Skip to content

Rebase MissingAttribute patch onto v0.4.1 and clear security advisories#3

Closed
alexstoick wants to merge 23 commits into
masterfrom
rinsed/v0.4.1-missing-attribute
Closed

Rebase MissingAttribute patch onto v0.4.1 and clear security advisories#3
alexstoick wants to merge 23 commits into
masterfrom
rinsed/v0.4.1-missing-attribute

Conversation

@alexstoick

Copy link
Copy Markdown

What

Rebase our MissingAttribute patch onto upstream SmartBear v0.4.1 and regenerate Gemfile.lock.

Why

This repo had 60+ open Dependabot alerts, all against Gemfile.lock dev dependencies (rack, nokogiri, jwt, addressable, json) pinned to 2020-era versions. Rebasing onto v0.4.1 and regenerating the lock moves them to patched versions and clears the alerts.

Contents

  • a0aa6a3 — the existing "Raise error with missing attribute" patch, cherry-picked onto v0.4.1 (Replacement#_eval was unchanged upstream, so it applied cleanly).
  • bb7712d — regenerated Gemfile.lock (rack 3.2.6, nokogiri 1.19.3, jwt 2.10.3, addressable 2.9.0, json 2.19.8).

Verification

Gem suite passes on v0.4.1 + parslet 2.0 + patch: 37 examples, 0 failures. Also validated against rinsed-web's Handlebars specs (159 examples, 0 failures) in rinsed-org/web#23156, which bumps the consuming ref to bb7712d.

🤖 Generated with Claude Code

creature and others added 23 commits July 12, 2020 11:29
Bumps [json](https://github.com/flori/json) from 2.1.0 to 2.3.1.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v2.1.0...v2.3.1)

Signed-off-by: dependabot[bot] <support@github.com>
This allows for parsing a handlebars template once, and then evaluating
it multiple times in a clean context, potentially simultaneously.
Basic support for the "with" template helper
This prevents uninitialized constant errors for environments where there isn't another gem already requiring CGI
Regenerate Gemfile.lock on top of v0.4.1 so the gem's dev dependencies
(rack, nokogiri, jwt, addressable, json) move to patched versions,
clearing the open Dependabot alerts on this repo.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@alexstoick alexstoick closed this Jun 5, 2026
@alexstoick alexstoick deleted the rinsed/v0.4.1-missing-attribute branch June 5, 2026 11:34
@alexstoick alexstoick restored the rinsed/v0.4.1-missing-attribute branch June 5, 2026 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants