summaryrefslogtreecommitdiff
path: root/lib/rubygems/yaml_serializer.rb
AgeCommit message (Collapse)Author
18 hours[ruby/rubygems] Fix a bug that `Gem::YAMLSerializer.load` ignores quotationSutou Kouhei
`"a: b"` must be processed as a string value (`a: b`) not a map value (`{"a" => "b"}`). https://github.com/ruby/rubygems/commit/3c3dfe3168
2026-03-17[ruby/rubygems] Refactor validate_tag! to enforce permitted_classes ↵Hiroshi SHIBATA
consistently with Psych Align YAMLSerializer's `permitted_classes` validation with Psych's whitelist semantics: an empty `permitted_classes` list denies all tagged classes, matching `Psych::ClassLoader::Restricted` behavior. - Rename `@permitted_tags` to `@permitted_classes` and simplify initialization - Extract `raise_disallowed_class!` from `validate_tag!` for clarity - Move `check_anchor!` before `validate_tag!` in `build_mapping` - Add test for `Gem::Version::Requirement` tag used by old gems like `escape` https://github.com/ruby/rubygems/commit/3c5855e833 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17[ruby/rubygems] Fix Bundler crashing when installing very old gems:Edouard CHIN
- ### Problem There is a regression where bundler can longer install gems that were packaged a long time ago, like the [memoize gem](https://rubygems.org/gems/memoize). Bundler will crash with such error: ``` Installing memoize 1.3.1 --- ERROR REPORT TEMPLATE ------------------------------------------------------- NoMethodError: undefined method 'as_list' for nil /Users/edouard/src/opensource/rubygems/lib/rubygems/dependency.rb:146:in 'Gem::Dependency#requirements_list' ``` ### Context These very old gems were packaged at the time were a `Gem::Dependency` had no ivars `requirement`. This is what the dumped gemspec looks like: ``` dependencies: - !ruby/object:Gem::Dependency name: test-unit type: :development version_requirement: version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: 2.0.2 version: ``` As opposed to a gem that was packaged more recently: ``` - !ruby/object:Gem::Dependency name: minitest-global_expectations requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' ``` The change we made in https://github.com/ruby/rubygems/commit/cbe57bbbd71e8ac7fed686ae7d13a2fd1bd2e5b2#diff-5ccc8aa468df013cc970580e88642417da12284da6529a4885b9abf447ae95edL529 broke old gem installation. ### Solution If `requirement` isn't set in the hash, look for `version_requirements` instead. https://github.com/ruby/rubygems/commit/cfd8b20692
2026-03-12[ruby/rubygems] Support YAML 1.1 !binary tag in YAMLSerializerlolwut
Decode base64-encoded values tagged with !binary in mapping keys, mapping values (both inline and block scalar), and sequence items. This fixes gem install failures for gems packaged with older RubyGems that used !binary encoding in checksums.yaml.gz. Fixes https://github.com/ruby/rubygems/issues/9387 https://github.com/ruby/rubygems/commit/cfc31601e9 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10[ruby/rubygems] bin/rubocop -AHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/ba8e4ed9ed
2026-03-10[ruby/rubygems] Limit YAML nesting and alias resolutionsHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/d4c5fc58e7
2026-03-10[ruby/rubygems] Restrict platform ivars when deserializing YAMLHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/b8f77e3860
2026-03-10[ruby/rubygems] Handle malformed/unknown YAML Platform fieldsHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/e5bcde365f
2026-03-10[ruby/rubygems] Stop normalizing requirements to ArrayHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/6b0aa2a2d3
2026-03-10[ruby/rubygems] Treat rdoc_options as Hash instead of ArrayHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/074e3f7f62
2026-03-10[ruby/rubygems] Construct Gem::Platform from cpu/os/version fieldsHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/cf566c3079
2026-03-10[ruby/rubygems] Do not sanitize dependency requirements from YAMLHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/cbe57bbbd7
2026-03-10[ruby/rubygems] Raise on unknown YAML object tagsHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/c29b3b2240
2026-03-10[ruby/rubygems] Support YAML 1.2 nulls and fix nil emissionHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/940358f2c2
2026-03-10[ruby/rubygems] Return nil for empty YAML and raise on nilHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/c091444047
2026-03-10[ruby/rubygems] Fix double-quoted YAML escape handling.Hiroshi SHIBATA
This leads installation issue of Windows. https://github.com/ruby/rubygems/commit/244b38acd7
2026-03-09Parse ISO8601 datetimes without Time.parseHiroshi SHIBATA
2026-03-09[ruby/rubygems] Simplify Psych exception stubs and fallback raisesHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/61bfb3fff8
