ruby.git/lib/bundler/remote_specification.rb, branch v4.0.2

[rubygems/rubygems] Warn on insecure materialization

2024-11-08T12:06:32+00:00

https://github.com/rubygems/rubygems/commit/bc2537de71

Merge RubyGems-3.5.2 and Bundler-2.5.2

2023-12-21T22:24:04+00:00

[rubygems/rubygems] Refactor to checksums stored via source

2023-10-23T04:59:01+00:00

This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source

This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum

Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!

Add checksums to dev lockfiles

Handle full name conflicts from different original_platforms when adding checksums to store from compact index

Specs passing on Bundler 3

https://github.com/rubygems/rubygems/commit/86c7084e1c

[rubygems/rubygems] Use the server checksum, then calculate from gem on disk if possible

2023-10-23T04:59:01+00:00

1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server

2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs

3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today

Add the checksums to specs in the index if we already have them

Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.

https://github.com/rubygems/rubygems/commit/de00a4f153

Don't suggest retrying with `--full-index` on gemspec errors

2023-03-23T08:18:49+00:00

We're actually already using the full index here, so it makes no sense
to suggest retrying the same thing.

Fix flaky when making materialized specs uniq

2023-03-23T08:18:49+00:00

Sometimes we'll have an heterogenous array of specs which include
`Gem::Specification` objects, which don't define `#identifier`. Let's
use `#full_name` consistently.

Merge RubyGems/Bundler master

2022-10-18T07:33:15+00:00

  https://github.com/rubygems/rubygems/commit/6214d00b2315ed37c76b1fbc1c72f61f92ba5a65

Merge rubygems/bundler HEAD

2022-08-23T01:45:57+00:00

  Pick from https://github.com/rubygems/rubygems/commit/6b3a5a9ab0453463381a8164efb6298ea9eb776f

Merge rubygems/bundler HEAD

2022-07-26T05:38:17+00:00

  Merge from https://github.com/rubygems/rubygems/commit/2af2520b4a7ab1c6eb1fdc3d2ef4d8c062d96ad7

[rubygems/rubygems] Fix regression with old marshaled specs having null required_rubygems_version

2022-01-19T02:20:36+00:00

https://github.com/rubygems/rubygems/commit/91f07a0208