brakeman 6.0.1 → 6.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (421) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +23 -0
  3. data/bundle/load.rb +13 -14
  4. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/Changelog.md +18 -0
  5. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/README.md +37 -1
  6. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/highline.gemspec +3 -1
  7. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/io_console_compatible.rb +1 -1
  8. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/question/answer_converter.rb +2 -5
  9. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/question.rb +23 -13
  10. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/question_asker.rb +3 -1
  11. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/terminal/io_console.rb +1 -1
  12. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/terminal/unix_stty.rb +6 -4
  13. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/terminal.rb +7 -5
  14. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/version.rb +1 -1
  15. data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline.rb +18 -5
  16. data/bundle/ruby/3.3.0/gems/parallel-1.24.0/lib/parallel/version.rb +4 -0
  17. data/bundle/ruby/{3.1.0/gems/parallel-1.23.0 → 3.3.0/gems/parallel-1.24.0}/lib/parallel.rb +25 -1
  18. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/NEWS.md +100 -2
  19. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/README.md +10 -1
  20. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/attribute.rb +14 -9
  21. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/document.rb +1 -1
  22. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/element.rb +3 -3
  23. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/entity.rb +25 -15
  24. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/formatters/pretty.rb +2 -2
  25. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/namespace.rb +8 -4
  26. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/xpathparser.rb +136 -86
  27. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/rexml.rb +3 -1
  28. data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/text.rb +6 -4
  29. data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/History.rdoc +6 -0
  30. data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/pt_testcase.rb +1 -1
  31. data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/sexp_processor.rb +1 -1
  32. data/lib/brakeman/checks/check_eol_ruby.rb +1 -0
  33. data/lib/brakeman/checks/check_ransack.rb +53 -0
  34. data/lib/brakeman/checks/check_render.rb +6 -1
  35. data/lib/brakeman/checks/check_session_settings.rb +2 -3
  36. data/lib/brakeman/checks/check_sql.rb +1 -1
  37. data/lib/brakeman/options.rb +4 -0
  38. data/lib/brakeman/processors/alias_processor.rb +8 -4
  39. data/lib/brakeman/processors/lib/module_helper.rb +31 -1
  40. data/lib/brakeman/processors/library_processor.rb +6 -0
  41. data/lib/brakeman/report/pager.rb +1 -1
  42. data/lib/brakeman/scanner.rb +104 -42
  43. data/lib/brakeman/tracker/controller.rb +14 -10
  44. data/lib/brakeman/tracker.rb +1 -1
  45. data/lib/brakeman/version.rb +1 -1
  46. data/lib/brakeman/warning_codes.rb +1 -0
  47. data/lib/brakeman.rb +2 -3
  48. metadata +388 -404
  49. data/bundle/ruby/3.1.0/gems/parallel-1.23.0/lib/parallel/version.rb +0 -4
  50. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/CHANGES.md +0 -154
  51. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/Gemfile +0 -11
  52. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/LICENSE.txt +0 -22
  53. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/README.md +0 -191
  54. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/bundle_install_all_ruby_versions.sh +0 -11
  55. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/deep.rb +0 -34
  56. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/libyaml_checker.rb +0 -36
  57. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/load.rb +0 -181
  58. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/date.rb +0 -37
  59. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb +0 -12
  60. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb +0 -26
  61. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb +0 -99
  62. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb +0 -52
  63. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb +0 -94
  64. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb +0 -29
  65. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb +0 -39
  66. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb +0 -36
  67. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb +0 -43
  68. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb +0 -38
  69. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb +0 -21
  70. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb +0 -13
  71. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb +0 -33
  72. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb +0 -26
  73. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb +0 -18
  74. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb +0 -17
  75. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb +0 -47
  76. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform.rb +0 -41
  77. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml/version.rb +0 -3
  78. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/lib/safe_yaml.rb +0 -94
  79. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/run_specs_all_ruby_versions.sh +0 -38
  80. data/bundle/ruby/3.1.0/gems/safe_yaml-1.0.5/safe_yaml.gemspec +0 -19
  81. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/CHANGES.txt +0 -0
  82. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/MIT-LICENSE +0 -0
  83. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/README.txt +0 -0
  84. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/contrib/erubis +0 -0
  85. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/contrib/erubis-run.rb +0 -0
  86. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/contrib/inline-require +0 -0
  87. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/context.rb +0 -0
  88. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/converter.rb +0 -0
  89. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/ec.rb +0 -0
  90. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/ecpp.rb +0 -0
  91. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/ejava.rb +0 -0
  92. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/ejavascript.rb +0 -0
  93. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/enhanced.rb +0 -0
  94. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/eperl.rb +0 -0
  95. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/ephp.rb +0 -0
  96. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/eruby.rb +0 -0
  97. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/escheme.rb +0 -0
  98. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine/optimized.rb +0 -0
  99. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/engine.rb +0 -0
  100. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/enhancer.rb +0 -0
  101. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/error.rb +0 -0
  102. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/evaluator.rb +0 -0
  103. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/generator.rb +0 -0
  104. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/helper.rb +0 -0
  105. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_form_helper.rb +0 -0
  106. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/helpers/rails_helper.rb +0 -0
  107. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/local-setting.rb +0 -0
  108. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/main.rb +0 -0
  109. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/preprocessing.rb +0 -0
  110. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/tiny.rb +0 -0
  111. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis/util.rb +0 -0
  112. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/lib/erubis.rb +0 -0
  113. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/erubis-2.7.0/setup.rb +0 -0
  114. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/CHANGELOG.md +0 -0
  115. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/FAQ.md +0 -0
  116. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/Gemfile +0 -0
  117. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/MIT-LICENSE +0 -0
  118. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/README.md +0 -0
  119. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/REFERENCE.md +0 -0
  120. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/TODO +0 -0
  121. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/haml.gemspec +0 -0
  122. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/attribute_builder.rb +0 -0
  123. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/attribute_compiler.rb +0 -0
  124. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/attribute_parser.rb +0 -0
  125. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/buffer.rb +0 -0
  126. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/compiler.rb +0 -0
  127. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/engine.rb +0 -0
