Age | Commit message (Collapse) | Author |
|
https://github.com/ruby/psych/commit/a9ab74d132
|
|
https://github.com/ruby/psych/commit/51cc86ff3f
|
|
https://github.com/ruby/psych/commit/f306512d60
|
|
https://github.com/ruby/psych/commit/094c811588
|
|
This version primarily updates the JRuby extension to use
SnakeYAML Engine, a newer version of the SnakeYAML library, which
also updates YAML support to 1.2. The JRuby extension now also
exposes settings for the parser.
https://github.com/ruby/psych/commit/6f2b16b343
|
|
See jruby/jruby#7570 for some of the justification for this move. We only
require the parser from SnakeYAML, but in the original form it is
encumbered with Java object serialization code that keeps getting
flagged as a CVE risk. We disagree with the assessment, at least
as it pertains to JRuby (we do not use the code in question) but
our inclusion of the library continues to get flagged by auditing
tools.
This commit starts the process of moving to the successor library,
SnakeYAML Engine. The parser API is largely unchanged, except as
seen in this commit. No Java exceptions are thrown, but a number
of Psych tests fail (possibly due to Engine being YAML 1.2 only).
|
|
https://github.com/ruby/psych/commit/a170b8eb46
|
|
https://github.com/ruby/psych/commit/67ec299c68
|
|
https://github.com/ruby/psych/commit/bdf20e6042
|
|
https://github.com/ruby/psych/commit/4fed0941b9
|
|
https://github.com/ruby/psych/commit/8a761cdfb7
|
|
Resolves CVE-2022-25857, among other fixes.
https://github.com/ruby/psych/commit/918cd25d37
|
|
https://github.com/ruby/psych/commit/c3b5183f42
|
|
3.1 gem install
https://github.com/ruby/psych/commit/2fa5e190b5
|
|
https://github.com/ruby/psych/commit/75ab76e788
|
|
https://github.com/ruby/psych/commit/69a713f860
|
|
https://github.com/ruby/psych/commit/4049939006
|
|
https://github.com/ruby/psych/commit/1df86a2e81
|
|
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
|
|
https://github.com/ruby/psych/commit/091cd46b1f
|
|
Fixes jruby/jruby#6365
https://github.com/ruby/psych/commit/a88ff77f02
|
|
https://github.com/ruby/psych/commit/0abce07b90
|
|
|
|
https://github.com/ruby/psych/commit/181a727c90
|
|
https://github.com/ruby/psych/commit/55a294fcd0
|
|
to version 1.26
https://github.com/ruby/psych/commit/b2802135e7
|
|
Removing it triggers the following warnings when running `bundle` under
jruby from the root of the `psych` repo prints the following warnings:
```
/path/to/jruby-9.2.9.0/lib/ruby/gems/shared/gems/psych-3.1.0-java/lib/psych/versions.rb:7: warning: already initialized constant VERSION
/path/to//jruby-9.2.9.0/lib/ruby/gems/shared/gems/psych-3.1.0-java/lib/psych/versions.rb:10: warning: already initialized constant DEFAULT_SNAKEYAML_VERSION
```
This is because bundler loads the versions file relatively from the
local gemspec, and then internally loads the psych gem, causing the
redefinition warnings.
Instead, we modify the $LOAD_PATH so that when working locally on the
`psych` repo, the local version of `psych` gets used.
https://github.com/ruby/psych/commit/a3fc8191a7
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66430 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Added deprecated warnings for the new interface of keyword argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
```
.../ext/psych/lib/psych/versions.rb:4: warning: already initialized constant Psych::VERSION
.../.ext/common/psych/versions.rb:4: warning: previous definition of VERSION was here
```
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64609 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This reverts commit a5e5cfa3f650d4e78fb50e2df15c102ab56fca3c.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64600 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
```
.../ext/psych/lib/psych/versions.rb:4: warning: already initialized constant Psych::VERSION
.../.ext/common/psych/versions.rb:4: warning: previous definition of VERSION was here
```
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64599 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Update bundled libyaml-0.2.1 from 0.1.7.
https://github.com/ruby/psych/pull/368
* Unify Psych's API: To use keyword arguments with method call.
https://github.com/ruby/psych/pull/358
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I added the following additional commits from 3.0.3.pre1:
* https://github.com/ruby/psych/pull/356
* https://github.com/ruby/psych/pull/357
* https://github.com/ruby/psych/pull/359
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63280 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It version changed fallback option to keywoad argument
on `Yaml.load` method. It break backword compatiblity.
see detailed discuttion: https://github.com/ruby/psych/issues/340
From: SHIBATA Hiroshi <hsbt@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61336 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
See NEWS file for this update details.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60951 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59329 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Rely on encoding tags to determine if string should be dumped as binary.
https://github.com/ruby/psych/commit/8949a47b8cee31e03e21608406ba116adcf74054
* Specify "frozen_string_literal: true".
* Support to binary release for mingw32 platform.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It contains following changes from 3.0.0.beta1
* Preserve time zone offset when deserializing times
https://github.com/ruby/psych/pull/316
* Enable YAML serialization of Ruby delegators
https://github.com/ruby/psych/pull/158
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Removed deprecated code.
* Removed code related syck gem.
* Fixed typos.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58256 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* It's only typo fix for CRuby.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57700 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* It fixed only JRuby dependency issue.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57083 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It fixed segmentation fault related with GC.
https://github.com/ruby/psych/pull/296
and removed deprecated code of Ruby 1.8.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56944 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/psych/*: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51657 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|