ruby.git/spec/bundler/install/gems/resolving_spec.rb, branch v4.0.2 The Ruby Programming Language [ruby/rubygems] Fix triple spacing when generating lockfile 2025-11-14T00:19:56+00:00 Jimmy Lin jmlntw@gmail.com 2021-09-05T11:38:49+00:00 5924765b897dd419bcaf81f34cdfcb49c838af7e https://github.com/ruby/rubygems/commit/d3baf4110e 
https://github.com/ruby/rubygems/commit/d3baf4110e
[rubygems/rubygems] Fix false positive warning about insecurely materialized gem 2025-04-15T07:47:16+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-04-12T13:53:13+00:00 00389b664bc6f5faaaaef9ddb2fb706052a20de4 In frozen mode, the previous logic would not set the platform locked originally in the materialized specification, and that would trigger the warning about insecure materialization incorrectly. https://github.com/rubygems/rubygems/commit/a18001e10c 
In frozen mode, the previous logic would not set the platform locked
originally in the materialized specification, and that would trigger the
warning about insecure materialization incorrectly.

https://github.com/rubygems/rubygems/commit/a18001e10c
[rubygems/rubygems] Fix edge case making `bundle update` behave incorrectly 2025-04-14T07:17:50+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-04-10T19:03:44+00:00 ce2640dde8c65d9e11c3bc2249c5cd5bb7d0dbce If both a native and a generic version are locked, but the native version is incompatible with the running Ruby, Bundler will still keep the native version in the lockfile, since it could be potentially useful when using other rubies. However, when `bundle update` is run, this was not the case because the locked native gems were not using the right source when materializing. They were using the lockfile source instead of the Gemfile source, and that meant they could not be found when materializing, because the lockfile source always uses local mode so does not see them. The effect of this was normally that they were incorrectly removed from the lockfile and a strange "this spec has been possibly yanked" was printed in verbose mode. However, in certain situations (i.e., when the generic gem would bring extra dependencies), it could also make `bundle update` crash. The solution is, when adding this extra locked specs to the result after resolving, maybe sure they inherit the source from the resolved specs, so they can be found when materializing. `bundle install` did not have the issue because it passes locked specs to the resolver, and assigns the right source to them in `Definition#converge_locked_specs`. https://github.com/rubygems/rubygems/commit/91ce881fda 
If both a native and a generic version are locked, but the native
version is incompatible with the running Ruby, Bundler will still keep
the native version in the lockfile, since it could be potentially useful
when using other rubies.

However, when `bundle update` is run, this was not the case because the
locked native gems were not using the right source when materializing.
They were using the lockfile source instead of the Gemfile source, and
that meant they could not be found when materializing, because the
lockfile source always uses local mode so does not see them.

The effect of this was normally that they were incorrectly removed from
the lockfile and a strange "this spec has been possibly yanked" was
printed in verbose mode. However, in certain situations (i.e., when the
generic gem would bring extra dependencies), it could also make `bundle
update` crash.

The solution is, when adding this extra locked specs to the result after
resolving, maybe sure they inherit the source from the resolved specs,
so they can be found when materializing.

`bundle install` did not have the issue because it passes locked specs
to the resolver, and assigns the right source to them in
`Definition#converge_locked_specs`.

https://github.com/rubygems/rubygems/commit/91ce881fda
[rubygems/rubygems] Consistently use "lockfile" over "lock file" 2025-03-24T04:25:07+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-03-12T17:16:57+00:00 bb1b5877a7b2dba79c81275f32b7cc5485323540 https://github.com/rubygems/rubygems/commit/e891be9197 
https://github.com/rubygems/rubygems/commit/e891be9197
[rubygems/rubygems] Remove unnecessary platform helpers 2025-01-28T06:31:49+00:00 David Rodríguez deivid.rodriguez@riseup.net 2025-01-23T10:58:28+00:00 09b04fefb728bf0514e0e911aac894e05abaa605 I think they add unnecessary indirection and inconsistency to the specs. https://github.com/rubygems/rubygems/commit/609924d985 
I think they add unnecessary indirection and inconsistency to the specs.

