summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-13Use Psych.safe_load by defaultAaron Patterson
Psych.load is not safe for use with untrusted data. Too many applications make the mistake of using `Psych.load` with untrusted data and that ends up with some kind of security vulnerability. This commit changes the default `Psych.load` to use `safe_load`. Users that want to parse trusted data can use Psych.unsafe_load.
2021-05-13Merge pull request #488 from ruby/add-unsafeAaron Patterson
Introduce `Psych.unsafe_load`
2021-05-13Introduce `Psych.unsafe_load`Aaron Patterson
In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load *trusted* documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly.
2021-05-10Merge pull request #475 from whitehat101/feature/dynamic-scalar-seq-styleAaron Patterson
feat: allow scalars and sequences to be styled when dumped
2021-05-10Merge pull request #480 from Shopify/symbolize-name-non-string-keysHiroshi SHIBATA
Fix symbolize_name with non-string keys
2021-05-10Text files should end with a newlineNobuyoshi Nakada
2021-05-10Fix -Wundef warnings for patterns `#if HAVE`Benoit Daloze
* See [Feature #17752] * Using this to detect them: git grep -P 'if\s+HAVE' | grep -Pv 'HAVE_LONG_LONG|/ChangeLog|HAVE_TYPEOF'
2021-05-10Use assert_raise instead of assert_raisesHiroshi SHIBATA
2021-05-10Merge pull request #486 from ruby/avoid-yaml-float-conversionHiroshi SHIBATA
CI - YAML: Avoid 3.0 -> "3" conversion
2021-05-10CI - YAML: Avoid 3.0 -> "3" conversionOlle Jonsson
2021-05-10Merge pull request #485 from ruby/test-unitHiroshi SHIBATA
Use test-unit instead of minitest
2021-05-10Removed needless platform detectionHiroshi SHIBATA
2021-05-10Import test assertions from ruby/rubyHiroshi SHIBATA
2021-05-10Added 3.0 to GitHub ACtionsHiroshi SHIBATA
2021-05-10Use pend instead of skipHiroshi SHIBATA
2021-05-10Fixed test-case for NaNHiroshi SHIBATA
2021-05-10Use Ractor constant for ignoreing conditionHiroshi SHIBATA
2021-05-10Use test-unit instead of minitestHiroshi SHIBATA
2021-04-26Merge pull request #484 from kamipo/fix_typosHiroshi SHIBATA
Fix some typos [ci skip]
2021-04-26Fix some typos [ci skip]Ryuta Kamizono
2021-02-25Fix symabolize_name with non-string keysJean Boussier
2021-02-24bump versionAaron Patterson
2021-02-24Merge pull request #476 from Shopify/symbolize-name-ruby-objectAaron Patterson
Fix custom marshalization with symbolize_names: true
2021-02-23Update to latest SnakeYAMLCharles Oliver Nutter
Fixes jruby/jruby#6365
2021-02-15Fix custom marshalization with symbolize_names: trueJean Boussier
2021-02-07feat: allow scalars and sequences to be styled when dumpedJeremy Ebler
2021-02-06Merge pull request #470 from timgates42/bugfix_typo_expressedHiroshi SHIBATA
docs: fix simple typo, expessed -> expressed
2021-01-30Merge pull request #474 from Shopify/cache-load-types-in-to-rubyMarc-André Lafortune
Avoid repeated access to Ractor.current
2021-01-30Cache dispatch cache in an instance variableJean Boussier
2021-01-30Cache access to Psych.load_tags in Visitor::ToRubyJean Boussier
2020-12-23Bump version to 3.3.0Hiroshi SHIBATA
2020-12-23Merge pull request #471 from ruby/ractorHiroshi SHIBATA
Ractor support
2020-12-23Skip test_ractor.rb with ruby/psych repoHiroshi SHIBATA
Because ruby/psych still uses minitest. minitest didn't support assert_ractor provided by test suite of ruby/ruby repo.
2020-12-23[ruby/psych] Optimize cache with `compare_by_identity`Marc-Andre Lafortune
Using `compare_by_identity` gives a 4x performance boost on cache hits. Benchmark in https://github.com/JuanitoFatas/fast-ruby/issues/189
2020-12-23[ruby/psych] Make Ractor-ready.Marc-Andre Lafortune
Config is Ractor-local. Benchmarking reveals that using `Ractor.local_storage` for storing cache is similar to accessing a constant (~15% slower).
2020-12-23[ruby/psych] Don't use instance variables directly for configMarc-Andre Lafortune
2020-12-23[ruby/psych] Avoid methods depending on bindingsMarc-Andre Lafortune
Improves Ractor-readiness.
2020-12-23[ruby/psych] Freeze constants.Marc-Andre Lafortune
Improves Ractor-readiness.
2020-12-21Strip trailing spaces [ci skip]Nobuyoshi Nakada
2020-12-18docs: fix simple typo, expessed -> expressedTim Gates
There is a small typo in ext/psych/yaml/yaml.h. Should read `expressed` rather than `expessed`.
2020-12-14Bump version to 3.2.1Hiroshi SHIBATA
2020-12-14Merge pull request #459 from tbrisker/patch-1Hiroshi SHIBATA
Remove unneeded assignment and condition
2020-11-18Merge pull request #469 from marcandre/safety_firstAaron Patterson
Add `Psych.safe_load_file`. Tweak doc to provide `safe_` examples.
2020-11-12Add `Psych.safe_load_file`. Tweak doc to provide `safe_` examples.Marc-Andre Lafortune
2020-09-25Removed nonsense `rubygems_version` in input gemspec filesNobuyoshi Nakada
As it is ignored and set at building packages automatically, it is just nonsense to set in gemspec file for input.
2020-09-10Merge pull request #463 from Shopify/load-file-optionsAaron Patterson
Forward keyword arguments in load_file and load_stream
2020-09-10Forward keyword arguments in load_file and load_streamJean Boussier
2020-08-01Remove unneeded assignment and conditionTomer Brisker
Since we already `return fallback` if `result` is falsy, we don't need to check again if it's truthy and reassign the `to_ruby` result.
2020-07-18Bump version to 3.2.0Hiroshi SHIBATA
2020-07-16Merge pull request #458 from headius/remove_private_iv_getCharles Oliver Nutter
Remove private_iv_get
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 16:42:12 +0000