2026-03-09[ruby/rubygems] Add Psych stub classes to yaml serializerHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/f3a1b17fce
2026-03-09[ruby/rubygems] Guard against nil next line in YAML serializerHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/faab31b5cf
2026-03-09[ruby/rubygems] Optimize YAML serializer line handlingHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/ef022c664f
2026-03-09[ruby/rubygems] Simplify indentation handling in YAML serializerHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/50becac99a
2026-03-09[ruby/rubygems] Use Psych-specific YAML error classesHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/e07e88a232
2026-03-09[ruby/rubygems] Refactor YAMLSerializer into Parser/Builder/EmitterHiroshi SHIBATA
https://github.com/ruby/rubygems/commit/bfe17c110c
2026-03-09[ruby/rubygems] Add Gem object reconstruction from parsed YAMLHiroshi SHIBATA
Add convert_to_spec and convert_any methods that transform parsed YAML data structures (with :tag metadata) back into Gem::Specification, Version, Platform, Requirement, and Dependency objects. Wire these into the load method so it returns fully reconstructed Gem objects. convert_to_spec normalizes specification_version to Integer, rdoc_options to Array of Strings, and other array fields (files, test_files, executables, requirements, extra_rdoc_files) to proper arrays. convert_any handles Gem::Version::Requirement (legacy) and validates requirement operators and dependency type symbols against permitted lists. https://github.com/ruby/rubygems/commit/fe1a29ef2d
2026-03-09[ruby/rubygems] Add full YAML parser with recursive descentHiroshi SHIBATA
Replace the simple regex-based load method with a full recursive descent parser (parse_any) that handles nested hashes, arrays, block scalars (| and |-), YAML anchors (&anchor) and aliases (*alias), !ruby/object: type tags, flow notation ({} and []), and non-specific tag stripping (! prefix). Add helper methods: parse_block_scalar for multiline strings, build_permitted_tags for security validation, unquote_simple for type coercion (booleans, integers, timestamps, quoted strings), and improve strip_comment to handle # inside quoted strings. The parser returns raw Ruby data structures (Hash, Array, String) with :tag metadata for typed objects, without yet reconstructing Gem-specific objects. https://github.com/ruby/rubygems/commit/053b576c20
2026-03-09[ruby/rubygems] Add YAML serializer (dump) for Gem objectsHiroshi SHIBATA
Replace the simple dump_hash method with dump_obj that can serialize Gem::Specification, Version, Platform, Requirement, Dependency, Hash, Array, Time, and String objects into YAML format. This enables pure-Ruby YAML serialization without depending on Psych. The serializer handles multiline strings (block scalars), special character quoting ($, !, &, *, :, @, %), and proper indentation for nested structures. https://github.com/ruby/rubygems/commit/bffb238b35
2024-07-19[rubygems/rubygems] Fix line comment issue for mapalpha0x00
https://github.com/rubygems/rubygems/commit/7ca06e139b
2024-06-06[rubygems/rubygems] Move Bundler settings specific logic to BundlerDavid Rodríguez
https://github.com/rubygems/rubygems/commit/7d1e8be2ce
2024-01-24[rubygems/rubygems] Keep compatibility of past versionsHiroshi SHIBATA
https://github.com/rubygems/rubygems/commit/54b67fb251
2024-01-24[rubygems/rubygems] Skip to load commented out wordsHiroshi SHIBATA
https://github.com/rubygems/rubygems/commit/e6a9148ba2
2023-12-05[rubygems/rubygems] Prefer String#split with block in Gem::YAMLSerializer#loadMau Magnaguagno
String#split supports a block since Ruby 2.6, avoiding intermediate array. https://github.com/rubygems/rubygems/commit/69cdf9e9d4
2023-11-13[rubygems/rubygems] Let RuboCop target Ruby 3.0David Rodríguez
https://github.com/rubygems/rubygems/commit/70243b1d72
2023-10-24[rubygems/rubygems] Handle empty arrayHiroshi SHIBATA
https://github.com/rubygems/rubygems/commit/7c0afdd9af
2023-09-15[rubygems/rubygems] Stop allocating the same settings keys repeatedlySamuel Giddins
Running `bundle update --bundler` on a rails app locally: ``` ==> memprof.after.txt <== Total allocated: 301.90 kB (3794 objects) Total retained: 73.24 kB (698 objects) ==> memprof.before.txt <== Total allocated: 14.47 MB (196378 objects) Total retained: 25.93 kB (202 objects) ``` So for a slight increase in retained memory (all keys are now retained), we go from about 200k allocations in the settings file to under 4k https://github.com/rubygems/rubygems/commit/e64debb6ae
2023-04-19[rubygems/rubygems] Copy YAMLSerializer from BundlerHiroshi SHIBATA
https://github.com/rubygems/rubygems/commit/6a97346708
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-26 22:23:52 +0000