  128. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/error.rb +0 -0
  129. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/escapable.rb +0 -0
  130. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/exec.rb +0 -0
  131. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/filters.rb +0 -0
  132. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/generator.rb +0 -0
  133. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_extensions.rb +0 -0
  134. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_mods.rb +0 -0
  135. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers/action_view_xss_mods.rb +0 -0
  136. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubi_template.rb +0 -0
  137. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers/safe_erubis_template.rb +0 -0
  138. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers/xss_mods.rb +0 -0
  139. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/helpers.rb +0 -0
  140. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/options.rb +0 -0
  141. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/parser.rb +0 -0
  142. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/plugin.rb +0 -0
  143. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/railtie.rb +0 -0
  144. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/sass_rails_filter.rb +0 -0
  145. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/template/options.rb +0 -0
  146. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/template.rb +0 -0
  147. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/temple_engine.rb +0 -0
  148. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/temple_line_counter.rb +0 -0
  149. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/util.rb +0 -0
  150. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml/version.rb +0 -0
  151. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/lib/haml.rb +0 -0
  152. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/yard/default/fulldoc/html/css/common.sass +0 -0
  153. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/haml-5.2.2/yard/default/layout/html/footer.erb +0 -0
  154. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/AUTHORS +0 -0
  155. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/COPYING +0 -0
  156. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/Gemfile +0 -0
  157. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/LICENSE +0 -0
  158. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/TODO +0 -0
  159. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/builtin_styles.rb +0 -0
  160. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/color_scheme.rb +0 -0
  161. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/compatibility.rb +0 -0
  162. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/custom_errors.rb +0 -0
  163. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/import.rb +0 -0
  164. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/list.rb +0 -0
  165. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/list_renderer.rb +0 -0
  166. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/menu/item.rb +0 -0
  167. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/menu.rb +0 -0
  168. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/paginator.rb +0 -0
  169. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/simulate.rb +0 -0
  170. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/statement.rb +0 -0
  171. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/string.rb +0 -0
  172. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/string_extensions.rb +0 -0
  173. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/style.rb +0 -0
  174. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/template_renderer.rb +0 -0
  175. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/terminal/ncurses.rb +0 -0
  176. /data/bundle/ruby/{3.1.0/gems/highline-2.1.0 → 3.3.0/gems/highline-3.0.1}/lib/highline/wrapper.rb +0 -0
  177. /data/bundle/ruby/{3.1.0/gems/parallel-1.23.0 → 3.3.0/gems/parallel-1.24.0}/MIT-LICENSE.txt +0 -0
  178. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/LICENSE.txt +0 -0
  179. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/attlistdecl.rb +0 -0
  180. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/cdata.rb +0 -0
  181. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/child.rb +0 -0
  182. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/comment.rb +0 -0
  183. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/doctype.rb +0 -0
  184. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/dtd/attlistdecl.rb +0 -0
  185. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/dtd/dtd.rb +0 -0
  186. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/dtd/elementdecl.rb +0 -0
  187. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/dtd/entitydecl.rb +0 -0
  188. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/dtd/notationdecl.rb +0 -0
  189. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/encoding.rb +0 -0
  190. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/formatters/default.rb +0 -0
  191. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/formatters/transitive.rb +0 -0
  192. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/functions.rb +0 -0
  193. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/instruction.rb +0 -0
  194. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/light/node.rb +0 -0
  195. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/node.rb +0 -0
  196. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/output.rb +0 -0
  197. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parent.rb +0 -0
  198. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parseexception.rb +0 -0
  199. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/baseparser.rb +0 -0
  200. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/lightparser.rb +0 -0
  201. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/pullparser.rb +0 -0
  202. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/sax2parser.rb +0 -0
  203. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/streamparser.rb +0 -0
  204. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/treeparser.rb +0 -0
  205. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/parsers/ultralightparser.rb +0 -0
  206. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/quickpath.rb +0 -0
  207. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/sax2listener.rb +0 -0
  208. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/security.rb +0 -0
  209. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/source.rb +0 -0
  210. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/streamlistener.rb +0 -0
  211. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/undefinednamespaceexception.rb +0 -0
  212. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/validation/relaxng.rb +0 -0
  213. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/validation/validation.rb +0 -0
  214. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/validation/validationexception.rb +0 -0
  215. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/xmldecl.rb +0 -0
  216. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/xmltokens.rb +0 -0
  217. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/xpath.rb +0 -0
  218. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml/xpath_parser.rb +0 -0
  219. /data/bundle/ruby/{3.1.0/gems/rexml-3.2.5 → 3.3.0/gems/rexml-3.2.6}/lib/rexml.rb +0 -0
  220. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby2ruby-2.4.4/History.rdoc +0 -0
  221. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby2ruby-2.4.4/Manifest.txt +0 -0
  222. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby2ruby-2.4.4/README.rdoc +0 -0
  223. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby2ruby-2.4.4/lib/ruby2ruby.rb +0 -0
  224. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/History.rdoc +0 -0
  225. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/Manifest.txt +0 -0
  226. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/README.rdoc +0 -0
  227. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/compare/normalize.rb +0 -0
  228. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/debugging.md +0 -0
  229. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/gauntlet.md +0 -0
  230. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/rp_extensions.rb +0 -0
  231. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/rp_stringscanner.rb +0 -0
  232. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby20_parser.rb +0 -0
  233. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby20_parser.y +0 -0
  234. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby21_parser.rb +0 -0
  235. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby21_parser.y +0 -0
  236. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby22_parser.rb +0 -0
  237. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby22_parser.y +0 -0
  238. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby23_parser.rb +0 -0
  239. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby23_parser.y +0 -0
  240. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby24_parser.rb +0 -0
