mechanize 2.8.3 → 2.8.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e9229e4045fc8c47f92c1eb17b082f206016958b1cac91e7d128c4b3c7ac75f2
-  data.tar.gz: f5ee71b39961cdf4f7ee3c24b98202558b57d96187ecea52996c1257535d82b4
+  metadata.gz: d8b4e424716d3f5d8fdc1fe82efca4412eee6b414c0cafee9cdced96023e632d
+  data.tar.gz: b4450930235cb304ced9e63cede8fd3abe3bc7c7f38530ef6127be8208de3c93
 SHA512:
-  metadata.gz: d31c53a6d1b442f804e95274b16bead40dd93cf76a4b3fd06fb51c2b17971f47f27d5463c96ca10bc55f1cc7e34dabd9ab7e7d3edbb84399fccfb7d49a870779
-  data.tar.gz: be498201622a3f1584f3060f23824d85e09b8adead0e6d39cf7f87ca433a718f17d4039731d2124eff3032e2ac4ad4542b47d05e5b8421ce640ab2b62c197016
+  metadata.gz: cb936d26c46330432cd5d230b5e54b3792de5a2e39d3aa3a09a4904e5cf0f4bd9547c489772f3cd8d989e171022a18943bf4d09f0420038ed36d941978605a4f
+  data.tar.gz: 3b8103cfa2759f937b43384ac13ae0b8be9d22505841199fd0acd8fc0f4c4d86e0844571bbcd930da2d55e54f2178bbe222f9876959851ee694988bd5b874668

data/.github/workflows/ci-test.yml

@@ -16,7 +16,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: "3.0"
+        ruby-version: "3.1"
         bundler-cache: true
     - run: bundle exec rake rubocop
 
@@ -25,7 +25,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ["2.5", "2.6", "2.7", "3.0", "jruby", "truffleruby-head"]
+        ruby-version: ["2.5", "2.6", "2.7", "3.0", "3.1", "head", "jruby", "truffleruby-head"]
 
     runs-on: ubuntu-latest
     steps:
@@ -48,6 +48,6 @@ jobs:
     - uses: actions/checkout@v2
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: "3.0"
+        ruby-version: "3.1"
         bundler-cache: true
     - run: bundle exec rake test

data/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Mechanize CHANGELOG
 
+## 2.8.4 / 2022-01-17
+
+### Fix
+
+* `Mechanize::CookieJar#load` calls `Psych.safe_load` when using Psych >= 3.1
+
+
 ## 2.8.3 / 2021-11-11
 
 ### Update

data/lib/mechanize/cookie_jar.rb

@@ -149,7 +149,7 @@ class Mechanize
       return super(input, opthash) if opthash[:format] != :yaml
 
       begin
-        data = YAML.load(input) # rubocop:disable Security/YAMLLoad
+        data = load_yaml(input)
       rescue ArgumentError
         @logger.warn "unloadable YAML cookie data discarded" if @logger
         return self
@@ -174,6 +174,18 @@ class Mechanize
         return self
       end
     end
+
+    private
+
+    if YAML.name == "Psych" && Gem::Requirement.new(">= 3.1").satisfied_by?(Gem::Version.new(Psych::VERSION))
+      def load_yaml(yaml)
+        YAML.safe_load(yaml, aliases: true, permitted_classes: ["Mechanize::Cookie", "Time"])
+      end
+    else
+      def load_yaml(yaml)
+        YAML.load(yaml) # rubocop:disable Security/YAMLLoad
+      end
+    end
   end
 
   class ::HTTP::CookieJar

data/lib/mechanize/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 class Mechanize
-  VERSION = "2.8.3"
+  VERSION = "2.8.4"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mechanize
 version: !ruby/object:Gem::Version
-  version: 2.8.3
+  version: 2.8.4
 platform: ruby
 authors:
 - Eric Hodel
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-11 00:00:00.000000000 Z
+date: 2022-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -502,7 +502,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: The Mechanize library is used for automating interaction with websites