| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-06-08 | Drop Ruby <3.0.1 supportcr/drop_ruby_2.x.x | cos | |
| There might be a more appropriate release number somewhere in between of the current value and the one suggested. The aim of the change is to block gem from updating it on unsupported Ruby versions, making upgrades of psych no longer break ruby2.5 installations. | |||
| 2021-06-08 | Merge pull request #506 from mame/ci-with-libyaml-0.1.7 | Hiroshi SHIBATA | |
| Add a CI configuration with libyaml 0.1.7 | |||
| 2021-06-07 | Fix the test that does not work with libyaml-0.1.7 | Yusuke Endoh | |
| 2021-06-07 | Add a CI configuration with libyaml 0.1.7 | Yusuke Endoh | |
| 2021-06-07 | Do not use YAML module in tests of Psych | Hiroshi SHIBATA | |
| 2021-06-07 | Use assert_raise instead of assert_raises | Hiroshi SHIBATA | |
| 2021-06-07 | test/psych/test_coder.rb: Suppress non-parenthesis warnings | Yusuke Endoh | |
| http://rubyci.s3.amazonaws.com/debian9/ruby-master/log/20210518T093002Z.log.html.gz ``` /home/chkbuild/chkbuild/tmp/build/20210518T093002Z/ruby/test/psych/test_coder.rb:277: warning: ambiguity between regexp and two divisions: wrap regexp in parentheses or add a space after `/' operator ``` | |||
| 2021-06-07 | Suppress debug message | Nobuyoshi Nakada | |
| 2021-06-07 | Bump version to 4.0.1 | Hiroshi SHIBATA | |
| 2021-06-04 | Merge pull request #481 from headius/jruby_updates | Charles Oliver Nutter | |
| JRuby updates and fixes | |||
| 2021-05-21 | Merge pull request #495 from Shopify/safe-dumpHEADmaster | Aaron Patterson | |
| Implement YAML.safe_dump to make safe_load more usable. | |||
| 2021-05-21 | Merge pull request #493 from mame/load_file-should-use-load-instead-of-safe_load | Aaron Patterson | |
| Make YAML.load_file use YAML.load instead of safe_load | |||
| 2021-05-19 | Implement YAML.safe_dump to make safe_load more usable. | Jean Boussier | |
| In case where Psych is used as a two way serializers, e.g. to serialize some cache or config, it is preferable to have the same restrictions on both load and dump. Otherwise you might dump and persist some objects payloads that you later won't be able to read. | |||
| 2021-05-17 | Make YAML.load_file use YAML.load instead of safe_load | Yusuke Endoh | |
| YAML.load and YAML.safe_load are different a little; the former allows Symbol by default but the latter doesn't. So YAML.load_file and YAML.safe_load_file should reflect the difference. Fixes #490 | |||
| 2021-05-17 | Merge pull request #491 from mame/work-with-older-libyaml | Hiroshi SHIBATA | |
| Some tests fail with libyaml 0.1.7 | |||
| 2021-05-17 | Make the test pass with the old libyaml | Yusuke Endoh | |
| I have no idea what result is right, but it fails with libyaml 0.1.7 (bundled with Ubuntu 18.04) anyway. | |||
| 2021-05-17 | assert_equal accepts an expected value as the first argument | Yusuke Endoh | |
| 2021-05-13 | Merge pull request #487 from ruby/default-unsafe | Aaron Patterson | |
| Use Psych.safe_load by default | |||
| 2021-05-13 | remove deprecated interface | Aaron Patterson | |
| 2021-05-13 | Bump version | Aaron Patterson | |
| 2021-05-13 | Use Psych.safe_load by default | Aaron Patterson | |
| Psych.load is not safe for use with untrusted data. Too many applications make the mistake of using `Psych.load` with untrusted data and that ends up with some kind of security vulnerability. This commit changes the default `Psych.load` to use `safe_load`. Users that want to parse trusted data can use Psych.unsafe_load. | |||
| 2021-05-13 | Merge pull request #488 from ruby/add-unsafe | Aaron Patterson | |
| Introduce `Psych.unsafe_load` | |||
| 2021-05-13 | Introduce `Psych.unsafe_load` | Aaron Patterson | |
| In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load *trusted* documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly. | |||
| 2021-05-10 | Merge pull request #475 from whitehat101/feature/dynamic-scalar-seq-style | Aaron Patterson | |
| feat: allow scalars and sequences to be styled when dumped | |||
| 2021-05-10 | Merge pull request #480 from Shopify/symbolize-name-non-string-keys | Hiroshi SHIBATA | |
| Fix symbolize_name with non-string keys | |||
| 2021-05-10 | Text files should end with a newline | Nobuyoshi Nakada | |
| 2021-05-10 | Fix -Wundef warnings for patterns `#if HAVE` | Benoit Daloze | |
| * See [Feature #17752] * Using this to detect them: git grep -P 'if\s+HAVE' | grep -Pv 'HAVE_LONG_LONG|/ChangeLog|HAVE_TYPEOF' | |||
| 2021-05-10 | Use assert_raise instead of assert_raises | Hiroshi SHIBATA | |
| 2021-05-10 | Merge pull request #486 from ruby/avoid-yaml-float-conversion | Hiroshi SHIBATA | |
| CI - YAML: Avoid 3.0 -> "3" conversion | |||
| 2021-05-10 | CI - YAML: Avoid 3.0 -> "3" conversion | Olle Jonsson | |
| 2021-05-10 | Merge pull request #485 from ruby/test-unit | Hiroshi SHIBATA | |
| Use test-unit instead of minitest | |||
| 2021-05-10 | Removed needless platform detection | Hiroshi SHIBATA | |
| 2021-05-10 | Import test assertions from ruby/ruby | Hiroshi SHIBATA | |
| 2021-05-10 | Added 3.0 to GitHub ACtions | Hiroshi SHIBATA | |
| 2021-05-10 | Use pend instead of skip | Hiroshi SHIBATA | |
| 2021-05-10 | Fixed test-case for NaN | Hiroshi SHIBATA | |
| 2021-05-10 | Use Ractor constant for ignoreing condition | Hiroshi SHIBATA | |
| 2021-05-10 | Use test-unit instead of minitest | Hiroshi SHIBATA | |
| 2021-04-26 | Merge pull request #484 from kamipo/fix_typos | Hiroshi SHIBATA | |
| Fix some typos [ci skip] | |||
| 2021-04-26 | Fix some typos [ci skip] | Ryuta Kamizono | |
| 2021-02-25 | Minor optimization: defer runtime access | Charles Oliver Nutter | |
| 2021-02-25 | Minor optimization | Charles Oliver Nutter | |
| 2021-02-25 | Clean up type checks and trancodes | Charles Oliver Nutter | |
| 2021-02-25 | Make malformed input noisy | Charles Oliver Nutter | |
| parse should reject input encoded incorrectly. The default behavior for InputStreamReader is to replace malformed characters, which causes one exception-expecting test to fail. This patch changes the behavior to report malformed input, which can then be reraised as a syntax error. | |||
| 2021-02-25 | Skip deprecated require form | Charles Oliver Nutter | |
| 2021-02-25 | Flush writer after each emit | Charles Oliver Nutter | |
| OutputStreamWriter from JDK buffers outgoing bytes with a 8k buffer, which causes some small document emits to never make it into the outgoing stream unless that stream gets flushed or closed. | |||
| 2021-02-25 | Negotiate to utf-8 in scalar | Charles Oliver Nutter | |
| 2021-02-25 | Fix symabolize_name with non-string keys | Jean Boussier | |
| 2021-02-24 | bump version | Aaron Patterson | |
| 2021-02-24 | Merge pull request #476 from Shopify/symbolize-name-ruby-object | Aaron Patterson | |
| Fix custom marshalization with symbolize_names: true | |||
 |
index : psych | |
| A libyaml wrapper for Ruby | cos |
| summaryrefslogtreecommitdiff |