diff options
author | Charles Oliver Nutter <headius@headius.com> | 2023-01-13 02:55:52 -0600 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-01-31 13:14:05 +0900 |
commit | 0ee819b71ddab62699ab8b0ae14685d45781d28a (patch) | |
tree | 001a95fc9760e7203e52b4081c95d1998f9bdb3d /ext/psych/lib | |
parent | 29133794a3b2aea1e3f3451cd3720176ce75ed1f (diff) |
Initial move to SnakeYAML Engine
See jruby/jruby#7570 for some of the justification for this move. We only
require the parser from SnakeYAML, but in the original form it is
encumbered with Java object serialization code that keeps getting
flagged as a CVE risk. We disagree with the assessment, at least
as it pertains to JRuby (we do not use the code in question) but
our inclusion of the library continues to get flagged by auditing
tools.
This commit starts the process of moving to the successor library,
SnakeYAML Engine. The parser API is largely unchanged, except as
seen in this commit. No Java exceptions are thrown, but a number
of Psych tests fail (possibly due to Engine being YAML 1.2 only).
Diffstat (limited to 'ext/psych/lib')
-rw-r--r-- | ext/psych/lib/psych/versions.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/psych/lib/psych/versions.rb b/ext/psych/lib/psych/versions.rb index 22b909430c..1042a86d46 100644 --- a/ext/psych/lib/psych/versions.rb +++ b/ext/psych/lib/psych/versions.rb @@ -5,6 +5,6 @@ module Psych VERSION = '5.0.2' if RUBY_ENGINE == 'jruby' - DEFAULT_SNAKEYAML_VERSION = '1.33'.freeze + DEFAULT_SNAKEYAML_VERSION = '2.6'.freeze end end |