summaryrefslogtreecommitdiff
path: root/lib/psych.rb
Commit message (Collapse)AuthorAgeFilesLines
* Raise specific error when aliases are not enabledAlexander Momchilov2022-07-271-1/+1
|
* Merge pull request #537 from sethboyles/strict_integer_optionAaron Patterson2022-01-211-6/+7
|\ | | | | Add strict_integer option to parse numbers with commas as strings
| * Add strict_integer option to parse numbers with commas as stringsSeth Boyles2022-01-141-6/+7
| | | | | | | | Authored-by: Seth Boyles <sethboyles@gmail.com>
* | Remove alias of load to unsafe_loadMichael Nikitochkin2022-01-191-1/+0
|/
* Prefer `require_relative` for internal requiresDavid Rodríguez2021-10-061-17/+17
|
* fix: use git repository link for LibYAML in docsRhys Powell2021-07-241-1/+1
| | | LibYAML has moved from their previous Mercurial based hosting on BitBucket to a git repository on GitHub. This commit updates the `Psych` module's documentation to point to this new repository, instead of the old one which is now a 404.
* Merge pull request #495 from Shopify/safe-dumpAaron Patterson2021-05-211-1/+75
|\ | | | | Implement YAML.safe_dump to make safe_load more usable.
| * Implement YAML.safe_dump to make safe_load more usable.Jean Boussier2021-05-191-1/+75
| | | | | | | | | | | | | | | | | | In case where Psych is used as a two way serializers, e.g. to serialize some cache or config, it is preferable to have the same restrictions on both load and dump. Otherwise you might dump and persist some objects payloads that you later won't be able to read.
* | Make YAML.load_file use YAML.load instead of safe_loadYusuke Endoh2021-05-171-2/+11
|/ | | | | | | | YAML.load and YAML.safe_load are different a little; the former allows Symbol by default but the latter doesn't. So YAML.load_file and YAML.safe_load_file should reflect the difference. Fixes #490
* remove deprecated interfaceAaron Patterson2021-05-131-54/+6
|
* Use Psych.safe_load by defaultAaron Patterson2021-05-131-6/+47
| | | | | | | | | Psych.load is not safe for use with untrusted data. Too many applications make the mistake of using `Psych.load` with untrusted data and that ends up with some kind of security vulnerability. This commit changes the default `Psych.load` to use `safe_load`. Users that want to parse trusted data can use Psych.unsafe_load.
* Introduce `Psych.unsafe_load`Aaron Patterson2021-05-131-3/+5
| | | | | | | | | | | | | | In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load *trusted* documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly.
* [ruby/psych] Make Ractor-ready.Marc-Andre Lafortune2020-12-231-3/+23
| | | | | | | Config is Ractor-local. Benchmarking reveals that using `Ractor.local_storage` for storing cache is similar to accessing a constant (~15% slower).
* [ruby/psych] Don't use instance variables directly for configMarc-Andre Lafortune2020-12-231-9/+9
|
* [ruby/psych] Freeze constants.Marc-Andre Lafortune2020-12-231-2/+2
| | | | Improves Ractor-readiness.
* Merge pull request #459 from tbrisker/patch-1Hiroshi SHIBATA2020-12-141-2/+1
|\ | | | | Remove unneeded assignment and condition
| * Remove unneeded assignment and conditionTomer Brisker2020-08-011-2/+1
| | | | | | Since we already `return fallback` if `result` is falsy, we don't need to check again if it's truthy and reassign the `to_ruby` result.
* | Add `Psych.safe_load_file`. Tweak doc to provide `safe_` examples.Marc-Andre Lafortune2020-11-121-3/+21
| |
* | Forward keyword arguments in load_file and load_streamJean Boussier2020-09-101-5/+5
|/
* Implement a freeze load optionJean Boussier2019-11-281-5/+5
|
* Refactor `symbolize_names`Jean Boussier2019-11-281-18/+3
|
* Add a note about safe_loadAaron Patterson2019-10-171-0/+4
|
* Drop to support fat gem support.drop-to-support-fatgemHiroshi SHIBATA2019-07-211-5/+1
| | | | ref. https://github.com/ruby/bigdecimal/pull/149
* Add uplelvel to deprecation warning of PsychKoichi ITO2018-11-231-9/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is porting ruby/ruby#1992 to upstream. This PR adds `uplelvel` to deprecation warning of Psych. The `uplevel` option was introduced from Ruby 2.5. ruby/psych needs to support Ruby 2.4 or lower. This PR has `warn_with_uplevel` method emulating `warn 'message', uplevel: 1` in Ruby 2.4 or lower. And this PR relaxes the warning. https://github.com/ruby/ruby/pull/1992#discussion_r227214370 ## Summary The deprecation warning log has been added the following commit. https://github.com/ruby/ruby/commit/1c92766bf0b7394057c00f576fce5464a3037fd9 The following is deprecation warning log change. ### Example code ```console % cat /tmp/psych_example.rb require 'psych' Psych.load("--- foo\n", nil) ``` ### Before ```console % ruby -v ruby 2.6.0dev (2018-10-21 trunk 65252) [x86_64-darwin17] % ruby /tmp/psych_example.rb warning: Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead. ``` ### After This patch helps detect argument locations that are deprecated usage. ```console % cd /path/to/ruby/repo % make install % /usr/local/bin/ruby /tmp/psych_example.rb /tmp/psych_example.rb:3: warning: Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead. ``` ## Other Information This log format refers to the deprecation warning of `ERB.new` in Ruby 2.6+. https://github.com/ruby/ruby/blob/v2_6_0_preview2/lib/erb.rb#L808
* Use friendlier terminology in YAML.safe_loadJuanito Fatas2018-11-101-12/+12
| | | | | Replace keyword argumment whitelist_classes and whitelist_symbols. with permitted_classes and permitted_symbols.