  241. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby24_parser.y +0 -0
  242. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby25_parser.rb +0 -0
  243. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby25_parser.y +0 -0
  244. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby26_parser.rb +0 -0
  245. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby26_parser.y +0 -0
  246. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby27_parser.rb +0 -0
  247. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby27_parser.y +0 -0
  248. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby30_parser.rb +0 -0
  249. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby30_parser.y +0 -0
  250. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby31_parser.rb +0 -0
  251. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby31_parser.y +0 -0
  252. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby32_parser.rb +0 -0
  253. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby32_parser.y +0 -0
  254. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby3_parser.yy +0 -0
  255. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer.rb +0 -0
  256. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer.rex +0 -0
  257. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer.rex.rb +0 -0
  258. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_lexer_strings.rb +0 -0
  259. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_parser.rb +0 -0
  260. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_parser.yy +0 -0
  261. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/lib/ruby_parser_extras.rb +0 -0
  262. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/tools/munge.rb +0 -0
  263. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/ruby_parser-3.20.3/tools/ripper.rb +0 -0
  264. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/Manifest.txt +0 -0
  265. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/README.rdoc +0 -0
  266. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/composite_sexp_processor.rb +0 -0
  267. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/sexp.rb +0 -0
  268. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/sexp_matcher.rb +0 -0
  269. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/strict_sexp.rb +0 -0
  270. /data/bundle/ruby/{3.1.0/gems/sexp_processor-4.17.0 → 3.3.0/gems/sexp_processor-4.17.1}/lib/unique.rb +0 -0
  271. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/CHANGES +0 -0
  272. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/Gemfile +0 -0
  273. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/LICENSE +0 -0
  274. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/README.jp.md +0 -0
  275. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/README.md +0 -0
  276. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/code_attributes.rb +0 -0
  277. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/command.rb +0 -0
  278. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/controls.rb +0 -0
  279. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/do_inserter.rb +0 -0
  280. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/embedded.rb +0 -0
  281. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/end_inserter.rb +0 -0
  282. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/engine.rb +0 -0
  283. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/erb_converter.rb +0 -0
  284. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/filter.rb +0 -0
  285. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/grammar.rb +0 -0
  286. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/include.rb +0 -0
  287. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/interpolation.rb +0 -0
  288. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/logic_less/context.rb +0 -0
  289. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/logic_less/filter.rb +0 -0
  290. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/logic_less.rb +0 -0
  291. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/parser.rb +0 -0
  292. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/smart/escaper.rb +0 -0
  293. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/smart/filter.rb +0 -0
  294. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/smart/parser.rb +0 -0
  295. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/smart.rb +0 -0
  296. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/splat/builder.rb +0 -0
  297. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/splat/filter.rb +0 -0
  298. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/template.rb +0 -0
  299. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/translator.rb +0 -0
  300. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim/version.rb +0 -0
  301. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/lib/slim.rb +0 -0
  302. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/slim-4.1.0/slim.gemspec +0 -0
  303. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/CHANGES +0 -0
  304. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/EXPRESSIONS.md +0 -0
  305. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/Gemfile +0 -0
  306. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/LICENSE +0 -0
  307. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/README.md +0 -0
  308. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/engine.rb +0 -0
  309. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/erb/engine.rb +0 -0
  310. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/erb/parser.rb +0 -0
  311. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/erb/template.rb +0 -0
  312. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/erb/trimming.rb +0 -0
  313. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/exceptions.rb +0 -0
  314. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filter.rb +0 -0
  315. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/code_merger.rb +0 -0
  316. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/control_flow.rb +0 -0
  317. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/dynamic_inliner.rb +0 -0
  318. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/encoding.rb +0 -0
  319. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/eraser.rb +0 -0
  320. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/escapable.rb +0 -0
  321. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/multi_flattener.rb +0 -0
  322. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/remove_bom.rb +0 -0
  323. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/static_analyzer.rb +0 -0
  324. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/static_merger.rb +0 -0
  325. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/string_splitter.rb +0 -0
  326. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/filters/validator.rb +0 -0
  327. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/generator.rb +0 -0
  328. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/generators/array.rb +0 -0
  329. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/generators/array_buffer.rb +0 -0
  330. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/generators/erb.rb +0 -0
  331. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/generators/rails_output_buffer.rb +0 -0
  332. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/generators/string_buffer.rb +0 -0
  333. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/grammar.rb +0 -0
  334. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/attribute_merger.rb +0 -0
  335. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/attribute_remover.rb +0 -0
  336. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/attribute_sorter.rb +0 -0
  337. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/dispatcher.rb +0 -0
  338. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/fast.rb +0 -0
  339. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/filter.rb +0 -0
  340. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/pretty.rb +0 -0
  341. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/html/safe.rb +0 -0
  342. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/map.rb +0 -0
  343. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/mixins/dispatcher.rb +0 -0
  344. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/mixins/engine_dsl.rb +0 -0
  345. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/mixins/grammar_dsl.rb +0 -0
  346. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/mixins/options.rb +0 -0
  347. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/mixins/template.rb +0 -0
  348. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/parser.rb +0 -0
  349. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/static_analyzer.rb +0 -0
  350. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/templates/rails.rb +0 -0
  351. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/templates/tilt.rb +0 -0
  352. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/templates.rb +0 -0
  353. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/utils.rb +0 -0
  354. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple/version.rb +0 -0
