successor library, SnakeYAML Engine. The parser API is largely unchanged, except as seen in this commit. No Java exceptions are thrown, but a number of Psych tests fail (possibly due to Engine being YAML 1.2 only).
author: Charles Oliver Nutter <headius@headius.com> 2023-01-13 02:55:52 -0600
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2023-01-31 13:14:05 +0900
commit: 0ee819b71ddab62699ab8b0ae14685d45781d28a (patch)
tree: 001a95fc9760e7203e52b4081c95d1998f9bdb3d /ext/psych/lib/psych/versions.rb
parent: 29133794a3b2aea1e3f3451cd3720176ce75ed1f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/psych/lib/psych/versions.rb b/ext/psych/lib/psych/versions.rb
index 22b909430c..1042a86d46 100644
--- a/ext/psych/lib/psych/versions.rb
+++ b/ext/psych/lib/psych/versions.rb
@@ -5,6 +5,6 @@ module Psych
   VERSION = '5.0.2'
 
   if RUBY_ENGINE == 'jruby'
-    DEFAULT_SNAKEYAML_VERSION = '1.33'.freeze
+    DEFAULT_SNAKEYAML_VERSION = '2.6'.freeze
   end
 end
author	Charles Oliver Nutter <headius@headius.com>	2023-01-13 02:55:52 -0600
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2023-01-31 13:14:05 +0900
commit	0ee819b71ddab62699ab8b0ae14685d45781d28a (patch)
tree	001a95fc9760e7203e52b4081c95d1998f9bdb3d /ext/psych/lib/psych/versions.rb
parent	29133794a3b2aea1e3f3451cd3720176ce75ed1f (diff)