Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a false positive for Security/YamlLoad #10424

Merged

Conversation

koic
Copy link
Member

@koic koic commented Feb 17, 2022

This PR fixes a false positive for Security/YamlLoad when using Ruby 3.1+ (Psych 4).
And it also makes the examples a bit more specific.

Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.
ruby/psych#487

We may consider removing this cop in the future, but not yet.


Before submitting the PR make sure the following are checked:

  • The PR relates to only one subject with a clear title and description in grammatically correct, complete sentences.
  • Wrote good commit messages.
  • Commit message starts with [Fix #issue-number] (if the related issue exists).
  • Feature branch is up-to-date with master (if not - rebase it).
  • Squashed related commits together.
  • Added tests.
  • Ran bundle exec rake default. It executes all tests and runs RuboCop on its own code.
  • Added an entry (file) to the changelog folder named {change_type}_{change_description}.md if the new code introduces user-observable changes. See changelog entry format for details.

This PR fixes a false positive for `Security/YamlLoad`
when using Ruby 3.1+ (Psych 4).
And it also makes the examples a bit more specific.

Ruby 3.1+ (Psych 4) uses `Psych.load` as `Psych.safe_load` by default.
ruby/psych#487

We may consider removing this cop in the future, but not yet.
@koic koic force-pushed the fix_a_false_positive_for_security_yaml_load branch from e89f7e2 to 0a8ad1b Compare Feb 17, 2022
@bbatsov bbatsov merged commit 4fa929d into rubocop:master Feb 20, 2022
34 checks passed
@bbatsov
Copy link
Collaborator

bbatsov commented Feb 20, 2022

We may consider removing this cop in the future, but not yet.

Indeed.

@koic koic deleted the fix_a_false_positive_for_security_yaml_load branch Feb 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants