psych 3.2.0 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d2864bd6b2ce0aa8d9c7a1793c6531d582ce5591f61fa77a5147b495a0eacff
-  data.tar.gz: fb30e5a5a677c813e058366c8ee1339c986c65f9bc51f69e94771d31199ae7e8
+  metadata.gz: bb86b57322de81bdd56451df223fe27f61a67b4f85caeb0d28fe9b4cda6cd5ae
+  data.tar.gz: 762106ad2df9213bf93e777513d23df05c9bd25fb0dd511c8275172e5eeef118
 SHA512:
-  metadata.gz: 7c2fcf1411c11ff9e7479b79564fc1114c76f12a7b6c6a9ad983f8d565691bcc5b012f0db28529974f1fd274929452b99366af885d094b596da625568149a456
-  data.tar.gz: 433269e6942d6b1e8812bee88844816aafe7b67c2e58ad51ecf4ddfa45e3c8a99f7265b0a7bb48e4dfc758142fa6503c1b17a2e35036c4bad56dc28fe73414f5
+  metadata.gz: fa022cc3afcc02867d9528ac55f9b165011e5555ed37a24eed3116b211bb72247bb5afa73136f42232d649d7c6cab3c7af44e44558719d841edb4ad5f3d6d611
+  data.tar.gz: d2fbc5ff9683197cbc76abbee9fbdec01622fb70f262c72567342f111549ad3686ca1b8e4839705e43c63d64305aa62bb464819a118d83cf3b050ffb652c8ef7

data/README.md

@@ -12,8 +12,8 @@ serialize and de-serialize most Ruby objects to and from the YAML format.
 ## Examples
 
 ```ruby
-# Load YAML in to a Ruby object
-Psych.load('--- foo') # => 'foo'
+# Safely load YAML in to a Ruby object
+Psych.safe_load('--- foo') # => 'foo'
 
 # Emit YAML from a Ruby object
 Psych.dump("foo")     # => "--- foo\n...\n"

data/ext/psych/psych.c

@@ -22,6 +22,9 @@ VALUE mPsych;
 
 void Init_psych(void)
 {
+    #ifdef HAVE_RB_EXT_RACTOR_SAFE
+	RB_EXT_RACTOR_SAFE(true);
+    #endif
     mPsych = rb_define_module("Psych");
 
     rb_define_singleton_method(mPsych, "libyaml_version", libyaml_version, 0);

data/ext/psych/yaml/yaml.h

@@ -1,7 +1,7 @@
 /**
  * @file yaml.h
  * @brief Public interface for libyaml.
- * 
+ *
  * Include the header file with the code:
  * @code
  * #include <yaml.h>
@@ -390,7 +390,7 @@ typedef struct yaml_event_s {
 
     /** The event data. */
     union {
-        
+
         /** The stream parameters (for @c YAML_STREAM_START_EVENT). */
         struct {
             /** The document encoding. */
@@ -726,7 +726,7 @@ struct yaml_node_s {
 
     /** The node data. */
     union {
-        
+
         /** The scalar parameters (for @c YAML_SCALAR_NODE). */
         struct {
             /** The scalar value. */

data/lib/psych.rb

@@ -74,12 +74,15 @@ require 'psych/class_loader'
 #
 # ==== Reading from a string
 #
-#   Psych.load("--- a")             # => 'a'
-#   Psych.load("---\n - a\n - b")   # => ['a', 'b']
+#   Psych.safe_load("--- a")             # => 'a'
+#   Psych.safe_load("---\n - a\n - b")   # => ['a', 'b']
+#   # From a trusted string:
+#   Psych.load("--- !ruby/range\nbegin: 0\nend: 42\nexcl: false\n") # => 0..42
 #
 # ==== Reading from a file
 #
-#   Psych.load_file("database.yml")
+#   Psych.safe_load_file("data.yml", permitted_classes: [Date])
+#   Psych.load_file("trusted_database.yml")
 #
 # ==== Exception handling
 #
@@ -230,9 +233,9 @@ require 'psych/class_loader'
 
 module Psych
   # The version of libyaml Psych is using
-  LIBYAML_VERSION = Psych.libyaml_version.join '.'
