Jan Sandbrink

Hey, just wanted to let you know that I actually fell into that pit today. I *assumed* my base class instance variables would be picked up in subclasses, but actually...

As far as I can tell this is the standard way. E.g. API keys for rubygems.org are also just API keys and have no username: https://guides.rubygems.org/rubygems-org-api/#api-authorization

Anything that can be done to bring this forward? This starts to be problematic for us and we are currently weighing our options: * downgrade to 1.2 * wait for...

Just in case this is helpful to anyone: We are currently using a local fork of `geminabox` with this PR applied, so it can continue serving a mix of internal...

Hmmm those CI failures are interesting... sadly I did not yet get the specs running on my local system, but at least the failures look very much like a problem...

Just some feedback because of the long silence: I am still investigating those CI failures. The good thing: Apparently by proposing my fix, I just triggered the exact problem that...

I am wondering: What is the failing spec (`sinatra/multi_app_spec.rb`) supposed to test? Apparently it is about applications that contain multiple sinatra applications? However: You would normally not inherit from `Sinatra::Application`...

A little silent in here... I think the override was removed in https://github.com/intridea/omniauth-oauth2/pull/70. However, now the callback_url contains the `code` and `state` query parameters for me: ``` ruby >> callback_url...

As far as I can tell there is currently no place instantiating a `SecurityAdvisory` in `dependabot-core`, so I guess what's necessary is downloading a list in your own script and...

If it helps, I asked a similar question on the commit introducing the deprecation and got [the following response](https://github.com/redis/redis-rb/commit/9745e22db65ac294be51ed393b584c0f8b72ae98) from @byroot: ----- Because multi-threaded environments are very much the default...