path: root/ext/psych
AgeCommit message (Collapse)Author
2021-06-07[ruby/psych] Bump version to 4.0.1Hiroshi SHIBATA
2021-06-07[ruby/psych] Implement YAML.safe_dump to make safe_load more usable.Jean Boussier
In case where Psych is used as a two way serializers, e.g. to serialize some cache or config, it is preferable to have the same restrictions on both load and dump. Otherwise you might dump and persist some objects payloads that you later won't be able to read.
2021-06-07[ruby/psych] Make YAML.load_file use YAML.load instead of safe_loadYusuke Endoh
YAML.load and YAML.safe_load are different a little; the former allows Symbol by default but the latter doesn't. So YAML.load_file and YAML.safe_load_file should reflect the difference. Fixes #490
2021-05-17[ruby/psych] remove deprecated interfaceAaron Patterson
2021-05-17[ruby/psych] Bump versionAaron Patterson
2021-05-17[ruby/psych] Use Psych.safe_load by defaultAaron Patterson
Psych.load is not safe for use with untrusted data. Too many applications make the mistake of using `Psych.load` with untrusted data and that ends up with some kind of security vulnerability. This commit changes the default `Psych.load` to use `safe_load`. Users that want to parse trusted data can use Psych.unsafe_load.
2021-05-17[ruby/psych] Introduce `Psych.unsafe_load`Aaron Patterson
In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load *trusted* documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly.
2021-05-17[ruby/psych] Fix symabolize_name with non-string keysJean Boussier
2021-05-17[ruby/psych] feat: allow scalars and sequences to be styled when dumpedJeremy Ebler
2021-05-10[ruby/psych] Fix some typos [ci skip]Ryuta Kamizono
2021-05-10[ruby/psych] bump versionAaron Patterson
2021-05-10[ruby/psych] docs: fix simple typo, expessed -> expressedTim Gates
There is a small typo in ext/psych/yaml/yaml.h. Should read `expressed` rather than `expessed`.
2021-05-10[ruby/psych] Update to latest SnakeYAMLCharles Oliver Nutter
Fixes jruby/jruby#6365
2021-05-10[ruby/psych] Fix custom marshalization with symbolize_names: trueJean Boussier
2021-05-10[ruby/psych] Cache dispatch cache in an instance variableJean Boussier
2021-05-10[ruby/psych] Cache access to Psych.load_tags in Visitor::ToRubyJean Boussier
2021-05-04Fix -Wundef warnings for patterns `#if HAVE`Benoit Daloze
* See [Feature #17752] * Using this to detect them: git grep -P 'if\s+HAVE' | grep -Pv 'HAVE_LONG_LONG|/ChangeLog|HAVE_TYPEOF' Notes: Merged:
2021-04-13dependency updates卜部昌平
Notes: Merged:
2021-03-30Text files should end with a newlineNobuyoshi Nakada
2021-02-09Expose scheduler as public interface & bug fixes. (#3945)Samuel Williams
* Rename `rb_scheduler` to `rb_fiber_scheduler`. * Use public interface if available. * Use `rb_check_funcall` where possible. * Don't use `unblock` unless the fiber was non-blocking. Notes: Merged-By: ioquatix <>
2020-12-23[ruby/psych] Bump version to 3.3.0Hiroshi SHIBATA
2020-12-23[ruby/psych] Optimize cache with `compare_by_identity`Marc-Andre Lafortune
Using `compare_by_identity` gives a 4x performance boost on cache hits. Benchmark in Notes: Merged:
2020-12-23[ruby/psych] Make Ractor-ready.Marc-Andre Lafortune
Config is Ractor-local. Benchmarking reveals that using `Ractor.local_storage` for storing cache is similar to accessing a constant (~15% slower). Notes: Merged:
2020-12-23[ruby/psych] Don't use instance variables directly for configMarc-Andre Lafortune
Notes: Merged:
2020-12-23[ruby/psych] Avoid methods depending on bindingsMarc-Andre Lafortune
Improves Ractor-readiness. Notes: Merged:
2020-12-23[ruby/psych] Freeze constants.Marc-Andre Lafortune
Improves Ractor-readiness. Notes: Merged:
2020-12-19Strip trailing spaces [ci skip]Nobuyoshi Nakada
2020-12-14Merge Psych-3.2.1 from ruby/psychHiroshi SHIBATA
2020-10-06Appended a newline to suppress newline-eof warningNobuyoshi Nakada
2020-09-25[ruby/psych] Forward keyword arguments in load_file and load_streamJean Boussier
2020-09-25[ruby/psych] Bump version to 3.2.0Hiroshi SHIBATA
2020-09-25[ruby/psych] Revert psych versionSzymonKowalczyk
2020-09-25[ruby/psych] Update SNAKEYAML CVE-2017-18640SzymonKowalczyk
to version 1.26
2020-09-25Remove private_iv_getCharles Oliver Nutter
The only remaining use of this function was to get the internal message object from an exception's hidden `mesg` instance variable to allow it to be dumped wiithout converting to a string. As discussed in #103, this exposes internal implementation details of CRuby, and ultimately does not provide any real utility to the user since they can't directly inspect this hidden variable. The test change here is to reflect CRuby behavior that denies equality if the internal message objects do not match, as is the case after the exception has been loaded and now has a simple String value. The impact to users is that exceptions with special hidden message objects will convert those objects to String during marshaling through YAML. I believe this only affects NameError and its descendants, since users can't set this field directly on their own exception types. Fixes #103.