+  LIBYAML_VERSION = Psych.libyaml_version.join('.').freeze
   # Deprecation guard
-  NOT_GIVEN = Object.new
+  NOT_GIVEN = Object.new.freeze
   private_constant :NOT_GIVEN
 
   ###
@@ -276,8 +279,7 @@ module Psych
 
     result = parse(yaml, filename: filename)
     return fallback unless result
-    result = result.to_ruby(symbolize_names: symbolize_names, freeze: freeze) if result
-    result
+    result.to_ruby(symbolize_names: symbolize_names, freeze: freeze)
   end
 
   ###
@@ -549,7 +551,7 @@ module Psych
   #   end
   #   list # => ['foo', 'bar']
   #
-  def self.load_stream yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: []
+  def self.load_stream yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: [], **kwargs
     if legacy_filename != NOT_GIVEN
       warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load_stream is deprecated. Use keyword argument like Psych.load_stream(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE
       filename = legacy_filename
@@ -557,10 +559,10 @@ module Psych
 
     result = if block_given?
                parse_stream(yaml, filename: filename) do |node|
-                 yield node.to_ruby
+                 yield node.to_ruby(**kwargs)
                end
              else
-               parse_stream(yaml, filename: filename).children.map(&:to_ruby)
+               parse_stream(yaml, filename: filename).children.map { |node| node.to_ruby(**kwargs) }
              end
 
     return fallback if result.is_a?(Array) && result.empty?
@@ -571,35 +573,47 @@ module Psych
   # Load the document contained in +filename+.  Returns the yaml contained in
   # +filename+ as a Ruby object, or if the file is empty, it returns
   # the specified +fallback+ return value, which defaults to +false+.
-  def self.load_file filename, fallback: false
+  #
+  # NOTE: This method *should not* be used to parse untrusted documents, such as
+  # YAML documents that are supplied via user input.  Instead, please use the
+  # safe_load_file method.
+  def self.load_file filename, **kwargs
     File.open(filename, 'r:bom|utf-8') { |f|
-      self.load f, filename: filename, fallback: fallback
+      self.load f, filename: filename, **kwargs
+    }
+  end
+
+  ###
+  # Safely loads the document contained in +filename+.  Returns the yaml contained in
+  # +filename+ as a Ruby object, or if the file is empty, it returns
+  # the specified +fallback+ return value, which defaults to +false+.
+  # See safe_load for options.
+  def self.safe_load_file filename, **kwargs
+    File.open(filename, 'r:bom|utf-8') { |f|
+      self.safe_load f, filename: filename, **kwargs
     }
   end
 
   # :stopdoc:
-  @domain_types = {}
   def self.add_domain_type domain, type_tag, &block
     key = ['tag', domain, type_tag].join ':'
-    @domain_types[key] = [key, block]
-    @domain_types["tag:#{type_tag}"] = [key, block]
+    domain_types[key] = [key, block]
+    domain_types["tag:#{type_tag}"] = [key, block]
   end
 
   def self.add_builtin_type type_tag, &block
     domain = 'yaml.org,2002'
     key = ['tag', domain, type_tag].join ':'
-    @domain_types[key] = [key, block]
+    domain_types[key] = [key, block]
   end
 
   def self.remove_type type_tag
-    @domain_types.delete type_tag
+    domain_types.delete type_tag
   end
 
-  @load_tags = {}
-  @dump_tags = {}
   def self.add_tag tag, klass
-    @load_tags[tag] = klass.name
-    @dump_tags[klass] = tag
+    load_tags[tag] = klass.name
+    dump_tags[klass] = tag
   end
 
