ruby--ruby

mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

History

Aaron Patterson c7c2ad5749 [ruby/psych] Introduce `Psych.unsafe_load` In future versions of Psych, the `load` method will be mostly the same as the `safe_load` method. In other words, the `load` method won't allow arbitrary object deserialization (which can be used to escalate to an RCE). People that need to load trusted documents can use the `unsafe_load` method. This commit introduces the `unsafe_load` method so that people can incrementally upgrade. For example, if they try to upgrade to 4.0.0 and something breaks, they can downgrade, audit callsites, change to `safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0 smoothly. https://github.com/ruby/psych/commit/cb50aa8d3f		2021-05-17 11:20:45 +09:00
..
lib	[ruby/psych] Introduce `Psych.unsafe_load`	2021-05-17 11:20:45 +09:00
yaml	[ruby/psych] Fix some typos [ci skip]	2021-05-10 19:19:35 +09:00
depend	dependency updates	2021-04-13 14:30:21 +09:00
extconf.rb	ext/psych/extconf.rb: braced VPATH is for nmake only	2019-12-05 17:57:56 +09:00
psych.c	[ruby/psych] Make Ractor-ready.	2020-12-23 01:08:38 -05:00
psych.gemspec	Removed nonsense `rubygems_version` in input gemspec files	2020-06-25 15:44:56 +09:00
psych.h
psych_emitter.c
psych_emitter.h
psych_parser.c	Suppress -Wshorten-64-to-32 warnings	2020-04-08 16:28:38 +09:00
psych_parser.h
psych_to_ruby.c
psych_to_ruby.h
psych_yaml_tree.c	Remove private_iv_get	2020-09-25 13:11:32 +09:00
psych_yaml_tree.h