Age | Commit message (Collapse) | Author |
|
https://github.com/ruby/psych/commit/0767227051
|
|
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
https://github.com/ruby/psych/commit/176494297f
|
|
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
|
|
Config is Ractor-local.
Benchmarking reveals that using `Ractor.local_storage` for storing cache
is similar to accessing a constant (~15% slower).
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
Improves Ractor-readiness.
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
|
|
https://github.com/ruby/psych/commit/4e1dd37f09
|
|
https://github.com/ruby/psych/commit/04f97f7a56
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
https://github.com/ruby/psych/commit/3e472ab2d7
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
https://github.com/ruby/psych/commit/0910ae5575
|
|
ref. https://github.com/ruby/bigdecimal/pull/149
https://github.com/ruby/psych/commit/25ae263252
|
|
* https://github.com/ruby/psych/pull/379
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
And merge psych again.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65659 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This reverts commit db3101ff301b8e6f52170df0891f4fc35579354f.
This caused build error: http://ci.rvm.jp/results/trunk-test@ruby-sky3/1452708
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* https://github.com/ruby/psych/pull/378
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65656 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Added deprecated warnings for the new interface of keyword argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Update bundled libyaml-0.2.1 from 0.1.7.
https://github.com/ruby/psych/pull/368
* Unify Psych's API: To use keyword arguments with method call.
https://github.com/ruby/psych/pull/358
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I added the following additional commits from 3.0.3.pre1:
* https://github.com/ruby/psych/pull/356
* https://github.com/ruby/psych/pull/357
* https://github.com/ruby/psych/pull/359
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63280 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It version changed fallback option to keywoad argument
on `Yaml.load` method. It break backword compatiblity.
see detailed discuttion: https://github.com/ruby/psych/issues/340
From: SHIBATA Hiroshi <hsbt@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61336 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
See NEWS file for this update details.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60951 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Rely on encoding tags to determine if string should be dumped as binary.
https://github.com/ruby/psych/commit/8949a47b8cee31e03e21608406ba116adcf74054
* Specify "frozen_string_literal: true".
* Support to binary release for mingw32 platform.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Removed deprecated code.
* Removed code related syck gem.
* Fixed typos.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58256 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It fixed segmentation fault related with GC.
https://github.com/ruby/psych/pull/296
and removed deprecated code of Ruby 1.8.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56944 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This version fixed following pull requests.
https://github.com/tenderlove/psych/pull/284
https://github.com/tenderlove/psych/pull/276
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55498 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This version fixed [Bug #11988][ruby-core:72850]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53237 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/psych/*: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52920 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
https://github.com/tenderlove/psych/pull/242
https://github.com/tenderlove/psych/pull/246 [ruby-list:50219]
* test/psych/*: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51741 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/psych/*: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51657 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto
* ext/psych/yaml/scanner.c: add latest libyaml change.
* test/psych/helper.rb: support newer minitest
* test/psych/test_to_yaml_properties.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49632 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
instance variables when it is referenced multiple times.
* ext/psych/lib/psych.rb: bump version
* ext/psych/psych.gemspec: bump version
* test/psych/test_hash.rb: test for fix
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/lib/psych/visitors/yaml_tree.rb: fix line width wrapping
for long strings. Thanks Jakub Jirutka <jakub@jirutka.cz>
* test/psych/test_string.rb: test for change
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49275 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto.
* ext/psych/psych_emitter.c: ditto.
* ext/psych/psych_parser.c: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48718 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
skip][fix GH-593]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45577 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
libyaml-0.1.6 for CVE-2014-2525.
* ext/psych/yaml/config.h: ditto.
* ext/psych/yaml/scanner.c: ditto.
* ext/psych/yaml/yaml_private.h: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
objects.
* ext/psych/lib/psych/visitors/to_ruby.rb: support loading Encoding
objects.
* test/psych/test_encoding.rb: add test
* ext/psych/lib/psych.rb: add version
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45221 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44811 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/rake/file_list.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
quotes should not have changed. [ruby-core:59316] [Bug #9300]
* ext/psych/lib/psych.rb: fixed missing require.
* test/psych/test_string.rb: test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/fiddle/lib/fiddle/import.rb: ditto
* ext/psych/lib/psych.rb: ditto
* ext/psych/lib/psych/nodes/sequence.rb: ditto
* ext/tk/lib/multi-tk.rb: ditto
* ext/tk/lib/tcltk.rb: ditto
Closes GH-490
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44451 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42970 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch by Dave Worth https://github.com/ruby/ruby/pull/341
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42054 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|