Age | Commit message (Collapse) | Author |
|
https://github.com/rubygems/rubygems/commit/d1963bf1a6
|
|
https://github.com/rubygems/rubygems/commit/6a0c03c77f
|
|
If two platform specific variants have different dependencies, then
resolution may fallback to the non platform specific variant. However,
the platform specific variants that have the same dependencies as the
non specific one can still be kept.
Do a pass to complete those after resolution.
|
|
https://github.com/rubygems/rubygems/commit/1d15d8a8ff
|
|
https://github.com/rubygems/rubygems/commit/de9dc90026
|
|
|
|
install
https://github.com/rubygems/rubygems/commit/6847709ee0
|
|
https://github.com/rubygems/rubygems/commit/119d4bdc09
|
|
https://github.com/rubygems/rubygems/commit/2720da2659
|
|
https://github.com/rubygems/rubygems/commit/bb66253f2c
|
|
Looks for the CHECKSUMS section in the lockfile, activating the feature
only if the section exists. Without a CHECKSUMS section, Bundler will
continue as normal, validating checksums when gems are installed while
checksums from the compact index are present.
https://github.com/rubygems/rubygems/commit/2353cc93a4
|
|
The same array was being re-created in a loop (as well as the `generic_local_platform`), which is avoidable by hoisting it to a frozen array created once
https://github.com/rubygems/rubygems/commit/009a3c6d0d
|
|
https://github.com/rubygems/rubygems/commit/4ce66c41a2
|
|
Since we started locking the specific platform in the lockfile, that has
created an annoying situation for users that don't develop on Linux.
They will create a lockfile on their machines, locking their local
platform, for example, darwin. But then that lockfile won't work
automatically when deploying to Heroku for example, because the lockfile
is frozen and the Linux platform is not included.
There's the chance though that resolving against two platforms (Linux +
the local platform) won't succeed while resolving for just the current
platform will. So, instead, we check other platform specific variants
available for the resolution we initially found, and lock those
platforms and specs too if they satisfy the resolution.
This is only done when generating new lockfiles from scratch, existing
lockfiles should keep working as before, and it's only done for "ruby
platforms", i.e., not Java or Windows which have their own complexities,
and so are excluded.
With this change, we expect that MacOS users can bundle locally and
deploy to Heroku without needing to do anything special.
https://github.com/rubygems/rubygems/commit/5f24f06bc5
|
|
https://github.com/rubygems/rubygems/commit/8f7340df8e
|
|
We used `Bundler::RubyVersion.system.gem_version` for a long time, but I
changed this to `Gem.ruby_version` at
https://github.com/rubygems/rubygems/commit/94f96439438e. It's unclear why I did that
though since I believe it was unrelated to the fix in there.
Bootboot patches `Bundler::RubyVersion` to customize how Bundler works
with Ruby versions, and that change broke that.
Since it's unclear to me how to achieve what Bootboot is doing with the
current code, and there was no strong reason for the change, let's
restore it for now.
https://github.com/rubygems/rubygems/commit/8ec36c6017
|
|
Improve error reporting for checksums, raises a new error class.
Solve for multi-source checksum errors.
Add CHECKSUMS to tool/bundler/(dev|standard|rubocop)26_gems.rb
https://github.com/rubygems/rubygems/commit/26ceee0e76
Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
|
|
https://github.com/rubygems/rubygems/commit/a96a561087
|
|
code.
(https://github.com/rubygems/rubygems/pull/6917)
https://github.com/rubygems/rubygems/commit/2238bdaadc
|
|
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
https://github.com/rubygems/rubygems/commit/86c7084e1c
|
|
if possible
1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server
2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs
3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today
Add the checksums to specs in the index if we already have them
Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.
https://github.com/rubygems/rubygems/commit/de00a4f153
|
|
We lock the checksum for each resolved spec under a new CHECKSUMS
section in the lockfile.
If the locked spec does not resolve for the local platform, we preserve
the locked checksum, similar to how we preserve specs.
Checksum locking only makes sense on install. The compact index
information is only available then.
https://github.com/rubygems/rubygems/commit/bde37ca6bf
|
|
https://github.com/rubygems/rubygems/commit/40989271dd
|
|
https://github.com/rubygems/rubygems/commit/5f28a68d79
|
|
Move the check for unmet dependencies in lockfile just in time to be
able to re-resolve if unmet dependencies are found.
|
|
To avoid potential crashes when trying to jump from a drive to another
on Windows, and take the change refactor things a bit.
https://github.com/rubygems/rubygems/commit/7c9a9a431a
|
|
https://github.com/rubygems/rubygems/commit/9a0e0dfd5b
|
|
https://github.com/rubygems/rubygems/commit/689c39b42f
|
|
This should be only for path sources, and unrelated to git.
https://github.com/rubygems/rubygems/commit/0d8f31eeed
|
|
https://github.com/rubygems/rubygems/commit/cfc82b592a
|
|
https://github.com/rubygems/rubygems/commit/784e08348e
|
|
https://github.com/rubygems/rubygems/commit/efebc64250
|
|
We only need to check whether the spec if for a direct dependency once.
https://github.com/rubygems/rubygems/commit/65b455a5cb
|
|
https://github.com/rubygems/rubygems/commit/2ab63bb94d
|
|
Bundler is special since it's not actually locked in the lockfile as a
regular gem (only via `BUNDLED WITH`). So exclude it from that check.
https://github.com/rubygems/rubygems/commit/9f1756ec47
|
|
https://github.com/rubygems/rubygems/commit/93f74abc5f
|
|
lockfile
When dependencies in path sources have changed, we'll be re-resolving,
and we can't really know whether the resolution will be valid or invalid
for the Ruby platform, so skip the removal in that case.
https://github.com/rubygems/rubygems/commit/afc3b0956f
|
|
Pick from https://github.com/rubygems/rubygems/commit/880dd95996c93adc1e032399816931b243c5fe17
Notes:
Merged: https://github.com/ruby/ruby/pull/7961
|
|
When a top level dependency is missing from the lockfile, and we're in
frozen mode, we should also print a "frozen error".
https://github.com/rubygems/rubygems/commit/3e82b835e3
|
|
This error message is also printed when using `bundler/setup` in frozen
model, so we're not necessarily installing any gems when it happens.
This new message play nicer with all situations.
https://github.com/rubygems/rubygems/commit/6874bbacce
|
|
I think it communicates better what's going on.
https://github.com/rubygems/rubygems/commit/07a25767a4
|
|
https://github.com/rubygems/rubygems/commit/b86caaa3d5
|
|
https://github.com/rubygems/rubygems/commit/1ff8626571
|
|
https://github.com/rubygems/rubygems/commit/4180008c2d
|
|
For conciseness and consistency with printing the relative path to the
lockfile just before.
https://github.com/rubygems/rubygems/commit/74cf6aea7c
|
|
https://github.com/rubygems/rubygems/commit/22b8caf42f
|
|
https://github.com/rubygems/rubygems/commit/251e80aec6
|
|
https://github.com/rubygems/rubygems/commit/ad52f840f2
|
|
If we're in inline mode, Bundler first resolves using only local gems,
and if some gems are missing, then it re-resolves using remote gems.
However, "source resolution" from the initial "local" try was being
memoized, resulting in Bundler not looking for some gems remotely in the
second resolution.
This commit forces a proper re-resolve in this case.
https://github.com/rubygems/rubygems/commit/fdc631075e
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/7873
|