2020-08-27sed -i '/rmodule.h/d'卜部昌平
Notes: Merged:
2020-08-27sed -i '/r_cast.h/d'卜部昌平
Notes: Merged:
2020-08-27sed -i '\,2/extern.h,d'卜部昌平
Notes: Merged:
2020-06-25Removed nonsense `rubygems_version` in input gemspec filesNobuyoshi Nakada
As it is ignored and set at building packages automatically, it is just nonsense to set in gemspec file for input.
2020-06-23[ruby/psych] Fixup 05d7e818a6abe3ee1c56b6be92f086647d73141cHiroshi SHIBATA
2020-06-23[ruby/psych] Bump version strings for header fileHiroshi SHIBATA
2020-06-23[ruby/psych] Bump libyaml version to 0.2.5Hiroshi SHIBATA
2020-06-23[ruby/psych] Fix anchor lookup with symbolized namesJean Boussier
2020-06-09Avoid requiring "psych/versions"Yusuke Endoh
This leads to double requiring "ext/psych/lib/psych/versions.rb" and ".ext/common/psych/versions.rb", which produces doxens of warnings during `make test-all`. ``` [15092/20234] TestRDocOptions#test_init_with_encoding/home/chkbuild/chkbuild/tmp/build/20200608T123004Z/ruby/ext/psych/lib/psych.rb:233: warning: already initialized constant Psych::LIBYAML_VERSION /home/chkbuild/chkbuild/tmp/build/20200608T123004Z/ruby/.ext/common/psych.rb:233: warning: previous definition of LIBYAML_VERSION was here /home/chkbuild/chkbuild/tmp/build/20200608T123004Z/ruby/ext/psych/lib/psych.rb:235: warning: already initialized constant Psych::NOT_GIVEN /home/chkbuild/chkbuild/tmp/build/20200608T123004Z/ruby/.ext/common/psych.rb:235: warning: previous definition of NOT_GIVEN was here /home/chkbuild/chkbuild/tmp/build/20200608T123004Z/ruby/ext/psych/lib/psych.rb:271: warning: method redefined; discarding old load /home/chkbuild/chkbuild/tmp/build/20200608T123004Z/ruby/.ext/common/psych.rb:271: warning: previous definition of load was here ... ``` The same issue happened in fiddle.gemspec, and this change applies the same fix as [fiddle](
2020-06-05[ruby/psych] Add LICENSE to the gemPo-Chuan Hsieh Notes: Merged:
2020-06-05[ruby/psych] Remove unnecessary version guard from versions.rbDavid Rodríguez
Removing it triggers the following warnings when running `bundle` under jruby from the root of the `psych` repo prints the following warnings: ``` /path/to/jruby- warning: already initialized constant VERSION /path/to//jruby- warning: already initialized constant DEFAULT_SNAKEYAML_VERSION ``` This is because bundler loads the versions file relatively from the local gemspec, and then internally loads the psych gem, causing the redefinition warnings. Instead, we modify the $LOAD_PATH so that when working locally on the `psych` repo, the local version of `psych` gets used. Notes: Merged:
2020-06-05[ruby/psych] Fix ArgumentError with leading and trailing underscores in ↵Mark Thorn
number strings. Notes: Merged:
2020-06-05[ruby/psych] Fix gem installationDavid Rodríguez
Current version is not installable because the gemspec is invalid, since it includes a `.travis.yml` file that no longer exists, so `rake install` fails like this: ``` $ rake install rake aborted! WARNING: See for help ERROR: While executing gem ... (Gem::InvalidSpecificationException) [".travis.yml"] are not files ``` Notes: Merged:
2020-06-05[ruby/psych] Implement `freeze` option for Pysch.loadJean Boussier Notes: Merged:
2020-06-05[ruby/psych] Implement a freeze load optionJean Boussier Notes: Merged:
2020-06-05[ruby/psych] Refactor `symbolize_names`Jean Boussier Notes: Merged: