Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-05-21 | Merge pull request #495 from Shopify/safe-dumpHEADmaster | Aaron Patterson | |
Implement YAML.safe_dump to make safe_load more usable. | |||
2021-05-21 | Merge pull request #493 from mame/load_file-should-use-load-instead-of-safe_load | Aaron Patterson | |
Make YAML.load_file use YAML.load instead of safe_load | |||
2021-05-19 | Implement YAML.safe_dump to make safe_load more usable. | Jean Boussier | |
In case where Psych is used as a two way serializers, e.g. to serialize some cache or config, it is preferable to have the same restrictions on both load and dump. Otherwise you might dump and persist some objects payloads that you later won't be able to read. | |||
2021-05-17 | Make YAML.load_file use YAML.load instead of safe_load | Yusuke Endoh | |
YAML.load and YAML.safe_load are different a little; the former allows Symbol by default but the latter doesn't. So YAML.load_file and YAML.safe_load_file should reflect the difference. Fixes #490 | |||
2021-05-17 | Merge pull request #491 from mame/work-with-older-libyaml | Hiroshi SHIBATA | |
Some tests fail with libyaml 0.1.7 | |||
2021-05-17 | Make the test pass with the old libyaml | Yusuke Endoh | |
I have no idea what result is right, but it fails with libyaml 0.1.7 (bundled with Ubuntu 18.04) anyway. | |||
2021-05-17 | assert_equal accepts an expected value as the first argument | Yusuke Endoh | |
2021-05-13 | Merge pull request #487 from ruby/default-unsafe | Aaron Patterson | |
Use Psych.safe_load by default | |||
2021-05-13 | remove deprecated interface | Aaron Patterson | |
2021-05-13 | Bump version | Aaron Patterson | |
2021-05-13 | Use Psych.safe_load by default | Aaron Patterson | |
Psych.load is not safe for use with untrusted data. Too many applications make the mistake of using `Psych.load` with untrusted data and that ends up with some kind of security vulnerability. This commit changes the default `Psych.load` to use `safe_load`. Users that want to parse trusted data can use Psych.unsafe_load. | |||
2021-05-13 | Merge pull request #488 from ruby/add-unsafe | Aaron Patterson | |
Introduce `Psych.unsafe_load` | |||
2021-05-13 | Introduce `Psych.unsafe_load` | Aaron Patterson | |
In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load *trusted* documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly. | |||
2021-05-10 | Merge pull request #475 from whitehat101/feature/dynamic-scalar-seq-style | Aaron Patterson | |
feat: allow scalars and sequences to be styled when dumped | |||
2021-05-10 | Merge pull request #480 from Shopify/symbolize-name-non-string-keys | Hiroshi SHIBATA | |
Fix symbolize_name with non-string keys | |||
2021-05-10 | Text files should end with a newline | Nobuyoshi Nakada | |
2021-05-10 | Fix -Wundef warnings for patterns `#if HAVE` | Benoit Daloze | |
* See [Feature #17752] * Using this to detect them: git grep -P 'if\s+HAVE' | grep -Pv 'HAVE_LONG_LONG|/ChangeLog|HAVE_TYPEOF' | |||
2021-05-10 | Use assert_raise instead of assert_raises | Hiroshi SHIBATA | |
2021-05-10 | Merge pull request #486 from ruby/avoid-yaml-float-conversion | Hiroshi SHIBATA | |
CI - YAML: Avoid 3.0 -> "3" conversion | |||
2021-05-10 | CI - YAML: Avoid 3.0 -> "3" conversion | Olle Jonsson | |
2021-05-10 | Merge pull request #485 from ruby/test-unit | Hiroshi SHIBATA | |
Use test-unit instead of minitest | |||
2021-05-10 | Removed needless platform detection | Hiroshi SHIBATA | |
2021-05-10 | Import test assertions from ruby/ruby | Hiroshi SHIBATA | |
2021-05-10 | Added 3.0 to GitHub ACtions | Hiroshi SHIBATA | |
2021-05-10 | Use pend instead of skip | Hiroshi SHIBATA | |
2021-05-10 | Fixed test-case for NaN | Hiroshi SHIBATA | |
2021-05-10 | Use Ractor constant for ignoreing condition | Hiroshi SHIBATA | |
2021-05-10 | Use test-unit instead of minitest | Hiroshi SHIBATA | |
2021-04-26 | Merge pull request #484 from kamipo/fix_typos | Hiroshi SHIBATA | |
Fix some typos [ci skip] | |||
2021-04-26 | Fix some typos [ci skip] | Ryuta Kamizono | |
2021-02-25 | Fix symabolize_name with non-string keys | Jean Boussier | |
2021-02-24 | bump version | Aaron Patterson | |
2021-02-24 | Merge pull request #476 from Shopify/symbolize-name-ruby-object | Aaron Patterson | |
Fix custom marshalization with symbolize_names: true | |||
2021-02-23 | Update to latest SnakeYAML | Charles Oliver Nutter | |
Fixes jruby/jruby#6365 | |||
2021-02-15 | Fix custom marshalization with symbolize_names: true | Jean Boussier | |
2021-02-07 | feat: allow scalars and sequences to be styled when dumped | Jeremy Ebler | |
2021-02-06 | Merge pull request #470 from timgates42/bugfix_typo_expressed | Hiroshi SHIBATA | |
docs: fix simple typo, expessed -> expressed | |||
2021-01-30 | Merge pull request #474 from Shopify/cache-load-types-in-to-ruby | Marc-André Lafortune | |
Avoid repeated access to Ractor.current | |||
2021-01-30 | Cache dispatch cache in an instance variable | Jean Boussier | |
2021-01-30 | Cache access to Psych.load_tags in Visitor::ToRuby | Jean Boussier | |
2020-12-23 | Bump version to 3.3.0 | Hiroshi SHIBATA | |
2020-12-23 | Merge pull request #471 from ruby/ractor | Hiroshi SHIBATA | |
Ractor support | |||
2020-12-23 | Skip test_ractor.rb with ruby/psych repo | Hiroshi SHIBATA | |
Because ruby/psych still uses minitest. minitest didn't support assert_ractor provided by test suite of ruby/ruby repo. | |||
2020-12-23 | [ruby/psych] Optimize cache with `compare_by_identity` | Marc-Andre Lafortune | |
Using `compare_by_identity` gives a 4x performance boost on cache hits. Benchmark in https://github.com/JuanitoFatas/fast-ruby/issues/189 | |||
2020-12-23 | [ruby/psych] Make Ractor-ready. | Marc-Andre Lafortune | |
Config is Ractor-local. Benchmarking reveals that using `Ractor.local_storage` for storing cache is similar to accessing a constant (~15% slower). | |||
2020-12-23 | [ruby/psych] Don't use instance variables directly for config | Marc-Andre Lafortune | |
2020-12-23 | [ruby/psych] Avoid methods depending on bindings | Marc-Andre Lafortune | |
Improves Ractor-readiness. | |||
2020-12-23 | [ruby/psych] Freeze constants. | Marc-Andre Lafortune | |
Improves Ractor-readiness. | |||
2020-12-21 | Strip trailing spaces [ci skip] | Nobuyoshi Nakada | |
2020-12-18 | docs: fix simple typo, expessed -> expressed | Tim Gates | |
There is a small typo in ext/psych/yaml/yaml.h. Should read `expressed` rather than `expessed`. |