erb 5.1.1 → 6.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1107eb08f7e1247a41f60f23c64ad54768f22b9c16a13b806fa82778df35621
-  data.tar.gz: 8d1fdcfe00522b65de3b9043146bca73dca8612deade1a0e702583e08a45d85e
+  metadata.gz: b25d5fdfe9fee1fe6ecfb1e2e065899b51e0c1c4db0ad2d77684234b68483660
+  data.tar.gz: cd8460dbde78e4a3989a45bc2f1ac355f8ab949d2f5b15e26fbe4f049da1458b
 SHA512:
-  metadata.gz: bfa22f8482dd7f968fb5e3d01f35c5463d77a71abaa8e1ece2e42b94ea481c3143dc5c4d880d1eea017e61a0287a0c7d8f841afc2a76f5ef73c9ef18c8693a97
-  data.tar.gz: 9418c4a72cfb531f7dcdf88e505110225311a61ce30ac8d64f8d85021fad6e1983e6097f8ac31b2ac61c9a3bb81be1ec924e3ea0888645e993e55ca3a10a10b5
+  metadata.gz: dc41315bc958e50efdc1db906e998e9a6808410381be3ec70ffb0f9330b5520c89a5652fa0cf3e605caa237f52c8c5b05c9435d2a77fd08806664fdf769c56a9
+  data.tar.gz: 9937928ce2742fe22dd16317ea011984046a227782ea71b50c57b8c2d00e41534ae9f548ca8d14d2dc2a87a0fd42367462a75b56ea9e8678783c86ad0d57827a

data/NEWS.md

@@ -1,4 +1,33 @@
-# Change Log
+# Changelog
+
+## 6.0.4
+
+* Prohibit `def_method` on marshal-loaded ERB instances
+
+## 6.0.3
+
+* Exclude some files from published gem https://github.com/ruby/erb/pull/108
+
+## 6.0.2
+
+* Freeze `src` in `ERB#initialize` for Ractor compatibility https://github.com/ruby/erb/pull/105
+
+## 6.0.1
+
+* Freeze `ERB::Compiler::TrimScanner::ERB_STAG` for Ractor compatibility
+
+## 6.0.0
+
+* Remove `safe_level` and further positional arguments from `ERB.new`
+* Remove deprecated constant `ERB::Revision`
+
+## 5.1.3
+
+* Release v5.1.2 with trusted publishing for JRuby
+
+## 5.1.2
+
+* Add `changelog_uri` to spec metadata https://github.com/ruby/erb/pull/89
 
 ## 5.1.1
 

data/README.md

@@ -81,7 +81,7 @@ The ERB source code is in GitHub project [ruby/erb][ruby/erb].
 
 ## Bugs
 
-Bugs may be reported at [ERB Issues][erb issues].
+Bugfixes may be filed at [ERB Pull Requests][erb pull requests].
 
 ## License
 
@@ -90,7 +90,7 @@ of the [2-Clause BSD License][2-clause bsd license].
 
 [2-clause bsd license]: https://opensource.org/licenses/BSD-2-Clause
 [erb executable]:       rdoc-ref:erb_executable.md
-[erb issues]:           https://github.com/ruby/erb/issues
+[erb pull requests]:    https://github.com/ruby/erb/pull
 [rdoc]:                 https://ruby.github.io/rdoc/
 [ruby/erb]:             https://github.com/ruby/erb
 [ruby toolbox]:         https://www.ruby-toolbox.com/categories/template_engines

data/erb.gemspec

@@ -18,9 +18,10 @@ Gem::Specification.new do |spec|
 
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = "https://github.com/ruby/erb/blob/v#{spec.version}/NEWS.md"
 