  355. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/lib/temple.rb +0 -0
  356. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/temple-0.8.2/temple.gemspec +0 -0
  357. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/Gemfile +0 -0
  358. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/History.rdoc +0 -0
  359. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/LICENSE.txt +0 -0
  360. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/Manifest +0 -0
  361. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/README.rdoc +0 -0
  362. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/Todo.rdoc +0 -0
  363. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/cell.rb +0 -0
  364. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/import.rb +0 -0
  365. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/row.rb +0 -0
  366. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/separator.rb +0 -0
  367. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/style.rb +0 -0
  368. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/table.rb +0 -0
  369. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/table_helper.rb +0 -0
  370. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table/version.rb +0 -0
  371. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/lib/terminal-table.rb +0 -0
  372. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/terminal-table-1.8.0/terminal-table.gemspec +0 -0
  373. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/COPYING +0 -0
  374. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/asciidoc.rb +0 -0
  375. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/babel.rb +0 -0
  376. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/bluecloth.rb +0 -0
  377. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/builder.rb +0 -0
  378. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/coffee.rb +0 -0
  379. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/commonmarker.rb +0 -0
  380. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/creole.rb +0 -0
  381. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/csv.rb +0 -0
  382. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/dummy.rb +0 -0
  383. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/erb.rb +0 -0
  384. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/erubi.rb +0 -0
  385. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/erubis.rb +0 -0
  386. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/etanni.rb +0 -0
  387. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/haml.rb +0 -0
  388. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/kramdown.rb +0 -0
  389. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/less.rb +0 -0
  390. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/liquid.rb +0 -0
  391. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/livescript.rb +0 -0
  392. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/mapping.rb +0 -0
  393. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/markaby.rb +0 -0
  394. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/maruku.rb +0 -0
  395. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/nokogiri.rb +0 -0
  396. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/pandoc.rb +0 -0
  397. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/plain.rb +0 -0
  398. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/prawn.rb +0 -0
  399. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/radius.rb +0 -0
  400. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/rdiscount.rb +0 -0
  401. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/rdoc.rb +0 -0
  402. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/redcarpet.rb +0 -0
  403. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/redcloth.rb +0 -0
  404. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/rst-pandoc.rb +0 -0
  405. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/sass.rb +0 -0
  406. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/sigil.rb +0 -0
  407. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/string.rb +0 -0
  408. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/template.rb +0 -0
  409. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/typescript.rb +0 -0
  410. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/wikicloth.rb +0 -0
  411. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt/yajl.rb +0 -0
  412. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/tilt-2.0.11/lib/tilt.rb +0 -0
  413. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/CHANGELOG.md +0 -0
  414. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/MIT-LICENSE.txt +0 -0
  415. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/README.md +0 -0
  416. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/data/display_width.marshal.gz +0 -0
  417. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/constants.rb +0 -0
  418. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/index.rb +0 -0
  419. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/no_string_ext.rb +0 -0
  420. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width/string_ext.rb +0 -0
  421. /data/bundle/ruby/{3.1.0 → 3.3.0}/gems/unicode-display_width-1.8.0/lib/unicode/display_width.rb +0 -0
@@ -1,4 +0,0 @@
1
- # frozen_string_literal: true
2
- module Parallel
3
- VERSION = Version = '1.23.0' # rubocop:disable Naming/ConstantName
4
- end
@@ -1,154 +0,0 @@
1
- 1.0.5
2
- -----
3
-
4
- - fixed [#80](https://github.com/dtao/safe_yaml/issues/80): uninitialized constant DateTime
5
-
6
- 1.0.2
7
- -----
8
-
9
- - added warning when using Psych + an older version of libyaml
10
-
11
- 1.0.1
12
- -----
13
-
14
- - fixed handling for strings that look like (invalid) dates
15
-
16
- 1.0.0
17
- -----
18
-
19
- - updated date parsing to use local timezone
20
- - **now requiring "safe_yaml/load" provides `SafeYAML.load` without clobbering `YAML`**
21
- - fixed handling of empty files
22
- - fixed some (edge case) integer parsing bugs
23
- - fixed some JRuby-specific issues
24
-
25
- 0.9.7
26
- -----
27
-
28
- - made handling of document frontmatter more robust
29
- - added more descriptive message to the warning for omitting the :safe option
30
-
31
- 0.9.6
32
- -----
33
-
34
- - fixed handling of files with trailing content (after closing `---`)
35
-
36
- 0.9.5
37
- -----
38
-
39
- - fixed permissions AGAIN
40
-
41
- 0.9.4
42
- -----
43
-
44
- - corrected handling of symbols
45
-
46
- 0.9.3
47
- -----
48
-
49
- - fixed permissions :(
50
-
51
- 0.9.2
52
- -----
53
-
54
- - fixed error w/ parsing "!" when whitelisting tags
55
- - fixed parsing of the number 0 (d'oh!)
56
-
57
- 0.9.1
58
- -----
59
-
60
- - added Yecht support (JRuby)
61
- - more bug fixes
62
-
63
- 0.9.0
64
- -----
65
-
66
- - added `whitelist!` method for easily whitelisting tags
67
- - added support for call-specific options
68
- - removed deprecated methods
69
-
70
- 0.8.6
71
- -----
72
-
73
- - fixed bug in float matcher
74
-
75
- 0.8.5
76
- -----
77
-
78
- - performance improvements
79
- - made less verbose by default
80
- - bug fixes
81
-
82
- 0.8.4
83
- -----
84
-
85
- - enhancements to parsing of integers, floats, and dates
86
- - updated built-in whitelist
87
- - more bug fixes
88
-
89
- 0.8.3
90
- -----
91
-
92
- - fixed exception on parsing empty document
93
- - fixed handling of octal & hexadecimal numbers
94
-
95
- 0.8.2
96
- -----
97
-
98
- - bug fixes
99
-
100
- 0.8.1
101
- -----
102
-
103
- - added `:raise_on_unknown_tag` option
104
- - renamed `reset_defaults!` to `restore_defaults!`
105
-
106
- 0.8
107
- ---
108
-
109
- - added tag whitelisting
110
- - more API changes
111
-
112
- 0.7
113
- ---
114
-
115
- - separated YAML engine support from Ruby version
116
- - added support for binary scalars
117
- - numerous bug fixes and enhancements
118
-
119
- 0.6
120
- ---
121
-
122
- - several API changes
123
- - added `SafeYAML::OPTIONS` for specifying default behavior
124
-
125
- 0.5
126
- ---
127
-
128
- Added support for dates
129
-
130
- 0.4
131
- ---
132
-
133
- - efficiency improvements
134
- - made `YAML.load` use `YAML.safe_load` by default
135
- - made symbol deserialization optional
136
-
137
- 0.3
138
- ---
139
-
140
- Added Syck support
141
-
142
- 0.2
143
- ---
144
-
145
- Added support for:
146
-
147
- - anchors & aliases
148
- - booleans
149
- - nils
150
-
151
- 0.1
152
- ---
153
-
154
- Initial release
@@ -1,11 +0,0 @@
1
- source "https://rubygems.org"
2
-
3
- gemspec
4
-
5
- group :development do
6
- gem "hashie"
7
- gem "heredoc_unindent"
8
- gem "rake"
9
- gem "rspec"
10
- gem "travis-lint"
11
- end
@@ -1,22 +0,0 @@
1
- Copyright (c) 2013 Dan Tao
2
-
3
- MIT License
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining
6
- a copy of this software and associated documentation files (the
7
- "Software"), to deal in the Software without restriction, including
8
- without limitation the rights to use, copy, modify, merge, publish,
9
- distribute, sublicense, and/or sell copies of the Software, and to
10
- permit persons to whom the Software is furnished to do so, subject to
11
- the following conditions:
12
-
13
- The above copyright notice and this permission notice shall be
14
- included in all copies or substantial portions of the Software.
