In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
* Rely on encoding tags to determine if string should be dumped as binary.
8949a47b8c
* Specify "frozen_string_literal: true".
* Support to binary release for mingw32 platform.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
may be passed to the Psych::Coder object.
* ext/psych/lib/psych/visitors/yaml_tree.rb: support for visiting
arbitrary objects set on the coder.
* test/psych/test_coder.rb: supporting test case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30609 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Yusuke Endoh
Aaron Patterson
Jeremy Ebler
hsbt
naruse
tenderlove
xibbar