ruby.git/spec/bundler/commands/lock_spec.rb, branch v4.0.4 The Ruby Programming Language [ruby/rubygems] Fixed checksums generation issue when no source is specified 2025-11-28T22:50:49+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2025-11-28T07:57:15+00:00 bb2e4d58cce135d3609dba1ee17ed614522a88bf https://github.com/ruby/rubygems/commit/bb4d791cb4 
https://github.com/ruby/rubygems/commit/bb4d791cb4
[ruby/rubygems] Improve error messages and handling in tests 2025-11-20T22:02:28+00:00 eileencodes eileencodes@gmail.com 2025-11-19T17:08:43+00:00 cb9c7a6a0a451fc158055145d0bce4891b62e32f This is a first pass to improve the way errors are handled and raised in bundler's tests. The goal is to clean up tests and modernize them - these were some obvious areas that could be cleaned up. - Instead of raising "ZOMG" in the load error tests, it now tests for the actual error and gem raising. - Improve error messages where applicable. - All errors raise a specific error class, rather than falling back to a default and just setting a message. - Removed arguments and `bundle_dir` option from `TheBundle` class as it wasn't actually used so therefore we don't need to raise an error for extra arguments. - Removed error from `BundlerBuilder`, as it won't work if it's not `bundler`, also it never uses `name`. The only reaon `name` is passed in is because of metaprogramming on loading the right builder. I think that should eventually be refactored. - Replaced and removed `update_repo3` and `update_repo4` in favor of just `build_repo3` and `build_repo4`. Rather than tell someone writing tests to use a different method, automatically use the right method. https://github.com/ruby/rubygems/commit/68c39c8451 
This is a first pass to improve the way errors are handled and raised in
bundler's tests. The goal is to clean up tests and modernize them -
these were some obvious areas that could be cleaned up.

- Instead of raising "ZOMG" in the load error tests, it now tests for
the actual error and gem raising.
- Improve error messages where applicable.
- All errors raise a specific error class, rather than falling back to a
default and just setting a message.
- Removed arguments and `bundle_dir` option from `TheBundle` class as it wasn't
actually used so therefore we don't need to raise an error for extra
arguments.
- Removed error from `BundlerBuilder`, as it won't work if it's not
`bundler`, also it never uses `name`. The only reaon `name` is passed
in is because of metaprogramming on loading the right builder. I
think that should eventually be refactored.
- Replaced and removed `update_repo3` and `update_repo4` in favor of
just `build_repo3` and `build_repo4`. Rather than tell someone writing
tests to use a different method, automatically use the right method.

https://github.com/ruby/rubygems/commit/68c39c8451
[ruby/rubygems] Fix triple spacing when generating lockfile 2025-11-14T00:19:56+00:00 Jimmy Lin jmlntw@gmail.com 2021-09-05T11:38:49+00:00 5924765b897dd419bcaf81f34cdfcb49c838af7e https://github.com/ruby/rubygems/commit/d3baf4110e 
https://github.com/ruby/rubygems/commit/d3baf4110e
[ruby/rubygems] Use dummy gem instead of uri. 2025-10-27T07:33:44+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2025-10-27T06:04:14+00:00 504a1ba7eec657c195450dda7625aa8825b2ecb9 If we install uri-1.0.4 as default gems. The example may be failed with version miss-match. https://github.com/ruby/rubygems/commit/fd2dcb502b 
If we install uri-1.0.4 as default gems. The example may be failed with
version miss-match.

https://github.com/ruby/rubygems/commit/fd2dcb502b
[rubygems/rubygems] Add checksum of gems hosted on private servers: 2025-10-15T09:54:50+00:00 Edouard CHIN chin.edouard@gmail.com 2025-10-09T15:23:43+00:00 dce202d6d653dfc1b2c64822fe53066c3c558a78 - ### Problem Running `bundle lock --add-checksums` doesn't add the checksum of gems hosted on server that don't implement the compact index API. This result in a lockfile which is unusable in production as some checksums will be missing and Bundler raising an error. Users can work around this problem by running: `BUNDLE_LOCKFILE_CHECKSUMS=true bundle install --force` But this means redownloading and installing all gems which isn't great and slow on large apps. ### Context Bundler uses the Compact Index API to get the checksum of gems, but most private gem servers don't implement the compact index API (such as cloudsmith or packagecloud). This results in a soft failure on bundler side, and bundler leaving out blank checksum for those gems. ### Solution For gems that are hosted on private servers that don't send back the checksum of the gem, I'd like to fallback to the `bundle install` mechanism, which don't rely on an external API but instead compute the checksum of the package installed on disk. This patch goes through the spec that didn't return a checksum, and compute one if the package exists on disk. This solution makes the `bundle lock --add-checksums` command actually usable in real world scenarios while keeping the `bundle lock` command fast enough. https://github.com/rubygems/rubygems/commit/8e9abb5472 
- ### Problem

  Running `bundle lock --add-checksums` doesn't add the checksum of
  gems hosted on server that don't implement the compact index API.

