In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
In verbose mode, `test_delegator` in `test/psych/visitors/test_yaml_tree.rb` shows following warning.
https://travis-ci.org/ruby/psych/jobs/562435717#L268
```
/home/travis/build/ruby/psych/test/psych/visitors/test_yaml_tree.rb:10: warning: instance variable @obj not initialized
```
This is because `Psych.load` bypasses #initialize with the #init_with method.
https://github.com/ruby/psych/commit/f99523388f
* Rely on encoding tags to determine if string should be dumped as binary.
8949a47b8c
* Specify "frozen_string_literal: true".
* Support to binary release for mingw32 platform.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It contains following changes from 3.0.0.beta1
* Preserve time zone offset when deserializing times
https://github.com/ruby/psych/pull/316
* Enable YAML serialization of Ruby delegators
https://github.com/ruby/psych/pull/158
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
same thing on every call.
* test/psych/visitors/test_yaml_tree.rb: related test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37350 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
be able to take an emitter object as it's output.
* test/psych/visitors/test_yaml_tree.rb: related test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/psych/lib/psych/nodes/node.rb: Rename `to_yaml` to just `yaml`
in order to avoid YAML::ENGINE switching from replacing this method.
* test/psych/helper.rb: fix tests for method name change.
* test/psych/test_document.rb: ditto
* test/psych/visitors/test_emitter.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33384 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
people implement the method method. Thanks Lin Jen-Shin.
[ruby-core:35255]
* test/psych/visitors/test_yaml_tree.rb: test for implementation of
method method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31075 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
enumerable.
* ext/psych/lib/psych/visitors/depth_first.rb: Add a depth-first
visitor to enumerate over a YAML AST in a depth-first fashion
* test/psych/nodes/test_enumerable.rb: test for enumerating nodes
* test/psych/visitors/test_depth_first.rb: test for depth-first
visitor
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Time#nsec to accurately serialize time objects. [ruby-core:29233]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Alexander Momchilov
Nobuyoshi Nakada
Pavel Rosický
Aaron Patterson
Hiroshi SHIBATA
S-H-GAMELINKS
hsbt
naruse
tenderlove
mame