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|\.git|\.github)/}) }
   end
   spec.bindir        = 'libexec'
   spec.executables   = ['erb']

data/ext/erb/escape/escape.c

@@ -63,16 +63,13 @@ optimized_escape_html(VALUE str)
             dest += len;
         }
     }
+    VALUE escaped = str;
     if (buf) {
         size_t segment_len = cstr - segment_start;
         if (segment_len) {
             memcpy(dest, segment_start, segment_len);
             dest += segment_len;
         }
-    }
-
-    VALUE escaped = str;
-    if (buf) {
         escaped = rb_str_new(buf, dest - buf);
         preserve_original_state(str, escaped);
         ALLOCV_END(vbuf);

data/lib/erb/compiler.rb

@@ -225,7 +225,7 @@ class ERB::Compiler # :nodoc:
       end
     end
 
-    ERB_STAG = %w(<%= <%# <%)
+    ERB_STAG = %w(<%= <%# <%).freeze
     def is_erb_stag?(s)
       ERB_STAG.member?(s)
     end
@@ -480,7 +480,6 @@ class ERB::Compiler # :nodoc:
     end
   }.new(caller(0)).c
   private_constant :WARNING_UPLEVEL
-  # :startdoc:
 
   def warn_invalid_trim_mode(mode, uplevel:)
     warn "Invalid ERB trim mode: #{mode.inspect} (trim_mode: nil, 0, 1, 2, or String composed of '%' and/or '-', '>', '<>')", uplevel: uplevel + WARNING_UPLEVEL

data/lib/erb/util.rb

@@ -2,14 +2,14 @@
 
 # Load CGI.escapeHTML and CGI.escapeURIComponent.
 # CRuby:
-#   cgi.gem v0.1.0+ (Ruby 2.7-3.4) and Ruby 3.5+ stdlib have 'cgi/escape' and CGI.escapeHTML.
-#   cgi.gem v0.3.3+ (Ruby 3.2-3.4) and Ruby 3.5+ stdlib have CGI.escapeURIComponent.
+#   cgi.gem v0.1.0+ (Ruby 2.7-3.4) and Ruby 4.0+ stdlib have 'cgi/escape' and CGI.escapeHTML.
+#   cgi.gem v0.3.3+ (Ruby 3.2-3.4) and Ruby 4.0+ stdlib have CGI.escapeURIComponent.
 # JRuby: cgi.gem has a Java extension 'cgi/escape'.
 # TruffleRuby: lib/truffle/cgi/escape.rb requires 'cgi/util'.
 require 'cgi/escape'
 
 # Load or define ERB::Escape#html_escape.
-# We don't build the C extention 'cgi/escape' for JRuby, TruffleRuby, and WASM.
+# We don't build the C extension 'cgi/escape' for JRuby, TruffleRuby, and WASM.
 # miniruby (used by CRuby build scripts) also fails to load erb/escape.so.
 begin
   require 'erb/escape'
@@ -19,6 +19,7 @@ rescue LoadError
   # A subset of ERB::Util. Unlike ERB::Util#html_escape, we expect/hope
   # Rails will not monkey-patch ERB::Escape#html_escape.
   module ERB::Escape
+    # :stopdoc:
     def html_escape(s)
       CGI.escapeHTML(s.to_s)
     end

data/lib/erb/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 class ERB
   # The string \ERB version.
-  VERSION = '5.1.1'
+  VERSION = '6.0.4'
 end