15
-
16
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
- LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
- OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
- WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -1,191 +0,0 @@
1
- SafeYAML
2
- ========
3
-
4
- [![Build Status](https://travis-ci.org/dtao/safe_yaml.png)](http://travis-ci.org/dtao/safe_yaml)
5
- [![Gem Version](https://badge.fury.io/rb/safe_yaml.png)](http://badge.fury.io/rb/safe_yaml)
6
-
7
- The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the ones discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) [in Rails in early 2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
8
-
9
- **If you encounter any issues with SafeYAML, check out the 'Common Issues' section below.** If you don't see anything that addresses the problem you're experiencing, by all means, [create an issue](https://github.com/dtao/safe_yaml/issues/new)!
10
-
11
- Installation
12
- ------------
13
-
14
- Add this line to your application's Gemfile:
15
-
16
- ```ruby
17
- gem "safe_yaml"
18
- ```
19
-
20
- Configuration
21
- -------------
22
-
23
- If *all you do* is add SafeYAML to your project, then `YAML.load` will operate in "safe" mode, which means it won't deserialize arbitrary objects. However, it will issue a warning the first time you call it because you haven't explicitly specified whether you want safe or unsafe behavior by default. To specify this behavior (e.g., in a Rails initializer):
24
-
25
- ```ruby
26
- SafeYAML::OPTIONS[:default_mode] = :safe # or :unsafe
27
- ```
28
-
29
- Another important option you might want to specify on startup is whether or not to allow *symbols* to be deserialized. The default setting is `false`, since symbols are not garbage collected in Ruby and so deserializing them from YAML may render your application vulnerable to a DOS (denial of service) attack. To allow symbol deserialization by default:
30
-
31
- ```ruby
32
- SafeYAML::OPTIONS[:deserialize_symbols] = true
33
- ```
34
-
35
- For more information on these and other options, see the "Usage" section down below.
36
-
37
- What is this gem for, exactly?
38
- ------------------------------
39
-
40
- Suppose your application were to use a popular open source library which contained code like this:
41
-
42
- ```ruby
43
- class ClassBuilder
44
- def []=(key, value)
45
- @class ||= Class.new
46
-
47
- @class.class_eval <<-EOS
48
- def #{key}
49
- #{value}
50
- end
51
- EOS
52
- end
53
-
54
- def create
55
- @class.new
56
- end
57
- end
58
- ```
59
-
60
- Now, if you were to use `YAML.load` on user input anywhere in your application without the SafeYAML gem installed, an attacker who suspected you were using this library could send a request with a carefully-crafted YAML string to execute arbitrary code (yes, including `system("unix command")`) on your servers.
61
-
62
- This simple example demonstrates the vulnerability:
63
-
64
- ```ruby
65
- yaml = <<-EOYAML
66
- --- !ruby/hash:ClassBuilder
67
- "foo; end; puts %(I'm in yr system!); def bar": "baz"
68
- EOYAML
69
- ```
70
-
71
- > YAML.load(yaml)
72
- I'm in yr system!
73
- => #<ClassBuilder:0x007fdbbe2e25d8 @class=#<Class:0x007fdbbe2e2510>>
74
-
75
- With SafeYAML, the same attacker would be thwarted:
76
-
77
- > require "safe_yaml"
78
- => true
79
- > YAML.load(yaml, :safe => true)
80
- => {"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}
81
-
82
- Usage
83
- -----
84
-
85
- When you require the safe_yaml gem in your project, `YAML.load` is patched to accept one additional (optional) `options` parameter. This changes the method signature as follows:
86
-
87
- - for Syck and Psych prior to Ruby 1.9.3: `YAML.load(yaml, options={})`
88
- - for Psych in 1.9.3 and later: `YAML.load(yaml, filename=nil, options={})`
89
-
90
- The most important option is the `:safe` option (default: `true`), which controls whether or not to deserialize arbitrary objects when parsing a YAML document. The other options, along with explanations, are as follows.
91
-
92
- - `:deserialize_symbols` (default: `false`): Controls whether or not YAML will deserialize symbols. It is probably best to only enable this option where necessary, e.g. to make trusted libraries work. Symbols receive special treatment in Ruby and are not garbage collected, which means deserializing them indiscriminately may render your site vulnerable to a DOS attack.
93
-
94
- - `:whitelisted_tags`: Accepts an array of YAML tags that designate trusted types, e.g., ones that can be deserialized without worrying about any resulting security vulnerabilities. When any of the given tags are encountered in a YAML document, the associated data will be parsed by the underlying YAML engine (Syck or Psych) for the version of Ruby you are using. See the "Whitelisting Trusted Types" section below for more information.
95
-
96
- - `:custom_initializers`: Similar to the `:whitelisted_tags` option, but allows you to provide your own initializers for specified tags rather than using Syck or Psyck. Accepts a hash with string tags for keys and lambdas for values.
97
-
98
- - `:raise_on_unknown_tag` (default: `false`): Represents the highest possible level of paranoia. If the YAML engine encounters any tag other than ones that are automatically trusted by SafeYAML or that you've explicitly whitelisted, it will raise an exception. This may be a good choice if you expect to always be dealing with perfectly safe YAML and want your application to fail loudly upon encountering questionable data.
