| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| | |
Add strict_integer option to parse numbers with commas as strings
|
| |
| |
| |
| | |
Authored-by: Seth Boyles <sethboyles@gmail.com>
|
|/ |
|
| |
|
|
|
| |
LibYAML has moved from their previous Mercurial based hosting on BitBucket to a git repository on GitHub. This commit updates the `Psych` module's documentation to point to this new repository, instead of the old one which is now a 404.
|
|\
| |
| | |
Implement YAML.safe_dump to make safe_load more usable.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In case where Psych is used as a two way serializers,
e.g. to serialize some cache or config, it is preferable
to have the same restrictions on both load and dump.
Otherwise you might dump and persist some objects payloads
that you later won't be able to read.
|
|/
|
|
|
|
|
|
| |
YAML.load and YAML.safe_load are different a little; the former allows
Symbol by default but the latter doesn't. So YAML.load_file and
YAML.safe_load_file should reflect the difference.
Fixes #490
|
| |
|
|
|
|
|
|
|
|
|
| |
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
|
|
|
|
|
|
|
| |
Config is Ractor-local.
Benchmarking reveals that using `Ractor.local_storage` for storing cache
is similar to accessing a constant (~15% slower).
|
| |
|
|
|
|
| |
Improves Ractor-readiness.
|
|\
| |
| | |
Remove unneeded assignment and condition
|
| |
| |
| | |
Since we already `return fallback` if `result` is falsy, we don't need to check again if it's truthy and reassign the `to_ruby` result.
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
ref. https://github.com/ruby/bigdecimal/pull/149
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is porting ruby/ruby#1992 to upstream.
This PR adds `uplelvel` to deprecation warning of Psych.
The `uplevel` option was introduced from Ruby 2.5.
ruby/psych needs to support Ruby 2.4 or lower.
This PR has `warn_with_uplevel` method emulating
`warn 'message', uplevel: 1` in Ruby 2.4 or lower.
And this PR relaxes the warning.
https://github.com/ruby/ruby/pull/1992#discussion_r227214370
## Summary
The deprecation warning log has been added the following commit.
https://github.com/ruby/ruby/commit/1c92766bf0b7394057c00f576fce5464a3037fd9
The following is deprecation warning log change.
### Example code
```console
% cat /tmp/psych_example.rb
require 'psych'
Psych.load("--- foo\n", nil)
```
### Before
```console
% ruby -v
ruby 2.6.0dev (2018-10-21 trunk 65252) [x86_64-darwin17]
% ruby /tmp/psych_example.rb
warning: Passing filename with the 2nd argument of Psych.load is
deprecated. Use keyword argument like Psych.load(yaml, filename: ...)
instead.
```
### After
This patch helps detect argument locations that are deprecated usage.
```console
% cd /path/to/ruby/repo
% make install
% /usr/local/bin/ruby /tmp/psych_example.rb
/tmp/psych_example.rb:3: warning: Passing filename with the 2nd
argument of Psych.load is deprecated. Use keyword argument like
Psych.load(yaml, filename: ...) instead.
```
## Other Information
This log format refers to the deprecation warning of `ERB.new` in Ruby 2.6+.
https://github.com/ruby/ruby/blob/v2_6_0_preview2/lib/erb.rb#L808
|
|
|
|
|
| |
Replace keyword argumment whitelist_classes and whitelist_symbols.
with permitted_classes and permitted_symbols.
|
| |
|
|
|
|
|
|
| |
to be available since JRuby 9.2.1, avoids Java self-reflecting
Signed-off-by: Charles Oliver Nutter <headius@headius.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This allows calling Psych.load with a fallback argument,
similar to Psych.load_file. Before, for Psych.load this
caused a "NoMethodError: undefined method `to_ruby'".
|
| |
|
|
|
|
|
| |
Add more test cases for the fallback keyword argument of
Psych.load_file; additionally, fix an error in the docs.
|
|\
| |
| | |
Convert fallback option to a keyword argument
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Converting the optional fallback argument to a keyword argument
fixes a problem that is caused by mixing optional arguments and
optional keyword arguments.
Without this change, a hash as fallback value is not handled
correctly: in Psych.load("", nil, {}) the hash is not interpreted
as the fallback value, and the default value for the fallback
argument is used instead.
|
|/
|
|
| |
Mention filename argument and symbolize_names keyword argument.
|
|
|
|
| |
related to #333
|
| |
|
|
|
|
| |
like JSON.parse.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Add optional fallback return value parameter
|
| | |
|