  This result in a lockfile which is unusable in production as
  some checksums will be missing and Bundler raising an error.
  Users can work around this problem by running:

  `BUNDLE_LOCKFILE_CHECKSUMS=true bundle install --force`

  But this means redownloading and installing all gems which isn't
  great and slow on large apps.

  ### Context

  Bundler uses the Compact Index API to get the checksum of gems,
  but most private gem servers don't implement the compact index API
  (such as cloudsmith or packagecloud). This results in a soft failure
  on bundler side, and bundler leaving out blank checksum for those
  gems.

  ### Solution

  For gems that are hosted on private servers that don't send back
  the checksum of the gem, I'd like to fallback to the
  `bundle install` mechanism, which don't rely on an external API but
  instead compute the checksum of the package installed on disk.

  This patch goes through the spec that didn't return a checksum,
  and compute one if the package exists on disk.
  This solution makes the  `bundle lock --add-checksums` command
  actually usable in real world scenarios while keeping the
  `bundle lock` command fast enough.

https://github.com/rubygems/rubygems/commit/8e9abb5472
[rubygems/rubygems] Switch `lockfile_checksums` to be true by default 2025-09-19T10:30:10+00:00 David Rodríguez 2887858+deivid-rodriguez@users.noreply.github.com 2025-09-09T17:20:53+00:00 44a4f88159127e8d49bd3dfddcaa32233f57dd85 https://github.com/rubygems/rubygems/commit/47c3dc19ee Co-authored-by: Jonathan Barquero <jonbarlo@hotmail.com> 
https://github.com/rubygems/rubygems/commit/47c3dc19ee

Co-authored-by: Jonathan Barquero <jonbarlo@hotmail.com>
[rubygems/rubygems] Fix `bundle lock` regression when using `update` and `lockfile` flags: 2025-09-03T14:38:37+00:00 Edouard CHIN chin.edouard@gmail.com 2025-08-13T00:33:03+00:00 50d4622637b73715d20c5112f38d6fae0109c78f - Ref #8917 - ### Problem Prior to Bundler 2.5.6, running `bundle lock --update foo --lockfile Gemfile_bumped.lock` would update only the foo gem and write the lockfile to the `Gemfile_bumped.lock`. In Bundler 2.5.6 and above running the same command, updates absolutely all gems. This change is related to #7047 ### Solution We decided to expose the `write_lock` method rather than going through a complex deprecation cycle of the `lock` method. This commit applies the same business logic as prios to 2.5.6 where, we build the definition using the existing lockfile, make changes to the definition and dump it into the desired lockfile. https://github.com/rubygems/rubygems/commit/c88f00c41d 
- Ref #8917
- ### Problem

  Prior to Bundler 2.5.6, running
  `bundle lock --update foo --lockfile Gemfile_bumped.lock` would
  update only the foo gem and write the lockfile to the
  `Gemfile_bumped.lock`.

  In Bundler 2.5.6 and above running the same command, updates
  absolutely all gems.
  This change is related to #7047

  ### Solution

  We decided to expose the `write_lock` method rather than going
  through a complex deprecation cycle of the `lock` method.

  This commit applies the same business logic as prios to 2.5.6 where,
  we build the definition using the existing lockfile, make changes to
  the definition and dump it into the desired lockfile.

https://github.com/rubygems/rubygems/commit/c88f00c41d
[rubygems/rubygems] Fix truffleruby failing to install sorbet-static when there's no lockfile 2025-07-30T02:19:26+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-07-25T13:24:46+00:00 e42f1aaa5aa77b51f6c590a23be59cd61776ae2d The generic Ruby platform was getting unconditionally added in truffleruby, preventing resolution in situations where there's no generic ruby version (sorbet-static). Instead, the generic platform should be considered per dependency, not globally. https://github.com/rubygems/rubygems/commit/a96afc5351 
The generic Ruby platform was getting unconditionally added in
truffleruby, preventing resolution in situations where there's no
generic ruby version (sorbet-static). Instead, the generic platform
should be considered per dependency, not globally.

https://github.com/rubygems/rubygems/commit/a96afc5351
[rubygems/rubygems] Lock specs don't need the real rake gem 2025-07-02T01:34:18+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-06-24T10:37:44+00:00 e1896c1910b9a6537019898d9dfde6889363112b https://github.com/rubygems/rubygems/commit/d795b8fcb4 
https://github.com/rubygems/rubygems/commit/d795b8fcb4
[rubygems/rubygems] Ignore local specifications if they have incorrect dependencies 2025-06-06T01:22:29+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-04-23T11:27:14+00:00 ca1c46d33c9ef86c288d4ae4226644451b4dedec Currently ruby-dev installs an incorrect gemspec for rdoc, that does not declare its dependency on psych. This seems like a ruby-core bug, but it seems best for Bundler to ignore it, go with the remote specification instead, and print a warning. https://github.com/rubygems/rubygems/commit/227cafd657 
Currently ruby-dev installs an incorrect gemspec for rdoc, that does not
declare its dependency on psych.

This seems like a ruby-core bug, but it seems best for Bundler to ignore
it, go with the remote specification instead, and print a warning.

https://github.com/rubygems/rubygems/commit/227cafd657