https://github.com/rubygems/rubygems/commit/609924d985
[rubygems/rubygems] Allow some materialized specs to be missing 2024-11-26T06:11:05+00:00 David Rodríguez deivid.rodriguez@riseup.net 2024-11-18T13:18:40+00:00 44ad2e3f388180a2018abf4415a73522aca52bdd As long as some spec in the materialization is complete. https://github.com/rubygems/rubygems/commit/9a673b0bbb 
As long as some spec in the materialization is complete.

https://github.com/rubygems/rubygems/commit/9a673b0bbb
[rubygems/rubygems] This is not about the lockfile anymore 2024-11-06T13:16:57+00:00 David Rodríguez deivid.rodriguez@riseup.net 2024-10-04T12:22:10+00:00 40a2e8e9cfbe6e9003a4deff2bf44fffbee11437 https://github.com/rubygems/rubygems/commit/f2e0a72291 
https://github.com/rubygems/rubygems/commit/f2e0a72291
Fix truffleruby removing gems from lockfile 2024-08-05T02:58:07+00:00 David Rodríguez deivid.rodriguez@riseup.net 2024-06-26T11:11:16+00:00 7285e7649340ef18d307092d294b3d190e3d80b2 When resolving on truffleruby, and multiple platforms are included in the lockfile, Bundler will not respect existing platforms, but always force ruby variants. That means removal of existing version specific variants, introducing lockfile churn between implementations. To prevent this, we introduce the distinction between `Dependency#force_ruby_platform`, only settable via Gemfile, and `Dependency#default_force_ruby_platform`, which is always true on truffleruby for certain dependency names. This way, when resolving lockfile gems for other platforms on truffleruby, we keep platform specific variants in the lockfile. However, that introduces the problem that if only platform specific variants are locked in the lockfile, Bundler won't be able to materialize on truffleruby because the generic variant will be missing. To fix this additional problem, we make sure the generic "ruby" platform is always added when resolving on truffleruby. 
When resolving on truffleruby, and multiple platforms are included in
the lockfile, Bundler will not respect existing platforms, but always
force ruby variants. That means removal of existing version specific
variants, introducing lockfile churn between implementations.

To prevent this, we introduce the distinction between
`Dependency#force_ruby_platform`, only settable via Gemfile, and
`Dependency#default_force_ruby_platform`, which is always true on
truffleruby for certain dependency names. This way, when resolving
lockfile gems for other platforms on truffleruby, we keep platform
specific variants in the lockfile.

However, that introduces the problem that if only platform specific
variants are locked in the lockfile, Bundler won't be able to
materialize on truffleruby because the generic variant will be missing.
To fix this additional problem, we make sure the generic "ruby" platform
is always added when resolving on truffleruby.
[rubygems/rubygems] Enable checksums on Bundler 3 for fresh lockfiles 2024-07-23T19:40:09+00:00 David Rodríguez deivid.rodriguez@riseup.net 2024-06-27T17:53:52+00:00 481c83453b447f2645a146bc5c45199659c71860 And get specs passing. https://github.com/rubygems/rubygems/commit/c23b5f5b84 
And get specs passing.

https://github.com/rubygems/rubygems/commit/c23b5f5b84
[rubygems/rubygems] Normalize a few specs using sources 2024-07-23T19:40:08+00:00 David Rodríguez deivid.rodriguez@riseup.net 2024-06-27T17:50:59+00:00 b0a0eda2314968def241a94b36e25ce2affe655e Use the standard sources to avoid having to explictly pass ENV with the repo. https://github.com/rubygems/rubygems/commit/95055dba57 
Use the standard sources to avoid having to explictly pass ENV with the repo.

https://github.com/rubygems/rubygems/commit/95055dba57