LibYAML has moved from their previous Mercurial based hosting on BitBucket to a git repository on GitHub. This commit updates the `Psych` module's documentation to point to this new repository, instead of the old one which is now a 404.
947a84d0dd
In case where Psych is used as a two way serializers,
e.g. to serialize some cache or config, it is preferable
to have the same restrictions on both load and dump.
Otherwise you might dump and persist some objects payloads
that you later won't be able to read.
441958396f
YAML.load and YAML.safe_load are different a little; the former allows
Symbol by default but the latter doesn't. So YAML.load_file and
YAML.safe_load_file should reflect the difference.
Fixes#490f8a5e512a1
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
176494297f
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
cb50aa8d3f
* Added deprecated warnings for the new interface of keyword argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It version changed fallback option to keywoad argument
on `Yaml.load` method. It break backword compatiblity.
see detailed discuttion: https://github.com/ruby/psych/issues/340
From: SHIBATA Hiroshi <hsbt@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61336 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Rely on encoding tags to determine if string should be dumped as binary.
8949a47b8c
* Specify "frozen_string_literal: true".
* Support to binary release for mingw32 platform.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It fixed segmentation fault related with GC.
https://github.com/ruby/psych/pull/296
and removed deprecated code of Ruby 1.8.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56944 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
instance variables when it is referenced multiple times.
* ext/psych/lib/psych.rb: bump version
* ext/psych/psych.gemspec: bump version
* test/psych/test_hash.rb: test for fix
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/psych/lib/psych/visitors/yaml_tree.rb: fix line width wrapping
for long strings. Thanks Jakub Jirutka <jakub@jirutka.cz>
* test/psych/test_string.rb: test for change
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49275 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
