Fix for ruby 3.3.0

[mattlindsey]

Fixes #4

Commenting out line 45 in method_whitelist.rb fixes the problem, but I don't understand enough to know if that is a valid fix.
It may certainly break something, so does anyone have any ideas?

Also, I just tried other examples like SafeRuby.eval('system("rm *")') and seem to still be getting the marshal file error, so it might be a different problem...

[andreibondarev]

@theycallmeswift Do you have merge authority to the repo? :)

[mattlindsey]

There are still issues since following test works for ruby 2.x.x but gives marshal file error in > 3.0.0:

expect(SafeRuby.eval("x = String.new('zzz')")).to eq 'zzz'

[ukutaht]

Sorry all, I'm not really maintaining this library anymore. Happy to transfer it to someone else who would take better care of it :)

[ukutaht]

Alternatively, feel free to fork

[ausangshukla]

Changes required to make this work.

1. Fork and Change all Marshal to YAML
2. Add this in an initializer

module YAML
    class << self
      alias_method :load, :unsafe_load
    end
end

It will work

[merefield]

@ausangshukla have to disagree.

Marshall is working fine for me under Ruby 3.3.0 and 3.3.2.

I have pulled this code into my own library folder and run the specs, and they all pass.

the existing changes in this PR seem at a glance to be sufficient.

It would be great if someone had the bandwidth to take this over and add a tests workflow as it's hard to keep track of changes versus test success.

[jeromeag]

I have forked on gitlab/defmastership with a mirror on github

• merged https://github.com/mattlindsey/safe_ruby/tree/update-deps to fix issue #4
• add a GitLab CI/CD (I don't know GitHub actions, and i'm fluent with Gitlab CICD :) )
• add some rubocop inspection and most rubocop remarks fixes.

I agree to take the lead on this Gem... and push a fixed 1.0.5 on rubygems.org

@ukutaht let me know if you agree.