* Use secure connection for pyyaml.orgEspartaco Palma2018-10-131-1/+1
|
* use newer style of JRuby ext loading when availablekares2018-09-191-1/+6
| | | | | | to be available since JRuby 9.2.1, avoids Java self-reflecting Signed-off-by: Charles Oliver Nutter <headius@headius.com>
* Adding deprecation warnings to Psych unified interfaceGreg Houle2018-07-151-0/+9
|
* unifying interface of PsychGreg Houle2018-07-131-35/+82
|
* Add docs for fallback keyword argument of Psych.loadMarcus Stollsteimer2018-04-241-2/+3
|
* Fix fallback argument for Psych.loadMarcus Stollsteimer2018-04-241-2/+2
| | | | | | This allows calling Psych.load with a fallback argument, similar to Psych.load_file. Before, for Psych.load this caused a "NoMethodError: undefined method `to_ruby'".
* Document #dump optionszverok2018-03-021-2/+20
|
* Add more test cases for fallback of Psych.load_fileMarcus Stollsteimer2017-12-191-1/+1
| | | | | Add more test cases for the fallback keyword argument of Psych.load_file; additionally, fix an error in the docs.
* Merge pull request #342 from stomar/fallback-keywordSHIBATA Hiroshi2017-12-191-5/+5
|\ | | | | Convert fallback option to a keyword argument
| * Convert fallback option to a keyword argumentMarcus Stollsteimer2017-12-021-5/+5
| | | | | | | | | | | | | | | | | | | | | | Converting the optional fallback argument to a keyword argument fixes a problem that is caused by mixing optional arguments and optional keyword arguments. Without this change, a hash as fallback value is not handled correctly: in Psych.load("", nil, {}) the hash is not interpreted as the fallback value, and the default value for the fallback argument is used instead.
* | Improve docs for Psych.safe_loadMarcus Stollsteimer2017-12-011-0/+10
|/ | | | Mention filename argument and symbolize_names keyword argument.
* Add :symbolize_names option to .safe_load tooTakashi Kokubun2017-11-301-2/+4
| | | | related to #333
* Document symbolize_names keyword argument of Psych.loadMarcus Stollsteimer2017-11-281-0/+7
|
* Add :symbolize_names option to Psych.loadTakashi Kokubun2017-11-251-2/+17
| | | | like JSON.parse.
* Fixup Recorder example documentationPete Kinnecom2017-09-211-4/+5
|
* Fixed path for mingw binarycrossSHIBATA Hiroshi2017-07-121-1/+1
|
* Added cross compilation task for mingw platformSHIBATA Hiroshi2017-07-121-1/+5
|
* make frozen_string_literal: truefrozenSHIBATA Hiroshi2017-06-191-1/+1
|
* Remove to_yaml_propatiesSHIBATA Hiroshi2017-03-271-1/+0
|
* Unify Psych version constants to psych/versions.rb.SHIBATA Hiroshi2016-11-181-3/+1
|
* fix version constantAaron Patterson2016-11-171-1/+1
|
* bump version to 2.1.1v2.1.1SHIBATA Hiroshi2016-09-071-2/+2
|
* bump version to 2.1.0v2.1.0SHIBATA Hiroshi2016-06-241-1/+1
|
* Merge pull request #264 from tuexss/load_file-defaultAaron Patterson2016-06-241-7/+12
|\ | | | | Add optional fallback return value parameter
| * Add optional fallback return value parametertuexss2016-01-081-7/+12
| |
View Lorry Controller Status