| Age | Commit message (Collapse) | Author |
|---|
|
I'm running into a case in my plugin where matches_current_metadata? is
getting called on a lazy specification, and adding this fixes it
https://github.com/rubygems/rubygems/commit/24f962cb42
|
|
|
|
https://github.com/rubygems/rubygems/commit/bb66253f2c
|
|
If a platform specific variant would not match the current Ruby, we would still be
considering it compatible with the initial resolution and adding its
platform to the lockfile, but we would later fail to materialize it for
installation due to not really being compatible.
Fix is to only add platforms for variants that are also compatible with
current Ruby and RubyGems versions.
https://github.com/rubygems/rubygems/commit/75d1290843
|
|
full spec
https://github.com/rubygems/rubygems/commit/957d3d9a7f
|
|
This is a step forward towards eventually including metadata in the
lockfile.
https://github.com/rubygems/rubygems/commit/56fc02b251
|
|
https://github.com/rubygems/rubygems/commit/2462c8e04d
|
|
https://github.com/rubygems/rubygems/commit/5f90a43635
Co-authored-by: Martin Emde <martin.emde@gmail.com>
|
|
Improve error reporting for checksums, raises a new error class.
Solve for multi-source checksum errors.
Add CHECKSUMS to tool/bundler/(dev|standard|rubocop)26_gems.rb
https://github.com/rubygems/rubygems/commit/26ceee0e76
Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
|
|
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
https://github.com/rubygems/rubygems/commit/86c7084e1c
|
|
if possible
1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server
2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs
3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today
Add the checksums to specs in the index if we already have them
Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.
https://github.com/rubygems/rubygems/commit/de00a4f153
|
|
We lock the checksum for each resolved spec under a new CHECKSUMS
section in the lockfile.
If the locked spec does not resolve for the local platform, we preserve
the locked checksum, similar to how we preserve specs.
Checksum locking only makes sense on install. The compact index
information is only available then.
https://github.com/rubygems/rubygems/commit/bde37ca6bf
|
|
to Bundler.
https://github.com/rubygems/rubygems/commit/d768be0c65
|
|
Sometimes we'll have an heterogenous array of specs which include
`Gem::Specification` objects, which don't define `#identifier`. Let's
use `#full_name` consistently.
Notes:
Merged: https://github.com/ruby/ruby/pull/7582
|
|
Pick from https://github.com/rubygems/rubygems/commit/5ace20dbecfeaf09fba5f616193f3cfcff70ba00
Notes:
Merged: https://github.com/ruby/ruby/pull/7203
|
|
from https://github.com/rubygems/rubygems/commit/0635c1423db5d7c461d53bf0c3329bca75de7609
Notes:
Merged: https://github.com/ruby/ruby/pull/7094
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/6987
|
|
https://github.com/rubygems/rubygems/pull/5960
Co-authored-by: David Rodríguez <deivid.rodriguez@riseup.net>
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/6715
|
|
https://github.com/rubygems/rubygems/commit/6214d00b2315ed37c76b1fbc1c72f61f92ba5a65
Notes:
Merged: https://github.com/ruby/ruby/pull/6578
|
|
https://github.com/rubygems/rubygems/commit/ab11545f80
Notes:
Merged: https://github.com/ruby/ruby/pull/6578
|
|
https://github.com/rubygems/rubygems/commit/ba9d9b1890
Notes:
Merged: https://github.com/ruby/ruby/pull/6578
|
|
Pick from https://github.com/rubygems/rubygems/commit/6b3a5a9ab0453463381a8164efb6298ea9eb776f
Notes:
Merged: https://github.com/ruby/ruby/pull/6268
|
|
It's explicitly loaded when monkeypatching RubyGems, which we do very
early. So neither autoloading it, nor explicitly loading it anywhere
else is necessary.
https://github.com/rubygems/rubygems/commit/fbc7a57161
Notes:
Merged: https://github.com/ruby/ruby/pull/6268
|
|
gems are unlocked
This is a regression from a change intended to raise errors when user
puts a gem under an incorrect source in the Gemfile by mistake. To fix
the issue, we revert the change that caused it and implement it in a
different way that restores the resolver independency from real
specifications. Now it deals only with names and versions and does not
try to materialize anything into real specifications before resolving.
https://github.com/rubygems/rubygems/commit/d2bf1b86eb
|
|
in frozen mode
https://github.com/rubygems/rubygems/commit/6e35a6edfe
|
|
Do dependency filtering and materialization in one step. Before,
dependency filtering would not consider ruby metadata so it would
discard variants that end up not being materializable in the end.
https://github.com/rubygems/rubygems/commit/0c0d40d417
Co-authored-by: Ian Ker-Seymer <ian.kerseymer@shopify.com>
|
|
https://github.com/rubygems/rubygems/commit/9f4ba9ebb0
|
|
https://github.com/rubygems/rubygems/commit/a997210473
|
|
https://github.com/rubygems/rubygems/commit/ffb161bb69
|
|
not strict
https://github.com/rubygems/rubygems/commit/9d878cbda0
|
|
https://github.com/rubygems/rubygems/commit/087e3e4e3b
|
|
https://github.com/rubygems/rubygems/commit/08e1554fb6
|
|
https://github.com/rubygems/rubygems/commit/5e100df7c9
|
|
Merge from https://github.com/rubygems/rubygems/commit/2af2520b4a7ab1c6eb1fdc3d2ef4d8c062d96ad7
Notes:
Merged: https://github.com/ruby/ruby/pull/6184
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/6124
|
|
Previously we were removing not installable specs. However, if those are
the only ones, that would result in a bad error message. If we still
choose them as a last resort, Bundler will later check metadata right
before installing a give a proper error.
This is a regression of https://github.com/rubygems/rubygems/commit/565549260be5 and the
fix is to revert that commit.
https://github.com/rubygems/rubygems/commit/bc18912257
|
|
Picked at 12aeef6ba9a3be0022be9934c1a3e4c46a03ed3a
Notes:
Merged: https://github.com/ruby/ruby/pull/5462
|
|
https://github.com/rubygems/rubygems/commit/8fa29e5e55
|
|
0.0.0.SNAPSHOT
The default prerelease requirement in rubygems doesn't actually match
things like "0.0.0.SNAPSHOT".
https://github.com/rubygems/rubygems/commit/711498b342
|
|
Since the default requirement in rubygems is ">= 0", it was failing to
match 0 prereleases. Changing the default globally to be ">= 0.a"
instead is a major refactoring that's quite tricky to make backwards
compatible, so I'm special casing this where needed for now to fix the
regression.
https://github.com/rubygems/rubygems/commit/68fe37937c
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4383
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4143
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3982
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3901
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3864
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3659
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3114
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3086
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/2753
|
