| Age | Commit message (Collapse) | Author |
|---|
|
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
|
|
feat: allow scalars and sequences to be styled when dumped
|
|
Fix symbolize_name with non-string keys
|
|
|
|
|
|
|
|
Fix custom marshalization with symbolize_names: true
|
|
Fixes jruby/jruby#6365
|
|
|
|
|
|
|
|
|
|
|
|
Using `compare_by_identity` gives a 4x performance boost on cache hits.
Benchmark in https://github.com/JuanitoFatas/fast-ruby/issues/189
|
|
Config is Ractor-local.
Benchmarking reveals that using `Ractor.local_storage` for storing cache
is similar to accessing a constant (~15% slower).
|
|
|
|
Improves Ractor-readiness.
|
|
Improves Ractor-readiness.
|
|
|
|
Remove unneeded assignment and condition
|
|
|
|
|
|
Since we already `return fallback` if `result` is falsy, we don't need to check again if it's truthy and reassign the `to_ruby` result.
|
|
|
|
The only remaining use of this function was to get the internal
message object from an exception's hidden `mesg` instance
variable to allow it to be dumped wiithout converting to a string.
As discussed in #103, this exposes internal implementation details
of CRuby, and ultimately does not provide any real utility to the
user since they can't directly inspect this hidden variable. The
test change here is to reflect CRuby behavior that denies equality
if the internal message objects do not match, as is the case after
the exception has been loaded and now has a simple String value.
The impact to users is that exceptions with special hidden message
objects will convert those objects to String during marshaling
through YAML. I believe this only affects NameError and its
descendants, since users can't set this field directly on their
own exception types.
Fixes #103.
|
|
|
|
to version 1.26
|
|
|
|
Fix ArgumentError with leading and trailing underscores in number str…
|
|
Removing it triggers the following warnings when running `bundle` under
jruby from the root of the `psych` repo prints the following warnings:
```
/path/to/jruby-9.2.9.0/lib/ruby/gems/shared/gems/psych-3.1.0-java/lib/psych/versions.rb:7: warning: already initialized constant VERSION
/path/to//jruby-9.2.9.0/lib/ruby/gems/shared/gems/psych-3.1.0-java/lib/psych/versions.rb:10: warning: already initialized constant DEFAULT_SNAKEYAML_VERSION
```
This is because bundler loads the versions file relatively from the
local gemspec, and then internally loads the psych gem, causing the
redefinition warnings.
Instead, we modify the $LOAD_PATH so that when working locally on the
`psych` repo, the local version of `psych` gets used.
|
|
|
|
|
|
|
|
|
|
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
I'm not sure if the untaint calls in deduplicate are still needed
after the removal of tainting in the parser. If they are not
needed, they should be removed.
|
|
|
|
|
|
ref. https://github.com/ruby/bigdecimal/pull/149
|
|
|
|
|
|
|
|
When the Hash is revived, the ivars will be set before elements. This
is for the case when the hash setter depends on ivars set on the hash.
|
|
This commit allows exception backtraces to round trip
|
|
|
|
Dumping the backtrace for exceptions never worked, so lets remove it.
|
|
|
|
This is porting ruby/ruby#1992 to upstream.
This PR adds `uplelvel` to deprecation warning of Psych.
The `uplevel` option was introduced from Ruby 2.5.
ruby/psych needs to support Ruby 2.4 or lower.
This PR has `warn_with_uplevel` method emulating
`warn 'message', uplevel: 1` in Ruby 2.4 or lower.
And this PR relaxes the warning.
https://github.com/ruby/ruby/pull/1992#discussion_r227214370
## Summary
The deprecation warning log has been added the following commit.
https://github.com/ruby/ruby/commit/1c92766bf0b7394057c00f576fce5464a3037fd9
The following is deprecation warning log change.
### Example code
```console
% cat /tmp/psych_example.rb
require 'psych'
Psych.load("--- foo\n", nil)
```
### Before
```console
% ruby -v
ruby 2.6.0dev (2018-10-21 trunk 65252) [x86_64-darwin17]
% ruby /tmp/psych_example.rb
warning: Passing filename with the 2nd argument of Psych.load is
deprecated. Use keyword argument like Psych.load(yaml, filename: ...)
instead.
```
### After
This patch helps detect argument locations that are deprecated usage.
```console
% cd /path/to/ruby/repo
% make install
% /usr/local/bin/ruby /tmp/psych_example.rb
/tmp/psych_example.rb:3: warning: Passing filename with the 2nd
argument of Psych.load is deprecated. Use keyword argument like
Psych.load(yaml, filename: ...) instead.
```
## Other Information
This log format refers to the deprecation warning of `ERB.new` in Ruby 2.6+.
https://github.com/ruby/ruby/blob/v2_6_0_preview2/lib/erb.rb#L808
|
|
Replace keyword argumment whitelist_classes and whitelist_symbols.
with permitted_classes and permitted_symbols.
|
|
|
|
|
