Closed bigpresh closed 4 years ago
Travis failures on perls <= 5.20 appear to be because of travis-perl/helpers#71 / https://travis-ci.community/t/failure-with-perl-5-16-5-18-5-20/2458 i.e. not because of my change.
The fix in this PR works perfectly for the other perl versions that Travis tested, and work fine on my machine (I could reproduce the error with YAML 1.30, these fixes resolve it, and the affected tests still pass against YAML 1.29).
If you get a release out today I'll buy you a beer :-)
If you get a release out today I'll buy you a beer :-)
Ahhh, you know how to motivate me :)
Do I have to come to That London to collect said beer? If so, I think I'll just buy my own at my local.
I will try to get a release out - usually I'd prefer to get a trial release out to smoke for a few days to be safe, but this is a failure that's going to bite anyone who ends up with YAML 1.30, so could do with being on CPAN ASAP.
sorry for the breaking change!
sorry for the breaking change!
No apologies needed, IMO it's a sensible change in the interests of security - and it would have been very difficult to track down all downstream modules which relied upon $YAML::LoadBlessed
but didn't explicitly set it to notify them.
Fixes for #1208 - YAML deserialisation failures with YAML.pm >= 1.30.
YAML.pm version 1.30 made a breaking change, setting
$YAML::LoadBlessed
to default to false for security: https://metacpan.org/source/TINITA/YAML-1.30/Changes#L2When we load a session from a YAML file, it will not be blessed for us any more, so bless it ourselves.