99
-
100
- All of the above options can be set at the global level via `SafeYAML::OPTIONS`. You can also set each one individually per call to `YAML.load`; an option explicitly passed to `load` will take precedence over an option specified globally.
101
-
102
- What if I don't *want* to patch `YAML`?
103
- ---------------------------------------
104
-
105
- [Excellent question](https://github.com/dtao/safe_yaml/issues/47)! You can also get the methods `SafeYAML.load` and `SafeYAML.load_file` without touching the `YAML` module at all like this:
106
-
107
- ```ruby
108
- require "safe_yaml/load" # instead of require "safe_yaml"
109
- ```
110
-
111
- This way, you can use `SafeYAML.load` to parse YAML that *you* don't trust, without affecting the rest of an application (if you're developing a library, for example).
112
-
113
- Supported Types
114
- ---------------
115
-
116
- The way that SafeYAML works is by restricting the kinds of objects that can be deserialized via `YAML.load`. More specifically, only the following types of objects can be deserialized by default:
117
-
118
- - Hashes
119
- - Arrays
120
- - Strings
121
- - Numbers
122
- - Dates
123
- - Times
124
- - Booleans
125
- - Nils
126
-
127
- Again, deserialization of symbols can be enabled globally by setting `SafeYAML::OPTIONS[:deserialize_symbols] = true`, or in a specific call to `YAML.load([some yaml], :deserialize_symbols => true)`.
128
-
129
- Whitelisting Trusted Types
130
- --------------------------
131
-
132
- SafeYAML supports whitelisting certain YAML tags for trusted types. This is handy when your application uses YAML to serialize and deserialize certain types not listed above, which you know to be free of any deserialization-related vulnerabilities.
133
-
134
- The easiest way to whitelist types is by calling `SafeYAML.whitelist!`, which can accept a variable number of safe types, e.g.:
135
-
136
- ```ruby
137
- SafeYAML.whitelist!(Foo, Bar)
138
- ```
139
-
140
- You can also whitelist YAML *tags* via the `:whitelisted_tags` option:
141
-
142
- ```ruby
143
- # Using Syck
144
- SafeYAML::OPTIONS[:whitelisted_tags] = ["tag:ruby.yaml.org,2002:object:OpenStruct"]
145
-
146
- # Using Psych
147
- SafeYAML::OPTIONS[:whitelisted_tags] = ["!ruby/object:OpenStruct"]
148
- ```
149
-
150
- And in case you were wondering: no, this feature will *not* allow would-be attackers to embed untrusted types within trusted types:
151
-
152
- ```ruby
153
- yaml = <<-EOYAML
154
- --- !ruby/object:OpenStruct
155
- table:
156
- :backdoor: !ruby/hash:ClassBuilder
157
- "foo; end; puts %(I'm in yr system!); def bar": "baz"
158
- EOYAML
159
- ```
160
-
161
- > YAML.safe_load(yaml)
162
- => #<OpenStruct :backdoor={"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}>
163
-
164
- Known Issues
165
- ------------
166
-
167
- If you add SafeYAML to your project and start seeing any errors about missing keys, or you notice mysterious strings that look like `":foo"` (i.e., start with a colon), it's likely you're seeing errors from symbols being saved in YAML format. If you are able to modify the offending code, you might want to consider changing your YAML content to use plain vanilla strings instead of symbols. If not, you may need to set the `:deserialize_symbols` option to `true`, either in calls to `YAML.load` or---as a last resort---globally, with `SafeYAML::OPTIONS[:deserialize_symbols]`.
168
-
169
- Also be aware that some Ruby libraries, particularly those requiring inter-process communication, leverage YAML's object deserialization functionality and therefore may break or otherwise be impacted by SafeYAML. The following list includes known instances of SafeYAML's interaction with other Ruby gems:
170
-
171
- - [**ActiveRecord**](https://github.com/rails/rails/tree/master/activerecord): uses YAML to control serialization of model objects using the `serialize` class method. If you find that accessing serialized properties on your ActiveRecord models is causing errors, chances are you may need to:
172
- 1. set the `:deserialize_symbols` option to `true`,
173
- 2. whitelist some of the types in your serialized data via `SafeYAML.whitelist!` or the `:whitelisted_tags` option, or
174
- 3. both
175
- - [**delayed_job**](https://github.com/collectiveidea/delayed_job): Uses YAML to serialize the objects on which delayed methods are invoked (with `delay`). The safest solution in this case is to use `SafeYAML.whitelist!` to whitelist the types you need to serialize.
176
- - [**Guard**](https://github.com/guard/guard): Uses YAML as a serialization format for notifications. The data serialized uses symbolic keys, so setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` is necessary to allow Guard to work.
177
- - [**sidekiq**](https://github.com/mperham/sidekiq): Uses a YAML configiuration file with symbolic keys, so setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` should allow it to work.
178
-
179
- The above list will grow over time, as more issues are discovered.
180
-
181
- Versioning
182
- ----------
183
-
184
- SafeYAML will follow [semantic versioning](http://semver.org/) so any updates to the first major version will maintain backwards compatability. So expect primarily bug fixes and feature enhancements (if anything!) from here on out... unless it makes sense to break the interface at some point and introduce a version 2.0, which I honestly think is unlikely.
185
-
186
- Requirements
187
- ------------
188
-
189
- SafeYAML requires Ruby 1.8.7 or newer and works with both [Syck](http://www.ruby-doc.org/stdlib-1.8.7/libdoc/yaml/rdoc/YAML.html) and [Psych](http://github.com/tenderlove/psych).
190
-
191
- If you are using a version of Ruby where Psych is the default YAML engine (e.g., 1.9.3) but you want to use Syck, be sure to set `YAML::ENGINE.yamler = "syck"` **before** requiring the safe_yaml gem.
