archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-25 14:05:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
77079 commits 30 branches 1174 tags 514 MiB
Commit graph

99 commits

Author SHA1 Message Date
Alexander Momchilov
54219ae8c4 [ruby/psych] Raise specific error when aliases are not enabled 
0c11ddcf46
 2022-08-09 01:32:47 +09:00
Seth Boyles
c1a6ff046d [ruby/psych] Add strict_integer option to parse numbers with commas as strings 
Authored-by: Seth Boyles <sethboyles@gmail.com>

75bebb37b8
 2022-01-22 10:00:51 +09:00
Michael Nikitochkin
ef2cf9245c [ruby/psych] Remove alias of load to unsafe_load 
39e23cc86f
 2022-01-20 10:39:05 +09:00
David Rodríguez
d04d6bbc6c [ruby/psych] Prefer require_relative for internal requires 
a0f55ee85a
 2021-10-24 08:49:14 +09:00
Rhys Powell
e99d2d066f [ruby/psych] fix: use git repository link for LibYAML in docs 
LibYAML has moved from their previous Mercurial based hosting on BitBucket to a git repository on GitHub. This commit updates the `Psych` module's documentation to point to this new repository, instead of the old one which is now a 404.

947a84d0dd
 2021-07-29 15:54:41 +09:00
Jean Boussier
fd6225c7a9
[ruby/psych] Implement YAML.safe_dump to make safe_load more usable. 
In case where Psych is used as a two way serializers,
e.g. to serialize some cache or config, it is preferable
to have the same restrictions on both load and dump.

Otherwise you might dump and persist some objects payloads
that you later won't be able to read.

441958396f
 2021-06-07 19:15:14 +09:00
Yusuke Endoh
430883158f
[ruby/psych] Make YAML.load_file use YAML.load instead of safe_load 
YAML.load and YAML.safe_load are different a little; the former allows
Symbol by default but the latter doesn't. So YAML.load_file and
YAML.safe_load_file should reflect the difference.

Fixes #490

f8a5e512a1
 2021-06-07 19:15:14 +09:00
Aaron Patterson
42b20bdbfe
[ruby/psych] remove deprecated interface 
0767227051
 2021-05-17 11:20:46 +09:00
Aaron Patterson
fbb4e3f96c
[ruby/psych] Use Psych.safe_load by default 
Psych.load is not safe for use with untrusted data.  Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.

This commit changes the default `Psych.load` to use `safe_load`.  Users
that want to parse trusted data can use Psych.unsafe_load.

176494297f
 2021-05-17 11:20:45 +09:00
Aaron Patterson
c7c2ad5749
[ruby/psych] Introduce Psych.unsafe_load 
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method.  In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE).  People that need to load *trusted* documents can use the
`unsafe_load` method.

This commit introduces the `unsafe_load` method so that people can
incrementally upgrade.  For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.

cb50aa8d3f
 2021-05-17 11:20:45 +09:00
Marc-Andre Lafortune
c5a445d577 [ruby/psych] Make Ractor-ready. 
Config is Ractor-local.

Benchmarking reveals that using `Ractor.local_storage` for storing cache
is similar to accessing a constant (~15% slower).
 2020-12-23 01:08:38 -05:00
Marc-Andre Lafortune
3ee0ad9190 [ruby/psych] Don't use instance variables directly for config 2020-12-23 01:08:38 -05:00
Marc-Andre Lafortune
0eb94dae4a [ruby/psych] Freeze constants. 
Improves Ractor-readiness.
 2020-12-23 01:08:38 -05:00
Hiroshi SHIBATA
c2a60fec2f
Merge Psych-3.2.1 from ruby/psych 2020-12-14 20:13:12 +09:00
Jean Boussier
b72f9200ac
[ruby/psych] Forward keyword arguments in load_file and load_stream 
4e1dd37f09
 2020-09-25 13:11:33 +09:00
Jean Boussier
4085c51a51 [ruby/psych] Implement a freeze load option 
04f97f7a56
 2020-06-05 11:49:56 +09:00
Jean Boussier
591a3326e3 [ruby/psych] Refactor symbolize_names 
3e472ab2d7
 2020-06-05 11:49:56 +09:00
Aaron Patterson
db33ab470c
[ruby/psych] Add a note about safe_load 
0910ae5575
 2019-11-12 10:43:54 +09:00
Hiroshi SHIBATA
50076903ab
[ruby/psych] Drop to support fat gem support. 
ref. https://github.com/ruby/bigdecimal/pull/149

