Issue #17866 has been updated by cabo (Carsten Bormann).


naruse (Yui NARUSE) wrote in #note-10:
> Since I want Ruby 3.1 to keep as much as compatibility for Ruby 3.0 to ensure application/library developer adopt Ruby 3, Im negative to go Ruby 3.1 with Psych 4.0.0.

Unfortunately, users will pick up this incompatibility with their next `gem update`.

So it won't make much of a difference whether you put it in Ruby 3.1 or not.

(The updated major gem version also does not protect against this update as psych historically has not been a gem, so few Gemfiles have a ~> 3.0 or some such.)

----------------------------------------
Bug #17866: Incompatible changes with Psych 4.0.0
https://bugs.ruby-lang.org/issues/17866#change-92140

* Author: hsbt (Hiroshi SHIBATA)
* Status: Assigned
* Priority: Normal
* Assignee: tenderlovemaking (Aaron Patterson)
* Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN
----------------------------------------
Psych-4.0.0 changes `Psych.safe_load` by the default.

https://github.com/ruby/psych/pull/487

It breaks the several code like:

* https://github.com/ruby/ruby/commit/da5b28396397ace84d914cb188055cbeb46b8725
* https://github.com/ruby/ruby/commit/8e91b969df08b7a2eb27a5d6d38733eea42dc7ad
* https://github.com/ruby/ruby/commit/d8fd92f62024d85271a3f1125bc6928409f912e1
* https://github.com/ruby/ruby/commit/dfecc650c3f9bbd8b4fb0eefc1e3da65f151d3a8
* etc...

I and @mame investigate them. We found 2 issues.

1. `Symbol` is still ignored `Pysch.load`. It break many of code like configuration store. https://github.com/ruby/psych/blob/master/lib/psych.rb#L368 passes `Symbol` used by `permitted_classes`. But It's not working now. see https://github.com/ruby/psych/issues/490
2. `Pysch.load` restrict `Gem::Specification` or `RDoc::Options` by the default. Should we add them with`permitted_classes` to `Psych.load` or `Psych.load_file`? I'm not sure the right way about them.

@tenderlovemaking Do you have any ideas about the above concerns?




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>