@@ -1,11 +0,0 @@
1
- #!/bin/bash
2
-
3
- [[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"
4
-
5
- declare -a versions=("1.8.7" "1.9.2" "1.9.3" "2.0.0" "2.1.0" "2.1.1" "2.1.2" "ruby-head" "jruby")
6
-
7
- for i in "${versions[@]}"
8
- do
9
- rvm use $i
10
- bundle install
11
- done
@@ -1,34 +0,0 @@
1
- module SafeYAML
2
- class Deep
3
- def self.freeze(object)
4
- object.each do |*entry|
5
- value = entry.last
6
- case value
7
- when String, Regexp
8
- value.freeze
9
- when Enumerable
10
- Deep.freeze(value)
11
- end
12
- end
13
-
14
- return object.freeze
15
- end
16
-
17
- def self.copy(object)
18
- duplicate = object.dup rescue object
19
-
20
- case object
21
- when Array
22
- (0...duplicate.count).each do |i|
23
- duplicate[i] = Deep.copy(duplicate[i])
24
- end
25
- when Hash
26
- duplicate.keys.each do |key|
27
- duplicate[key] = Deep.copy(duplicate[key])
28
- end
29
- end
30
-
31
- duplicate
32
- end
33
- end
34
- end
@@ -1,36 +0,0 @@
1
- require "set"
2
-
3
- module SafeYAML
4
- class LibyamlChecker
5
- LIBYAML_VERSION = Psych::LIBYAML_VERSION rescue nil
6
-
7
- # Do proper version comparison (e.g. so 0.1.10 is >= 0.1.6)
8
- SAFE_LIBYAML_VERSION = Gem::Version.new("0.1.6")
9
-
10
- KNOWN_PATCHED_LIBYAML_VERSIONS = Set.new([
11
- # http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2525.html
12
- "0.1.4-2ubuntu0.12.04.3",
13
- "0.1.4-2ubuntu0.12.10.3",
14
- "0.1.4-2ubuntu0.13.10.3",
15
- "0.1.4-3ubuntu3",
16
-
17
- # https://security-tracker.debian.org/tracker/CVE-2014-2525
18
- "0.1.3-1+deb6u4",
19
- "0.1.4-2+deb7u4",
20
- "0.1.4-3.2"
21
- ]).freeze
22
-
23
- def self.libyaml_version_ok?
24
- return true if YAML_ENGINE != "psych" || defined?(JRUBY_VERSION)
25
- return true if Gem::Version.new(LIBYAML_VERSION || "0") >= SAFE_LIBYAML_VERSION
26
- return libyaml_patched?
27
- end
28
-
29
- def self.libyaml_patched?
30
- return false if (`which dpkg` rescue '').empty?
31
- libyaml_version = `dpkg -s libyaml-0-2`.match(/^Version: (.*)$/)
32
- return false if libyaml_version.nil?
33
- KNOWN_PATCHED_LIBYAML_VERSIONS.include?(libyaml_version[1])
34
- end
35
- end
36
- end
@@ -1,181 +0,0 @@
1
- require "set"
2
- require "yaml"
3
-
4
- # This needs to be defined up front in case any internal classes need to base
5
- # their behavior off of this.
6
- module SafeYAML
7
- YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : (defined?(Psych) && YAML == Psych ? "psych" : "syck")
8
- end
9
-
10
- require "safe_yaml/libyaml_checker"
11
- require "safe_yaml/deep"
12
- require "safe_yaml/parse/hexadecimal"
13
- require "safe_yaml/parse/sexagesimal"
14
- require "safe_yaml/parse/date"
15
- require "safe_yaml/transform/transformation_map"
16
- require "safe_yaml/transform/to_boolean"
17
- require "safe_yaml/transform/to_date"
18
- require "safe_yaml/transform/to_float"
19
- require "safe_yaml/transform/to_integer"
20
- require "safe_yaml/transform/to_nil"
21
- require "safe_yaml/transform/to_symbol"
22
- require "safe_yaml/transform"
23
- require "safe_yaml/resolver"
24
- require "safe_yaml/syck_hack" if SafeYAML::YAML_ENGINE == "syck" && defined?(JRUBY_VERSION)
25
-
26
- module SafeYAML
27
- MULTI_ARGUMENT_YAML_LOAD = YAML.method(:load).arity != 1
28
-
29
- DEFAULT_OPTIONS = Deep.freeze({
30
- :default_mode => nil,
31
- :suppress_warnings => false,
32
- :deserialize_symbols => false,
33
- :whitelisted_tags => [],
34
- :custom_initializers => {},
35
- :raise_on_unknown_tag => false
36
- })
37
-
38
- OPTIONS = Deep.copy(DEFAULT_OPTIONS)
39
-
40
- PREDEFINED_TAGS = {}
41
-
42
- if YAML_ENGINE == "syck"
43
- YAML.tagged_classes.each do |tag, klass|
44
- PREDEFINED_TAGS[klass] = tag
45
- end
46
-
47
- else
48
- # Special tags appear to be hard-coded in Psych:
49
- # https://github.com/tenderlove/psych/blob/v1.3.4/lib/psych/visitors/to_ruby.rb
50
- # Fortunately, there aren't many that SafeYAML doesn't already support.
51
- PREDEFINED_TAGS.merge!({
52
- Exception => "!ruby/exception",
53
- Range => "!ruby/range",
54
- Regexp => "!ruby/regexp",
55
- })
56
- end
57
-
58
- Deep.freeze(PREDEFINED_TAGS)
59
-
60
- module_function
61
-
62
- def restore_defaults!
63
- OPTIONS.clear.merge!(Deep.copy(DEFAULT_OPTIONS))
64
- end
65
-
66
- def tag_safety_check!(tag, options)
67
- return if tag.nil? || tag == "!"
68
- if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
69
- raise "Unknown YAML tag '#{tag}'"
70
- end
71
- end
72
-
73
- def whitelist!(*classes)
74
- classes.each do |klass|
75
- whitelist_class!(klass)
76
- end
77
- end
78
-
79
- def whitelist_class!(klass)
80
- raise "#{klass} not a Class" unless klass.is_a?(::Class)
81
-
82
- klass_name = klass.name
83
- raise "#{klass} cannot be anonymous" if klass_name.nil? || klass_name.empty?
84
-
85
- # Whitelist any built-in YAML tags supplied by Syck or Psych.
