On 17/12/22 at 14:51 +0100, Diederik de Haas wrote: > On 13 Sep 2022 09:00:07 -0300 Antonio Terceiro <terce...@debian.org> wrote: > > Source: ruby-safe-yaml > > Version: 1.0.5-2 > > Justification: FTBFS > > Usertags: ruby3.1 > > > > We are about to start the ruby3.1 transition in unstable. While trying to > > rebuild ruby-safe-yaml with ruby3.1 enabled, the build failed. > > > > Relevant part of the build log (hopefully): > > > ArgumentError: > > > wrong number of arguments (given 2, expected 1) > > > # ./lib/safe_yaml/load.rb:149:in `load' > > > # ./lib/safe_yaml.rb:29:in `safe_load' > > > # ./spec/safe_yaml_spec.rb:7:in `safe_load_round_trip' > > > # ./spec/safe_yaml_spec.rb:745:in `block (4 levels) in <top > > > (required)>' > > > > > > Finished in 0.08109 seconds (files took 0.12613 seconds to load) > > > 134 examples, 20 failures > > > > > > Failed examples: > > > > > > rspec ./spec/safe_yaml_spec.rb:29 # Psych unsafe_load allows exploits > > > through objects defined in YAML w/ !ruby/hash via custom :[]= methods > > There is an upstream PR: https://github.com/dtao/safe_yaml/pull/101 > which tried to address this, but someone who tried it still got errors. > > Last upstream commit was from 2019-02-22 and there are several PRs open and > it > looks like the maintainer hasn't responded to any of them for > 5 YEARS....
Since ruby-crack no longer depends on ruby-safe-yaml, ruby-safe-yaml should probably just be removed from testing (and Debian)... Lucas
signature.asc
Description: PGP signature
