Branch: refs/heads/master Home: https://github.com/openSUSE/open-build-service Commit: 824386e5e8a77d44041329f8b517d8a0d0e7c4dd https://github.com/openSUSE/open-build-service/commit/824386e5e8a77d44041329... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-31 (Tue, 31 Jul 2018) Changed paths: M src/api/.rubocop_todo.yml M src/api/app/controllers/webui/obs_factory/staging_projects_controller.rb Log Message: ----------- Solve Security/YAMLLoad cop Prefer using YAML.safe_load over YAML.load. This restricts the kind of objects that will be deserialized by YAML.load and avoid exploits. https://ruby-doc.org/stdlib-2.3.3/libdoc/yaml/rdoc/YAML.html#module-YAML-lab... http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/ Commit: 0f423c0adde85320a4019592b3f325f5853ad941 https://github.com/openSUSE/open-build-service/commit/0f423c0adde85320a40195... Author: David Kang <dkang@suse.com> Date: 2018-07-31 (Tue, 31 Jul 2018) Changed paths: M src/api/.rubocop_todo.yml M src/api/app/controllers/webui/obs_factory/staging_projects_controller.rb Log Message: ----------- Merge pull request #5517 from bgeuken/bugfix/yaml_load Solve Security/YAMLLoad cop Compare: https://github.com/openSUSE/open-build-service/compare/cb38f203f2ae...0f423c... **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.