[DRE-maint] Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:
Lucas Nussbaum
lucas at debian.org
Mon Dec 26 16:54:13 GMT 2022
On 17/12/22 at 14:51 +0100, Diederik de Haas wrote:
> On 13 Sep 2022 09:00:07 -0300 Antonio Terceiro <terceiro at debian.org> wrote:
> > Source: ruby-safe-yaml
> > Version: 1.0.5-2
> > Justification: FTBFS
> > Usertags: ruby3.1
> >
> > We are about to start the ruby3.1 transition in unstable. While trying to
> > rebuild ruby-safe-yaml with ruby3.1 enabled, the build failed.
> >
> > Relevant part of the build log (hopefully):
> > > ArgumentError:
> > > wrong number of arguments (given 2, expected 1)
> > > # ./lib/safe_yaml/load.rb:149:in `load'
> > > # ./lib/safe_yaml.rb:29:in `safe_load'
> > > # ./spec/safe_yaml_spec.rb:7:in `safe_load_round_trip'
> > > # ./spec/safe_yaml_spec.rb:745:in `block (4 levels) in <top
> > > (required)>'
> > >
> > > Finished in 0.08109 seconds (files took 0.12613 seconds to load)
> > > 134 examples, 20 failures
> > >
> > > Failed examples:
> > >
> > > rspec ./spec/safe_yaml_spec.rb:29 # Psych unsafe_load allows exploits
> > > through objects defined in YAML w/ !ruby/hash via custom :[]= methods
>
> There is an upstream PR: https://github.com/dtao/safe_yaml/pull/101
> which tried to address this, but someone who tried it still got errors.
>
> Last upstream commit was from 2019-02-22 and there are several PRs open and it
> looks like the maintainer hasn't responded to any of them for > 5 YEARS....
Since ruby-crack no longer depends on ruby-safe-yaml, ruby-safe-yaml
should probably just be removed from testing (and Debian)...
Lucas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20221226/3d6ed497/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list