   # Workaround for emulating `warn '...', uplevel: 1` in Ruby 2.4 or lower.
@@ -618,9 +632,32 @@ module Psych
   private_class_method :warn_with_uplevel, :parse_caller
 
   class << self
-    attr_accessor :load_tags
-    attr_accessor :dump_tags
-    attr_accessor :domain_types
+    if defined?(Ractor)
+      require 'forwardable'
+      extend Forwardable
+
+      class Config
+        attr_accessor :load_tags, :dump_tags, :domain_types
+        def initialize
+          @load_tags = {}
+          @dump_tags = {}
+          @domain_types = {}
+        end
+      end
+
+      def config
+        Ractor.current[:PsychConfig] ||= Config.new
+      end
+
+      def_delegators :config, :load_tags, :dump_tags, :domain_types, :load_tags=, :dump_tags=, :domain_types=
+    else
+      attr_accessor :load_tags
+      attr_accessor :dump_tags
+      attr_accessor :domain_types
+    end
   end
+  self.load_tags = {}
+  self.dump_tags = {}
+  self.domain_types = {}
   # :startdoc:
 end

data/lib/psych/class_loader.rb

@@ -35,9 +35,11 @@ module Psych
 
     constants.each do |const|
       konst = const_get const
-      define_method(const.to_s.downcase) do
-        load konst
-      end
+      class_eval <<~RUBY
+        def #{const.to_s.downcase}
+          load #{konst.inspect}
+        end
+      RUBY
     end
 
     private
@@ -69,7 +71,7 @@ module Psych
       rescue
         nil
       end
-    }.compact]
+    }.compact].freeze
 
     class Restricted < ClassLoader
       def initialize classes, symbols

data/lib/psych/versions.rb

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 module Psych
   # The version of Psych you are using
-  VERSION = '3.2.0'
+  VERSION = '3.3.0'
 
   if RUBY_ENGINE == 'jruby'
     DEFAULT_SNAKEYAML_VERSION = '1.26'.freeze

data/lib/psych/visitors/visitor.rb

@@ -8,12 +8,26 @@ module Psych
 
       private
 
-      DISPATCH = Hash.new do |hash, klass|
-        hash[klass] = "visit_#{klass.name.gsub('::', '_')}"
+      # @api private
+      def self.dispatch_cache
+        Hash.new do |hash, klass|
+          hash[klass] = :"visit_#{klass.name.gsub('::', '_')}"
+        end.compare_by_identity
+      end
+
+      if defined?(Ractor)
+        def dispatch
+          Ractor.current[:Psych_Visitors_Visitor] ||= Visitor.dispatch_cache
+        end
+      else
+        DISPATCH = dispatch_cache
+        def dispatch
+          DISPATCH
+        end
       end
 
       def visit target
-        send DISPATCH[target.class], target
+        send dispatch[target.class], target
       end
     end
   end

data/lib/psych/visitors/yaml_tree.rb

@@ -80,7 +80,7 @@ module Psych
           raise(TypeError, "Can't dump #{target.class}") unless method
 
           h[klass] = method
-        end
+        end.compare_by_identity
       end
 
       def start encoding = Nodes::Stream::UTF8

data/psych.gemspec

@@ -46,7 +46,6 @@ DESCRIPTION
   s.extra_rdoc_files = ["README.md"]
 
   s.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
-  s.rubygems_version = "2.5.1"
   s.required_rubygems_version = Gem::Requirement.new(">= 0")
 
   if RUBY_ENGINE == 'jruby'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: psych
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.3.0
 platform: ruby
 authors:
 - Aaron Patterson
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-17 00:00:00.000000000 Z
+date: 2020-12-23 00:00:00.000000000 Z
 dependencies: []
 description: |
   Psych is a YAML parser and emitter. Psych leverages libyaml[https://pyyaml.org/wiki/LibYAML]
@@ -117,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.0.pre1
+rubygems_version: 3.2.2
 signing_key:
 specification_version: 4
 summary: Psych is a YAML parser and emitter