| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/ruby/psych/commit/75ab76e788
|
|
https://github.com/ruby/psych/commit/a0f55ee85a
|
|
https://github.com/ruby/psych/commit/69a713f860
|
|
https://github.com/ruby/psych/commit/8ec36494fb
|
|
'y' and 'n' are kind of ambiguous. Syck treated y and n literals in
YAML documents as strings. But this is not what the YAML 1.1 spec says.
YAML 1.1 says they should be treated as booleans. When we're dumping
documents, we know it's a string, so adding quotes will eliminate the
"ambiguity" in the emitted document
Fixes #443
https://github.com/ruby/psych/commit/6a1c30634e
|
|
https://github.com/ruby/psych/commit/64cc239557
Co-authored-by: Olle Jonsson <olle.jonsson@gmail.com>
|
|
https://github.com/ruby/psych/commit/8f71222bf3
|
|
https://github.com/ruby/psych/commit/e0bb853014
|
|
Previously, `+.inf` was not handled correctly. Additionally, the regexp
was checking for inf and NaN, even though these cases are handled earlier
in the condition. Added a few tests to ensure handling some missing
cases.
https://github.com/ruby/psych/commit/6e0e7a1e9f
|
|
LibYAML has moved from their previous Mercurial based hosting on BitBucket to a git repository on GitHub. This commit updates the `Psych` module's documentation to point to this new repository, instead of the old one which is now a 404.
https://github.com/ruby/psych/commit/947a84d0dd
|
|
https://github.com/ruby/psych/commit/4049939006
|
|
In case where Psych is used as a two way serializers,
e.g. to serialize some cache or config, it is preferable
to have the same restrictions on both load and dump.
Otherwise you might dump and persist some objects payloads
that you later won't be able to read.
https://github.com/ruby/psych/commit/441958396f
|
|
YAML.load and YAML.safe_load are different a little; the former allows
Symbol by default but the latter doesn't. So YAML.load_file and
YAML.safe_load_file should reflect the difference.
Fixes #490
https://github.com/ruby/psych/commit/f8a5e512a1
|
|
https://github.com/ruby/psych/commit/0767227051
|
|
https://github.com/ruby/psych/commit/1df86a2e81
|
|
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
https://github.com/ruby/psych/commit/176494297f
|
|
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
|
|
https://github.com/ruby/psych/commit/1c5c29e81f
|
|
https://github.com/ruby/psych/commit/546154ddb7
|
|
https://github.com/ruby/psych/commit/98617e55a1
|
|
https://github.com/ruby/psych/commit/091cd46b1f
|
|
Fixes jruby/jruby#6365
https://github.com/ruby/psych/commit/a88ff77f02
|
|
https://github.com/ruby/psych/commit/ee26f26ab5
|
|
https://github.com/ruby/psych/commit/285c461cd2
|
|
https://github.com/ruby/psych/commit/58223f0426
|
|
https://github.com/ruby/psych/commit/0abce07b90
|
|
Using `compare_by_identity` gives a 4x performance boost on cache hits.
Benchmark in https://github.com/JuanitoFatas/fast-ruby/issues/189
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
Config is Ractor-local.
Benchmarking reveals that using `Ractor.local_storage` for storing cache
is similar to accessing a constant (~15% slower).
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
Improves Ractor-readiness.
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
Improves Ractor-readiness.
Notes:
Merged: https://github.com/ruby/ruby/pull/3953
|
|
|
|
https://github.com/ruby/psych/commit/4e1dd37f09
|
|
https://github.com/ruby/psych/commit/181a727c90
|
|
https://github.com/ruby/psych/commit/55a294fcd0
|
|
to version 1.26
https://github.com/ruby/psych/commit/b2802135e7
|
|
The only remaining use of this function was to get the internal
message object from an exception's hidden `mesg` instance
variable to allow it to be dumped wiithout converting to a string.
As discussed in #103, this exposes internal implementation details
of CRuby, and ultimately does not provide any real utility to the
user since they can't directly inspect this hidden variable. The
test change here is to reflect CRuby behavior that denies equality
if the internal message objects do not match, as is the case after
the exception has been loaded and now has a simple String value.
The impact to users is that exceptions with special hidden message
objects will convert those objects to String during marshaling
through YAML. I believe this only affects NameError and its
descendants, since users can't set this field directly on their
own exception types.
Fixes #103.
|
|
https://github.com/ruby/psych/commit/ef74fc01e2
|
|
Removing it triggers the following warnings when running `bundle` under
jruby from the root of the `psych` repo prints the following warnings:
```
/path/to/jruby-9.2.9.0/lib/ruby/gems/shared/gems/psych-3.1.0-java/lib/psych/versions.rb:7: warning: already initialized constant VERSION
/path/to//jruby-9.2.9.0/lib/ruby/gems/shared/gems/psych-3.1.0-java/lib/psych/versions.rb:10: warning: already initialized constant DEFAULT_SNAKEYAML_VERSION
```
This is because bundler loads the versions file relatively from the
local gemspec, and then internally loads the psych gem, causing the
redefinition warnings.
Instead, we modify the $LOAD_PATH so that when working locally on the
`psych` repo, the local version of `psych` gets used.
https://github.com/ruby/psych/commit/a3fc8191a7
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
number strings.
https://github.com/ruby/psych/commit/ac2d2c9b1b
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
https://github.com/ruby/psych/commit/7dae24894d
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
https://github.com/ruby/psych/commit/04f97f7a56
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
https://github.com/ruby/psych/commit/3e472ab2d7
Notes:
Merged: https://github.com/ruby/ruby/pull/3188
|
|
https://github.com/ruby/psych/commit/0910ae5575
|
|
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
I'm not sure if the untaint calls in deduplicate are still needed
after the removal of tainting in the parser. If they are not
needed, they should be removed.
https://github.com/ruby/psych/commit/73c1a2b4e0
|
|
https://github.com/ruby/psych/commit/0414982ffd
|
|
ref. https://github.com/ruby/bigdecimal/pull/149
https://github.com/ruby/psych/commit/25ae263252
|
|
|
|
|
|
|