data/lib/erb.rb

@@ -60,7 +60,7 @@ require 'erb/util'
 # \ERB supports tags of three kinds:
 #
 # - [Expression tags][expression tags]:
-#   each begins with `'<%'`, ends with `'%>'`; contains a Ruby expression;
+#   each begins with `'<%='`, ends with `'%>'`; contains a Ruby expression;
 #   in the result, the value of the expression replaces the entire tag:
 #
 #         template = 'The magic word is <%= magic_word %>.'
@@ -77,7 +77,7 @@ require 'erb/util'
 #         ERB.new('Today is <%= Date::DAYNAMES[Date.today.wday] %>.').result # => "Today is Monday."
 #
 # - [Execution tags][execution tags]:
-#   each begins with `'<%='`, ends with `'%>'`; contains Ruby code to be executed:
+#   each begins with `'<%'`, ends with `'%>'`; contains Ruby code to be executed:
 #
 #          template = '<% File.write("t.txt", "Some stuff.") %>'
 #          ERB.new(template).result
@@ -467,7 +467,7 @@ require 'erb/util'
 # ```
 #
 # You can give `trim_mode: '>'` to suppress the trailing newline
-# for each line that ends with `'%<'` (regardless of its beginning):
+# for each line that ends with `'%>'` (regardless of its beginning):
 #
 # ```
 # ERB.new(template, trim_mode: '>').result.lines.each {|line| puts line.inspect }
@@ -778,9 +778,6 @@ require 'erb/util'
 # [template processor]: https://en.wikipedia.org/wiki/Template_processor
 #
 class ERB
-  Revision = '$Date::                           $' # :nodoc: #'
-  deprecate_constant :Revision
-
   # :markup: markdown
   #
   # :call-seq:
@@ -827,60 +824,21 @@ class ERB
   #
   # It's good practice to choose a variable name that begins with an underscore: `'_'`.
   #
-  # <b>Backward Compatibility</b>
-  #
-  # The calling sequence given above -- which is the one you should use --
-  # is a simplified version of the complete formal calling sequence,
-  # which is:
-  #
-  # ```
-  # ERB.new(template,
-  # safe_level=NOT_GIVEN, legacy_trim_mode=NOT_GIVEN, legacy_eoutvar=NOT_GIVEN,
-  # trim_mode: nil, eoutvar: '_erbout')
-  # ```
-  #
-  # The second, third, and fourth positional arguments (those in the second line above) are deprecated;
-  # this method issues warnings if they are given.
-  #
-  # However, their values, if given, are handled thus:
-  #
-  # - `safe_level`: ignored.
-  # - `legacy_trim_mode`: overrides keyword argument `trim_mode`.
-  # - `legacy_eoutvar`: overrides keyword argument `eoutvar`.
-  #
   # [blank line control]: rdoc-ref:ERB@Suppressing+Unwanted+Blank+Lines
   # [combine trim modes]: rdoc-ref:ERB@Combining+Trim+Modes
   # [newline control]: rdoc-ref:ERB@Suppressing+Unwanted+Newlines
   # [shorthand format]: rdoc-ref:ERB@Shorthand+Format+for+Execution+Tags
   #
-  def initialize(str, safe_level=NOT_GIVEN, legacy_trim_mode=NOT_GIVEN, legacy_eoutvar=NOT_GIVEN, trim_mode: nil, eoutvar: '_erbout')
-    # Complex initializer for $SAFE deprecation at [Feature #14256]. Use keyword arguments to pass trim_mode or eoutvar.
-    if safe_level != NOT_GIVEN
-      warn 'Passing safe_level with the 2nd argument of ERB.new is deprecated. Do not use it, and specify other arguments as keyword arguments.', uplevel: 1
-    end
-    if legacy_trim_mode != NOT_GIVEN
-      warn 'Passing trim_mode with the 3rd argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, trim_mode: ...) instead.', uplevel: 1
-      trim_mode = legacy_trim_mode
-    end
-    if legacy_eoutvar != NOT_GIVEN
-      warn 'Passing eoutvar with the 4th argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, eoutvar: ...) instead.', uplevel: 1
-      eoutvar = legacy_eoutvar
-    end
-
+  def initialize(str, trim_mode: nil, eoutvar: '_erbout')
     compiler = make_compiler(trim_mode)
     set_eoutvar(compiler, eoutvar)
     @src, @encoding, @frozen_string = *compiler.compile(str)
+    @src.freeze
     @filename = nil
     @lineno = 0
     @_init = self.class.singleton_class
   end
 