25ae263252
 2019-07-25 07:50:37 +09:00
hsbt
631086b784 Merge upstream from ruby/psych 
* https://github.com/ruby/psych/pull/379

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-12-04 12:24:12 +00:00
nobu
6268098208 Make rubygems follow the upstream of psych 
And merge psych again.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65659 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-11-11 00:20:27 +00:00
mame
ba8d27e670 Revert "Merge psych from upstream." 
This reverts commit db3101ff30.

This caused build error: http://ci.rvm.jp/results/trunk-test@ruby-sky3/1452708

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-11-10 22:26:37 +00:00
hsbt
db3101ff30 Merge psych from upstream. 
* https://github.com/ruby/psych/pull/378

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65656 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-11-10 18:06:51 +00:00
hsbt
1c92766bf0 Merge Pysch-3.1.0.pre2 from ruby/psych. 
* Added deprecated warnings for the new interface of keyword argument.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-10-20 04:25:04 +00:00
hsbt
867581dd75 Merge psych-3.1.0.pre1. 
* Update bundled libyaml-0.2.1 from 0.1.7.
    https://github.com/ruby/psych/pull/368
  * Unify Psych's API: To use keyword arguments with method call.
    https://github.com/ruby/psych/pull/358

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-08-27 00:44:04 +00:00
hsbt
f114089585 Merge Pysch 3.0.3.pre1. 
I added the following additional commits from 3.0.3.pre1:
    * https://github.com/ruby/psych/pull/356
    * https://github.com/ruby/psych/pull/357
    * https://github.com/ruby/psych/pull/359

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63280 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-04-28 01:47:58 +00:00
hsbt
def7fab871 Merge psych-3.0.2 from ruby/psych. 
It version changed fallback option to keywoad argument
  on `Yaml.load` method. It break backword compatiblity.

  see detailed discuttion: https://github.com/ruby/psych/issues/340

From: SHIBATA Hiroshi <hsbt@ruby-lang.org>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61336 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-12-19 09:44:33 +00:00
hsbt
44320c5b8d Merge psych-3.0.0. 
See NEWS file for this update details.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60951 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-12-01 01:52:26 +00:00
hsbt
b613a2c5ae Merge psych-3.0.0.beta4 from upstream. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-11-27 03:11:18 +00:00
hsbt
0b396d5880 Merge psych-3.0.0.beta3 from ruby/psych. 
* Rely on encoding tags to determine if string should be dumped as binary.
    8949a47b8c
  * Specify "frozen_string_literal: true".
  * Support to binary release for mingw32 platform.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-07-14 06:15:58 +00:00
hsbt
6d77e28763 Import psych-3.0.0.beta1 from ruby/psych. 
* Removed deprecated code.
  * Removed code related syck gem.
  * Fixed typos.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58256 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2017-04-05 13:16:32 +00:00
hsbt
48e251df47 Update psych-2.2.1 
It fixed segmentation fault related with GC.
  https://github.com/ruby/psych/pull/296

  and removed deprecated code of Ruby 1.8.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56944 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-11-30 13:55:02 +00:00
hsbt
a9f63f98ff * ext/psych/*, test/psych/*: Update psych-2.1.1 
This version fixed following pull requests.
  https://github.com/tenderlove/psych/pull/284
  https://github.com/tenderlove/psych/pull/276

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-09-07 03:16:15 +00:00
svn
ae3cb8bc4e * remove trailing spaces. 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55498 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-06-24 09:06:09 +00:00
hsbt
a099c5420c * ext/psych/*, test/psych/*: Upate psych 2.1.0 
This version fixed [Bug #11988][ruby-core:72850]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2016-06-24 09:06:08 +00:00
hsbt
618035b531 * ext/psych/lib/psych.rb: bump version to 2.0.17 
* ext/psych/psych.gemspec: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53237 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-22 11:25:39 +00:00
naruse
c4fdfabcc8 handle ext/ as r53141 
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-16 05:31:54 +00:00
tenderlove
a34e45fd54 * ext/psych/*: update psych to 2.0.16 
* test/psych/*: ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52920 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-12-07 16:58:10 +00:00
hsbt
4a14d94418 * ext/psych/*: merge psych master(8737e5b). It contains following fixes. 
https://github.com/tenderlove/psych/pull/242
  https://github.com/tenderlove/psych/pull/246 [ruby-list:50219]
* test/psych/*: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51741 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-09-02 09:50:00 +00:00
tenderlove
226c6a1bdc * ext/psych/*: update to Psych 2.0.14 
* test/psych/*: ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51657 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-08-21 17:55:23 +00:00
tenderlove
f595568e47 * ext/psych/lib/psych.rb: bump psych version. 
* ext/psych/psych.gemspec: ditto
* ext/psych/yaml/scanner.c: add latest libyaml change.
* test/psych/helper.rb: support newer minitest
* test/psych/test_to_yaml_properties.rb: ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49632 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-02-17 18:17:46 +00:00
tenderlove
6ce27adabe * ext/psych/lib/psych/visitors/to_ruby.rb: fix parsing hashes with 
instance variables when it is referenced multiple times.
* ext/psych/lib/psych.rb: bump version
* ext/psych/psych.gemspec: bump version
* test/psych/test_hash.rb: test for fix

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-01-28 17:37:09 +00:00
tenderlove
136b07aec8 * ext/psych/lib/psych.rb: bump version 
* ext/psych/psych.gemspec: ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-01-16 06:43:08 +00:00
tenderlove
a5c577757e * ext/psych/lib/psych.rb: bump version 
* ext/psych/lib/psych/visitors/yaml_tree.rb: fix line width wrapping
  for long strings.  Thanks Jakub Jirutka <jakub@jirutka.cz>

* test/psych/test_string.rb: test for change

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49275 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2015-01-16 06:37:22 +00:00
hsbt
e599d8d197 * ext/psych/lib/psych.rb: bump version to 2.0.8 
* ext/psych/psych.gemspec: ditto.
* ext/psych/psych_emitter.c: ditto.
* ext/psych/psych_parser.c: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48718 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-12-05 13:43:13 +00:00
tenderlove
4297d55ca9 * ext/psych/lib/psych.rb: bumping version 
* ext/psych/psych.gemspec: ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-12-01 21:48:52 +00:00
tenderlove
e548c09d42 * ext/psych/lib/psych.rb: update version 
* ext/psych/psych.gemspec: ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-09-14 02:04:03 +00:00
hsbt
3a78169e3f * ext/psych/lib/psych.rb: [DOC] Fix a dead link in Psych by @rochefort [ci skip][fix GH-593] 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45577 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-04-13 00:59:40 +00:00
hsbt
e221c6cefc * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to 
libyaml-0.1.6 for CVE-2014-2525.
* ext/psych/yaml/config.h: ditto.
* ext/psych/yaml/scanner.c: ditto.
* ext/psych/yaml/yaml_private.h: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-03-28 00:19:15 +00:00
tenderlove
db17d694ea * ext/psych/lib/psych/visitors/yaml_tree.rb: support dumping Encoding 
objects.

* ext/psych/lib/psych/visitors/to_ruby.rb: support loading Encoding
  objects.

* test/psych/test_encoding.rb: add test

* ext/psych/lib/psych.rb: add version

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45221 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2014-03-01 02:09:53 +00:00