paper_trail 12.3.0 → 13.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0f6ef6591b15081a76d93a70d959527f8cdc53cc3a6343ab6f1b7c40ef6695e
-  data.tar.gz: 202ee3126567ab99b39f8c76039fb7e20a4eb5e10e0e0880e867f19f228ace63
+  metadata.gz: 776e912c4a06b036014b0301b30a1438974c00b8e63b6e0b78fbffe4dfca7824
+  data.tar.gz: 691060404fbb2b4a3f66cf40c0b6187df7a9e8439854097ffbad433a7bdd6e75
 SHA512:
-  metadata.gz: c144126a2d8cec5537ef218b6637ee2ff6e6863de2e935facf6ad020dba6c2fb46bc5c13ed2ab674e9230c264d6e87905415ebc3c1e4bee5fbe50b1e73285663
-  data.tar.gz: 96530aebe8af35a95d47b6a5deadd3797b2d9255b28156f24a9f1be67fe629b254747d39ccad4d8f5d348d9fd74300b4b865ff9b32125c0951b14cf5d13ed60f
+  metadata.gz: 7110ad57841a431cb50318a79db55ba65f279b839d72009dc2aef961a57c9b044d4d8d706062bbff4cea7fe9b7b2db0a3d83c966518eeffddd66cca6f9e63ae3
+  data.tar.gz: d5ebe8b0a5f8dd4df889b1e6a71e81ab5fb1e752a034dd400decd5ef1bdb91441bce9b6061980db7d443796309995c745063175bf7cdb85819028f45fc20dc88

data/lib/generators/paper_trail/install/templates/create_versions.rb.erb

@@ -28,11 +28,11 @@ class CreateVersions < ActiveRecord::Migration<%= migration_version %>
       # MySQL users should also upgrade to at least rails 4.2, which is the first
       # version of ActiveRecord with support for fractional seconds in MySQL.
       # (https://github.com/rails/rails/pull/14359)
-      # 
+      #
       # MySQL users should use the following line for `created_at`
-      # t.datetime :created_at, limit: 6                                        
+      # t.datetime :created_at, limit: 6
       t.datetime :created_at
     end
-    add_index :versions, %i(item_type item_id)
+    add_index :versions, %i[item_type item_id]
   end
 end

data/lib/paper_trail/serializers/yaml.rb

@@ -9,13 +9,23 @@ module PaperTrail
       extend self # makes all instance methods become module methods as well
 
       def load(string)
-        ::YAML.respond_to?(:unsafe_load) ? ::YAML.unsafe_load(string) : ::YAML.load(string)
+        if use_safe_load?
+          ::YAML.safe_load(
+            string,
+            permitted_classes: ::ActiveRecord.yaml_column_permitted_classes,
+            aliases: true
+          )
+        elsif ::YAML.respond_to?(:unsafe_load)
+          ::YAML.unsafe_load(string)
+        else
+          ::YAML.load(string)
+        end
       end
 
       # @param object (Hash | HashWithIndifferentAccess) - Coming from
       # `recordable_object` `object` will be a plain `Hash`. However, due to
-      # recent [memory optimizations](https://git.io/fjeYv), when coming from
-      # `recordable_object_changes`, it will be a `HashWithIndifferentAccess`.
+      # recent [memory optimizations](https://github.com/paper-trail-gem/paper_trail/pull/1189),
+      # when coming from `recordable_object_changes`, it will be a `HashWithIndifferentAccess`.
       def dump(object)
         object = object.to_hash if object.is_a?(HashWithIndifferentAccess)
         ::YAML.dump object
@@ -26,6 +36,14 @@ module PaperTrail
       def where_object_condition(arel_field, field, value)
         arel_field.matches("%\n#{field}: #{value}\n%")
       end
+
+      private
+
+      # `use_yaml_unsafe_load` was added in 7.0.3.1, will be removed in 7.1.0?
+      def use_safe_load?
+        defined?(ActiveRecord.use_yaml_unsafe_load) &&
+          !ActiveRecord.use_yaml_unsafe_load
+      end
     end
   end
 end

data/lib/paper_trail/version_concern.rb

@@ -15,6 +15,12 @@ module PaperTrail
   module VersionConcern
     extend ::ActiveSupport::Concern
 
+    E_YAML_PERMITTED_CLASSES = <<-EOS.squish.freeze
+      PaperTrail encountered a Psych::DisallowedClass error during
+      deserialization of YAML column, indicating that
+      yaml_column_permitted_classes has not been configured correctly. %s
+    EOS
+
     included do
       belongs_to :item, polymorphic: true, optional: true, inverse_of: false
       validates_presence_of :event
@@ -348,7 +354,10 @@ module PaperTrail
       else
         begin
           PaperTrail.serializer.load(object_changes)
-        rescue StandardError # TODO: Rescue something more specific
+        rescue StandardError => e
+          if defined?(::Psych::Exception) && e.instance_of?(::Psych::Exception)
+            ::Kernel.warn format(E_YAML_PERMITTED_CLASSES, e)
+          end
           {}
         end
       end

data/lib/paper_trail/version_number.rb

@@ -7,8 +7,8 @@ module PaperTrail
   # because of this confusion, but it's not worth the breaking change.
   # People are encouraged to use `PaperTrail.gem_version` instead.
   module VERSION
-    MAJOR = 12
-    MINOR = 3
+    MAJOR = 13
+    MINOR = 0
     TINY = 0
 
     # Set PRE to nil unless it's a pre-release (beta, rc, etc.)

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: paper_trail
 version: !ruby/object:Gem::Version
-  version: 12.3.0
+  version: 13.0.0
 platform: ruby
 authors:
 - Andy Stewart
 - Ben Atkins
 - Jared Beck
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-13 00:00:00.000000000 Z
+date: 2022-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -352,7 +352,7 @@ homepage: https://github.com/paper-trail-gem/paper_trail
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -367,8 +367,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.2.22
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Track changes to your models.
 test_files: []