-  # :markup: markdown
-  #
-  # Placeholder constant; used as default value for certain method arguments.
-  NOT_GIVEN = defined?(Ractor) ? Ractor.make_shareable(Object.new) : Object.new
-  private_constant :NOT_GIVEN
-
   # :markup: markdown
   #
   # :call-seq:
@@ -894,7 +852,6 @@ class ERB
   # # => #<ERB::Compiler:0x000001cff9467678 @insert_cmd="print", @percent=false, @post_cmd=[], @pre_cmd=[], @put_cmd="print", @trim_mode=nil>
   # ```
   #
-
   def make_compiler(trim_mode)
     ERB::Compiler.new(trim_mode)
   end
@@ -1130,6 +1087,9 @@ class ERB
   # ```
   #
   def def_method(mod, methodname, fname='(ERB)')
+    unless @_init.equal?(self.class.singleton_class)
+      raise ArgumentError, "not initialized"
+    end
     src = self.src.sub(/^(?!#|$)/) {"def #{methodname}\n"} << "\nend\n"
     mod.module_eval do
       eval(src, binding, fname, -1)
@@ -1211,7 +1171,6 @@ class ERB
   # </html>
   # ```
   #
-  #
   def def_class(superklass=Object, methodname='result')
     cls = Class.new(superklass)
     def_method(cls, methodname, @filename || '(ERB)')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: erb
 version: !ruby/object:Gem::Version
-  version: 5.1.1
+  version: 6.0.4
 platform: ruby
 authors:
 - Masatoshi SEKI
@@ -21,13 +21,9 @@ extensions:
 extra_rdoc_files: []
 files:
 - ".document"
-- ".github/dependabot.yml"
-- ".github/workflows/dependabot_automerge.yml"
-- ".github/workflows/sync-ruby.yml"
-- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rdoc_options"
-- BDSL
+- BSDL
 - COPYING
 - Gemfile
 - LICENSE.txt
@@ -54,6 +50,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/ruby/erb
   source_code_uri: https://github.com/ruby/erb
+  changelog_uri: https://github.com/ruby/erb/blob/v6.0.4/NEWS.md
 rdoc_options: []
 require_paths:
 - lib

data/.github/dependabot.yml

@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: 'github-actions'
-    directory: '/'
-    schedule:
-      interval: 'monthly'

data/.github/workflows/dependabot_automerge.yml

@@ -1,30 +0,0 @@
-name: Dependabot auto-merge
-on:
-  pull_request:
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  automerge:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'ruby/erb'
-    steps:
-      - name: Dependabot metadata
-        uses: dependabot/fetch-metadata@v2
-        id: metadata
-
-      - name: Wait for status checks
-        uses: lewagon/wait-on-check-action@v1
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          ref: ${{ github.event.pull_request.head.sha || github.sha }}
-          check-regexp: 'build \(.*\)'
-          wait-interval: 30
-
-      - name: Auto-merge for Dependabot PRs
-        run: gh pr merge --auto --rebase "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.MATZBOT_DEPENDABOT_MERGE_TOKEN }}

data/.github/workflows/sync-ruby.yml

@@ -1,33 +0,0 @@
-name: Sync ruby
-on:
-  push:
-    branches: [master]
-jobs:
-  sync:
-    name: Sync ruby
-    runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'ruby' }}
-    steps:
-      - uses: actions/checkout@v5
-
-      - name: Create GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: 2060836
-          private-key: ${{ secrets.RUBY_SYNC_DEFAULT_GEMS_PRIVATE_KEY }}
-          owner: ruby
-          repositories: ruby
-
-      - name: Sync to ruby/ruby
-        uses: convictional/trigger-workflow-and-wait@v1.6.5
-        with:
-          owner: ruby
-          repo: ruby
-          workflow_file_name: sync_default_gems.yml
-          github_token: ${{ steps.app-token.outputs.token }}
-          ref: master
-          client_payload: |
-            {"gem":"${{ github.event.repository.name }}","before":"${{ github.event.before }}","after":"${{ github.event.after }}"}
-          propagate_failure: true
-          wait_interval: 10

data/.github/workflows/test.yml

@@ -1,36 +0,0 @@
-name: test
-
-on:
-  push:
-    branches: [master]
-  pull_request:
-  workflow_dispatch:
-
-jobs:
-  ruby-versions:
-    uses: ruby/actions/.github/workflows/ruby_versions.yml@master
-    with:
-      engine: cruby
-      versions: '["jruby", "truffleruby-head"]'
-
-  test:
-    needs: ruby-versions
-    name: build (${{ matrix.ruby }} / ${{ matrix.os }})
-    strategy:
-      matrix:
-        ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
-        os: [ubuntu-latest]
-      fail-fast: false
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v5
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
-    - name: Run test
-      run: bundle exec rake test
-    - name: RDoc coverage
-      run: |
-        rdoc -C .