86
- predefined_tag = PREDEFINED_TAGS[klass]
87
- if predefined_tag
88
- OPTIONS[:whitelisted_tags] << predefined_tag
89
- return
90
- end
91
-
92
- # Exception is exceptional (har har).
93
- tag_class = klass < Exception ? "exception" : "object"
94
-
95
- tag_prefix = case YAML_ENGINE
96
- when "psych" then "!ruby/#{tag_class}"
97
- when "syck" then "tag:ruby.yaml.org,2002:#{tag_class}"
98
- else raise "unknown YAML_ENGINE #{YAML_ENGINE}"
99
- end
100
- OPTIONS[:whitelisted_tags] << "#{tag_prefix}:#{klass_name}"
101
- end
102
-
103
- if YAML_ENGINE == "psych"
104
- def tag_is_explicitly_trusted?(tag)
105
- false
106
- end
107
-
108
- else
109
- TRUSTED_TAGS = Set.new([
110
- "tag:yaml.org,2002:binary",
111
- "tag:yaml.org,2002:bool#no",
112
- "tag:yaml.org,2002:bool#yes",
113
- "tag:yaml.org,2002:float",
114
- "tag:yaml.org,2002:float#fix",
115
- "tag:yaml.org,2002:int",
116
- "tag:yaml.org,2002:map",
117
- "tag:yaml.org,2002:null",
118
- "tag:yaml.org,2002:seq",
119
- "tag:yaml.org,2002:str",
120
- "tag:yaml.org,2002:timestamp",
121
- "tag:yaml.org,2002:timestamp#ymd"
122
- ]).freeze
123
-
124
- def tag_is_explicitly_trusted?(tag)
125
- TRUSTED_TAGS.include?(tag)
126
- end
127
- end
128
-
129
- if SafeYAML::YAML_ENGINE == "psych"
130
- require "safe_yaml/psych_handler"
131
- require "safe_yaml/psych_resolver"
132
- require "safe_yaml/safe_to_ruby_visitor"
133
-
134
- def self.load(yaml, filename=nil, options={})
135
- # If the user hasn't whitelisted any tags, we can go with this implementation which is
136
- # significantly faster.
137
- if (options && options[:whitelisted_tags] || SafeYAML::OPTIONS[:whitelisted_tags]).empty?
138
- safe_handler = SafeYAML::PsychHandler.new(options) do |result|
139
- return result
140
- end
141
- arguments_for_parse = [yaml]
142
- arguments_for_parse << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
143
- Psych::Parser.new(safe_handler).parse(*arguments_for_parse)
144
- return safe_handler.result
145
-
146
- else
147
- safe_resolver = SafeYAML::PsychResolver.new(options)
148
- tree = SafeYAML::MULTI_ARGUMENT_YAML_LOAD ?
149
- Psych.parse(yaml, filename) :
150
- Psych.parse(yaml)
151
- return safe_resolver.resolve_node(tree)
152
- end
153
- end
154
-
155
- def self.load_file(filename, options={})
156
- if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
157
- File.open(filename, 'r:bom|utf-8') { |f| self.load(f, filename, options) }
158
-
159
- else
160
- # Ruby pukes on 1.9.2 if we try to open an empty file w/ 'r:bom|utf-8';
161
- # so we'll not specify those flags here. This mirrors the behavior for
162
- # unsafe_load_file so it's probably preferable anyway.
163
- self.load File.open(filename), nil, options
164
- end
165
- end
166
-
167
- else
168
- require "safe_yaml/syck_resolver"
169
- require "safe_yaml/syck_node_monkeypatch"
170
-
171
- def self.load(yaml, options={})
172
- resolver = SafeYAML::SyckResolver.new(SafeYAML::OPTIONS.merge(options || {}))
173
- tree = YAML.parse(yaml)
174
- return resolver.resolve_node(tree)
175
- end
176
-
177
- def self.load_file(filename, options={})
178
- File.open(filename) { |f| self.load(f, options) }
179
- end
180
- end
181
- end
@@ -1,37 +0,0 @@
1
- require 'time'
2
-
3
- module SafeYAML
4
- class Parse
5
- class Date
6
- # This one's easy enough :)
7
- DATE_MATCHER = /\A(\d{4})-(\d{2})-(\d{2})\Z/.freeze
8
-
9
- # This unbelievable little gem is taken basically straight from the YAML spec, but made
10
- # slightly more readable (to my poor eyes at least) to me:
11
- # http://yaml.org/type/timestamp.html
12
- TIME_MATCHER = /\A\d{4}-\d{1,2}-\d{1,2}(?:[Tt]|\s+)\d{1,2}:\d{2}:\d{2}(?:\.\d*)?\s*(?:Z|[-+]\d{1,2}(?::?\d{2})?)?\Z/.freeze
13
-
14
- SECONDS_PER_DAY = 60 * 60 * 24
15
- MICROSECONDS_PER_SECOND = 1000000
16
-
17
- # So this is weird. In Ruby 1.8.7, the DateTime#sec_fraction method returned fractional
18
- # seconds in units of DAYS for some reason. In 1.9.2, they changed the units -- much more
19
- # reasonably -- to seconds.
20
- SEC_FRACTION_MULTIPLIER = RUBY_VERSION == "1.8.7" ? (SECONDS_PER_DAY * MICROSECONDS_PER_SECOND) : MICROSECONDS_PER_SECOND
21
-
22
- # The DateTime class has a #to_time method in Ruby 1.9+;
23
- # Before that we'll just need to convert DateTime to Time ourselves.
24
- TO_TIME_AVAILABLE = DateTime.instance_methods.include?(:to_time)
25
-
26
- def self.value(value)
27
- d = DateTime.parse(value)
28
-
29
- return d.to_time if TO_TIME_AVAILABLE
30
-
31
- usec = d.sec_fraction * SEC_FRACTION_MULTIPLIER
32
- time = Time.utc(d.year, d.month, d.day, d.hour, d.min, d.sec, usec) - (d.offset * SECONDS_PER_DAY)
33
- time.getlocal
34
- end
35
- end
36
- end
37
- end