ruby.git/spec/bundler/install/yanked_spec.rb, branch v3_3_11 The Ruby Programming Language Update RubyGems 3.5.16 and Bundler 2.5.16 for Ruby 3.3 (#11252) 2024-07-30T16:05:54+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-07-30T16:05:54+00:00 f85c7deacc25738bd83ba182370c283ba82b61d4 * Merge RubyGems-3.5.12 and Bundler-2.5.12 * Merge RubyGems-3.5.13 and Bundler-2.5.13 * Merge RubyGems-3.5.14 and Bundler-2.5.14 * Merge RubyGems-3.5.15 and Bundler-2.5.15 * Merge RubyGems-3.5.16 and Bundler-2.5.16 
* Merge RubyGems-3.5.12 and Bundler-2.5.12

* Merge RubyGems-3.5.13 and Bundler-2.5.13

* Merge RubyGems-3.5.14 and Bundler-2.5.14

* Merge RubyGems-3.5.15 and Bundler-2.5.15

* Merge RubyGems-3.5.16 and Bundler-2.5.16
 Merge RubyGems 3.5.11 and Bundler 2.5.11 for Ruby 3.3 (#10870) 2024-06-05T04:36:46+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-06-05T04:36:46+00:00 06f470ce66be24f82d3720dd2bb08b18b16753ac Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> 
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
 Merge RubyGems 3.5.9 and Bundler 2.5.9 (Fixed CI at Ruby 3.3) (#10348) 2024-04-16T02:22:22+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2024-04-16T02:22:22+00:00 7227b859a7bf7626ee73de8130796657b7c7f3b5 * Merge RubyGems-3.5.6 and Bundler-2.5.6 * Merge RubyGems-3.5.7 and Bundler-2.5.7 * Merge RubyGems-3.5.8 and Bundler-2.5.8 * Partly reverted about https://github.com/rubygems/rubygems/pull/7483 * Merge RubyGems-3.5.9 and Bundler-2.5.9 
* Merge RubyGems-3.5.6 and Bundler-2.5.6

* Merge RubyGems-3.5.7 and Bundler-2.5.7

* Merge RubyGems-3.5.8 and Bundler-2.5.8

* Partly reverted about https://github.com/rubygems/rubygems/pull/7483

* Merge RubyGems-3.5.9 and Bundler-2.5.9
 [rubygems/rubygems] Use modern hashes consistently 2023-12-07T22:29:33+00:00 David Rodríguez deivid.rodriguez@riseup.net 2023-12-07T21:10:33+00:00 2755cb1b2fbc4a5f08ca56345b5945bd452da74e https://github.com/rubygems/rubygems/commit/bb66253f2c 
https://github.com/rubygems/rubygems/commit/bb66253f2c
[rubygems/rubygems] Converts Bundler lockfile checksum validation to opt-in only 2023-12-05T21:09:53+00:00 Martin Emde martin.emde@gmail.com 2023-12-01T22:20:51+00:00 5f0ea3f590f8983669fe478bc9eace6880353b84 Looks for the CHECKSUMS section in the lockfile, activating the feature only if the section exists. Without a CHECKSUMS section, Bundler will continue as normal, validating checksums when gems are installed while checksums from the compact index are present. https://github.com/rubygems/rubygems/commit/2353cc93a4 
Looks for the CHECKSUMS section in the lockfile, activating the feature
only if the section exists. Without a CHECKSUMS section, Bundler will
continue as normal, validating checksums when gems are installed while
checksums from the compact index are present.

https://github.com/rubygems/rubygems/commit/2353cc93a4
[rubygems/rubygems] Refactor Checksum classes and methods to reduce 2023-10-23T04:59:01+00:00 Martin Emde martinemde@users.noreply.github.com 2023-08-30T22:15:52+00:00 92f23a48e3bb7555ca99fc49e15b250a70f9d086 code. (https://github.com/rubygems/rubygems/pull/6917) https://github.com/rubygems/rubygems/commit/2238bdaadc 
code.
(https://github.com/rubygems/rubygems/pull/6917)

https://github.com/rubygems/rubygems/commit/2238bdaadc
[rubygems/rubygems] Refactor to checksums stored via source 2023-10-23T04:59:01+00:00 Samuel Giddins segiddins@segiddins.me 2023-08-09T20:45:56+00:00 c5fd94073ff2e22b6eea29c242c7e4a12ed7c865 This gets the specs passing, and handles the fact that we expect checkums to be pinned only to a particular source This also avoids reading in .gem files during lockfile generation, instead allowing us to query the source for each resolved gem to grab the checksum Finally, this opens up a route to having user-stored checksum databases, similar to how other package managers do this! Add checksums to dev lockfiles Handle full name conflicts from different original_platforms when adding checksums to store from compact index Specs passing on Bundler 3 https://github.com/rubygems/rubygems/commit/86c7084e1c 
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source

This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum

Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!

Add checksums to dev lockfiles

Handle full name conflicts from different original_platforms when adding checksums to store from compact index

Specs passing on Bundler 3

https://github.com/rubygems/rubygems/commit/86c7084e1c
[rubygems/rubygems] Use the server checksum, then calculate from gem on disk if possible 2023-10-23T04:59:01+00:00 Mercedes Bernard mercedesrbernard@gmail.com 2023-02-10T19:34:30+00:00 69d7e9a12eb6e3dbfa1b1021b73c2afcbf7d4a46 1. Use the checksum provided by the server if provided: provides security knowing if the gem you downloaded matches the gem on the server 2. Calculate the checksum from the gem on disk: provides security knowing if the gem has changed between installs 3. In some cases, neither is possible in which case we don't put anything in the checksum and we maintain functionality as it is today Add the checksums to specs in the index if we already have them Prior to checksums, we didn't lose any information when overwriting specs in the index with stubs. But now when we overwrite EndpointSpecifications or RemoteSpecifications with more generic specs, we could lose checksum info. This manually sets checksum info so we keep it in the index. https://github.com/rubygems/rubygems/commit/de00a4f153 
1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server

2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs

3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today

Add the checksums to specs in the index if we already have them

Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.

https://github.com/rubygems/rubygems/commit/de00a4f153
[rubygems/rubygems] Add CHECKSUMS for each gem in lockfile 2023-10-23T04:59:01+00:00 Thong Kuah tkuah@gitlab.com 2022-07-31T23:42:18+00:00 ad08674d8dc17c4ca031ce20760c4a4779c83e27 We lock the checksum for each resolved spec under a new CHECKSUMS section in the lockfile. If the locked spec does not resolve for the local platform, we preserve the locked checksum, similar to how we preserve specs. Checksum locking only makes sense on install. The compact index information is only available then. https://github.com/rubygems/rubygems/commit/bde37ca6bf 
We lock the checksum for each resolved spec under a new CHECKSUMS
section in the lockfile.

If the locked spec does not resolve for the local platform, we preserve
the locked checksum, similar to how we preserve specs.

Checksum locking only makes sense on install. The compact index
information is only available then.

https://github.com/rubygems/rubygems/commit/bde37ca6bf
[rubygems/rubygems] Fix incorrect error message when multiple platforms are locked 2023-03-17T09:50:55+00:00 David Rodríguez deivid.rodriguez@riseup.net 2023-03-13T17:56:54+00:00 8371c0eac4432069ad16da081d36970b07ab7b09 https://github.com/rubygems/rubygems/commit/24d2bf9cb2 
https://github.com/rubygems/rubygems/commit/24d2bf9cb2