Skip to content

Use YAML.unsafe_load on Ruby 3.1.0 and newer #1898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2022
Merged

Use YAML.unsafe_load on Ruby 3.1.0 and newer #1898

merged 1 commit into from
May 20, 2022

Conversation

jordansissel
Copy link
Owner

@jordansissel jordansissel commented May 2, 2022
edited
Loading

Load gem specifications using YAML's safe loading

On older rubies, YAML.load is the unsafe load method. At some point,
Ruby 3.1.0 / Psych 4(?) made two renames:

  • YAML.load -> YAML.unsafe_load
  • YAML.safe_load -> YAML.load

A quick test is to try converting a gem. This would fail if YAML.load
was the "safe" method because it would fail with this message:

Tried to load unspecified class: Gem::Specification (Psych::DisallowedClass

fpm -s gem -t empty rails will crash on Ruby 3.1.0 prior to this
commit.

Fixes #1895

@jordansissel
Copy link
Owner Author

I haven't tested this one yet. I tried tonight but my spare install of ruby 3.0.2 was not built correctly and now it is sleep time.

@jordansissel
Load gem specifications using YAML's safe loading
90b6058 
On older rubies, YAML.load _is_ the unsafe load method. At some point,
Ruby 3.1.0 / Psych 4(?) made two renames:

* YAML.load -> YAML.unsafe_load
* YAML.safe_load -> YAML.load

A quick test is to try converting a gem. This would fail if `YAML.load`
was the "safe" method because it would fail with this message:

    Tried to load unspecified class: Gem::Specification (Psych::DisallowedClass

`fpm -s gem -t empty rails` will crash on Ruby 3.1.0 prior to this
commit.

Fixes #1895

Add necessary classes to safely load yaml from gem specs
@jordansissel
Copy link
Owner Author

Testing both ruby 3.1.0 and 3.0.2, tests pass!

Prior to this PR, Ruby 3.0.2 would pass tests, but Ruby 3.1.0 would not due to the upstream Psych change.

% ruby --version
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]

% bundle exec rspec spec/fpm/package/gem_spec.rb
........

Finished in 15.26 seconds (files took 0.21311 seconds to load)
8 examples, 0 failures

% ruby --version
ruby 3.1.0p0 (2021-12-25 revision fb4df44d16) [x86_64-linux]
% bundle exec rspec spec/fpm/package/gem_spec.rb
........

Finished in 7.55 seconds (files took 0.18037 seconds to load)
8 examples, 0 failures

@jordansissel jordansissel merged commit 40795d4 into main May 20, 2022
@jordansissel jordansissel mentioned this pull request May 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

psych/class_loader.rb:99:in `find': Tried to load unspecified class: Gem::Specification (Psych::DisallowedClass)
1 participant
@jordansissel