kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity
74388 commits 24 branches 1128 tags 371 MiB
Commit graph

4 commits

Author SHA1 Message Date
Aaron Patterson
c7c2ad5749
[ruby/psych] Introduce Psych.unsafe_load 
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method.  In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE).  People that need to load *trusted* documents can use the
`unsafe_load` method.

This commit introduces the `unsafe_load` method so that people can
incrementally upgrade.  For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.

https://github.com/ruby/psych/commit/cb50aa8d3f
 2021-05-17 11:20:45 +09:00
Hiroshi SHIBATA
53c5a4bbe1 [ruby/psych] Fixed test-case for NaN 
https://github.com/ruby/psych/commit/f85a008263
 2021-05-10 18:53:49 +09:00
hsbt
1c92766bf0 Merge Pysch-3.1.0.pre2 from ruby/psych. 
* Added deprecated warnings for the new interface of keyword argument.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-10-20 04:25:04 +00:00
hsbt
867581dd75 Merge psych-3.1.0.pre1. 
* Update bundled libyaml-0.2.1 from 0.1.7.
    https://github.com/ruby/psych/pull/368
  * Unify Psych's API: To use keyword arguments with method call.
    https://github.com/ruby/psych/pull/358

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
 2018-08-27 00:44:04 +00:00