Fix bug: fix error for Psych 4.0.0 or later

If the version of Psych was 4.0.0 or later, an error occurred with hookcc. Even a simple example like this will cause an error: $ ./outvoke.rb -e 'hookcc("every-sec") { e }' This bug appeared in version 0.0.99.20241123 (1c328546). Outvoke used Object#to_yaml and YAML.load for deep copying. This commit makes the change to use YAML.unsafe_load instead of YAML.load. Since YAML.unsafe_load is executed immediately after executing Object#to_yaml, the security risk is considered small. However, please note that this has not been carefully verified to ensure it is safe in all cases. In Outvoke, the approach for deep copying may be radically changed in the future.

Fix bug: fix error for Psych 4.0.0 or later
4688b8d7 · cleemy desu wayo · 3aefe124 · 4688b8d7
Commit 4688b8d7 authored 2 hours ago by cleemy desu wayo
--- a/outvoke.rb
+++ b/outvoke.rb
 #!/usr/bin/env ruby
 #
 # ==========================================================================
-# Outvoke -- version 0.0.99.20241231
+# Outvoke -- version 0.0.99.20250614
 #
 # written by cleemy desu wayo / Licensed under CC0 1.0
 #
@@ -31,7 +31,7 @@ class Outvoke

    @version = Struct.new(:branch, :body).new(
      '0.1',
-      '0.0.99.20241231'
+      '0.0.99.20250614'
    )

    @ds               = Hash.new
@@ -270,7 +270,7 @@ class Outvoke

    return unless event.m

-    event.m = event.m.to_a   # with YAML.load and to_yaml in mind
+    event.m = event.m.to_a   # with YAML.unsafe_load and to_yaml in mind

    event.hookby = hook["hookby"]

@@ -358,7 +358,7 @@ module OutvokeDSL
    def register_hookcc(ds_cond, event_cond, hookby, &block)
      if block_given?
        $outvoke.register_proc(ds_cond, event_cond, hookby) do |e; tmp_event|
-          tmp_event = YAML.load(e.to_yaml)    # deep copy
+          tmp_event = YAML.unsafe_load(e.to_yaml)    # deep copy

          Thread.start do
            Thread.current["hookcc_result"] = instance_exec(tmp_event , &block)