Ensure YAML safe loading in Rails 6.1, part 2

2022-10-16 01:36:39 -04:00 · 2022-10-16 01:36:39 -04:00 · bce8b193c5
parent 172ac1d747
commit bce8b193c5
4 changed files with 12 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,7 +7,8 @@ recommendations of [keepachangelog.com](http://keepachangelog.com/).

 ### Breaking Changes

- None, but see Dependencies below
+- [PR-1399](https://github.com/paper-trail-gem/paper_trail/pull/1399) - Same
+  change re: `YAML.safe_load` as in 13.0.0, but this time for Rails 6.0 and 6.1.

 ### Dependencies

@ -26,7 +27,7 @@ recommendations of [keepachangelog.com](http://keepachangelog.com/).

 ### Breaking Changes

- The default serializer will now use `YAML.safe_load` unless
+- For Rails >= 7.0, the default serializer will now use `YAML.safe_load` unless
  `ActiveRecord.use_yaml_unsafe_load`. This change only affects users whose
  `versions` table has `object` or `object_changes` columns of type `text`, and
  who use the YAML serializer. People who use the JSON serializer, or those with
--- a/lib/paper_trail/serializers/yaml.rb
+++ b/lib/paper_trail/serializers/yaml.rb
@ -41,8 +41,8 @@ module PaperTrail

      def use_safe_load?
        if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
-          # `use_yaml_unsafe_load` may be removed in the future, at which point safe loading will be
-          # the default.
+          # `use_yaml_unsafe_load` may be removed in the future, at which point
+          # safe loading will be the default.
          !defined?(ActiveRecord.use_yaml_unsafe_load) || !ActiveRecord.use_yaml_unsafe_load
        elsif defined?(ActiveRecord::Base.use_yaml_unsafe_load)
          # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1
@ -53,7 +53,8 @@ module PaperTrail
      end

      def yaml_column_permitted_classes
-        if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
+        if defined?(ActiveRecord.yaml_column_permitted_classes)
+          # Rails >= 7.0.3.1
          ActiveRecord.yaml_column_permitted_classes
        elsif defined?(ActiveRecord::Base.yaml_column_permitted_classes)
          # Rails 5.2.8.1, 6.0.5.1, 6.1.6.1
--- a/spec/dummy_app/config/application.rb
+++ b/spec/dummy_app/config/application.rb
@ -31,11 +31,12 @@ module Dummy
    config.active_support.test_order = :sorted
    config.secret_key_base = "A fox regularly kicked the screaming pile of biscuits."

-    # `use_yaml_unsafe_load` was added in 5.2.8.1, 6.0.5.1, 6.1.6.1, and 7.0.3.1
-    if ::ActiveRecord.gem_version >= Gem::Version.new("7.0.3.1")
+    # `use_yaml_unsafe_load` was added in 5.2.8.1, 6.0.5.1, 6.1.6.1, and 7.0.3.1.
+    # Will be removed in 7.1.0?
+    if ::ActiveRecord.respond_to?(:use_yaml_unsafe_load) # 7.0.3.1
      ::ActiveRecord.use_yaml_unsafe_load = false
      ::ActiveRecord.yaml_column_permitted_classes = YAML_COLUMN_PERMITTED_CLASSES
-    elsif ::ActiveRecord::Base.respond_to?(:use_yaml_unsafe_load)
+    elsif ::ActiveRecord::Base.respond_to?(:use_yaml_unsafe_load) # 5.2.8.1, 6.0.5.1, 6.1.6.1
      ::ActiveRecord::Base.use_yaml_unsafe_load = false
      ::ActiveRecord::Base.yaml_column_permitted_classes = YAML_COLUMN_PERMITTED_CLASSES
    end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -7,7 +7,7 @@ require "simplecov"
 SimpleCov.start do
  add_filter %w[Appraisals Gemfile Rakefile doc gemfiles spec]
 end
-SimpleCov.minimum_coverage(ENV["DB"] == "postgres" ? 97.3 : 92.4)
+SimpleCov.minimum_coverage(ENV["DB"] == "postgres" ? 96.8 : 92.4)

 require "byebug"
 require_relative "support/pt_arel_helpers"