Don't require open-uri

[aripollak]

It isn't needed here anyway, and is extremely dangerous from a security perspective - simply doing a require 'css_parser' causes every open() in the calling program to suddenly start accepting any HTTP/FTP URIs, which could be very surprising and unexpected.

[morten]

open is used here https://github.com/alexdunae/css_parser/blob/master/lib/css_parser/parser.rb#L428 - if you can move the require around and still make things work then that would be a better solution

[aripollak]

open is used there, but it's only used to open a local file - so the built-in Ruby open should work fine.

[nextmat]

+1 this seems like a nasty violation of principle of least surprise.