From d727d573d5ce139e8356bfca8765fc4dbcc9caa4 Mon Sep 17 00:00:00 2001
From: amammad <amg2027amg@gmail.com>
Date: Thu, 27 Apr 2023 06:48:15 +0200
Subject: [PATCH] v4.2 write exact version of yaml.load default loader change

---
 .../ruby/security/UnsafeDeserializationCustomizations.qll       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
index fcaceed1b3a..9dea66252e5 100644
--- a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
@@ -79,7 +79,7 @@ module UnsafeDeserialization {
    * for unsafe deserialization. The `YAML` module is an alias of `Psych` in
    * recent versions of Ruby.
    * the `this = yamlNode().getAMethodCall("load").getArgument(0)` is safe
-   * in recent versions of YAML library, so it will be removed in future.
+   *  in psych/yaml library after [v4.0.0](https://github.com/ruby/psych/releases/tag/v4.0.0), so it will be removed in future.
    */
   class YamlLoadArgument extends Sink {
     YamlLoadArgument() {