| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
* Merge RubyGems-3.5.12 and Bundler-2.5.12
* Merge RubyGems-3.5.13 and Bundler-2.5.13
* Merge RubyGems-3.5.14 and Bundler-2.5.14
* Merge RubyGems-3.5.15 and Bundler-2.5.15
* Merge RubyGems-3.5.16 and Bundler-2.5.16
|
|
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
|
|
* Merge RubyGems-3.5.6 and Bundler-2.5.6
* Merge RubyGems-3.5.7 and Bundler-2.5.7
* Merge RubyGems-3.5.8 and Bundler-2.5.8
* Partly reverted about https://github.com/rubygems/rubygems/pull/7483
* Merge RubyGems-3.5.9 and Bundler-2.5.9
|
|
* Merge RubyGems-3.5.4 and Bundler-2.5.4
* Merge RubyGems-3.5.5 and Bundler-2.5.5
* Make tests play with upstream Ruby tests
CI broke in https://github.com/ruby/ruby/pull/9604 because if any Ruby
tests run `require 'net/http'`, they will pollute the
`$LOADED_FEATURES` for the RubyGems tests. We can fix this by renaming
the test default gem from `net-http` to `my-http`.
See https://github.com/rubygems/rubygems/pull/7379#issuecomment-1901241299
for more details.
---------
Co-authored-by: Stan Hu <stanhu@gmail.com>
|
|
|
|
https://github.com/rubygems/rubygems/commit/bb66253f2c
|
|
Looks for the CHECKSUMS section in the lockfile, activating the feature
only if the section exists. Without a CHECKSUMS section, Bundler will
continue as normal, validating checksums when gems are installed while
checksums from the compact index are present.
https://github.com/rubygems/rubygems/commit/2353cc93a4
|
|
Since we started locking the specific platform in the lockfile, that has
created an annoying situation for users that don't develop on Linux.
They will create a lockfile on their machines, locking their local
platform, for example, darwin. But then that lockfile won't work
automatically when deploying to Heroku for example, because the lockfile
is frozen and the Linux platform is not included.
There's the chance though that resolving against two platforms (Linux +
the local platform) won't succeed while resolving for just the current
platform will. So, instead, we check other platform specific variants
available for the resolution we initially found, and lock those
platforms and specs too if they satisfy the resolution.
This is only done when generating new lockfiles from scratch, existing
lockfiles should keep working as before, and it's only done for "ruby
platforms", i.e., not Java or Windows which have their own complexities,
and so are excluded.
With this change, we expect that MacOS users can bundle locally and
deploy to Heroku without needing to do anything special.
https://github.com/rubygems/rubygems/commit/5f24f06bc5
|
|
This command is not expected to fail. If it fails, we can stop the test.
https://github.com/rubygems/rubygems/commit/2511a5b093
|
|
Improve error reporting for checksums, raises a new error class.
Solve for multi-source checksum errors.
Add CHECKSUMS to tool/bundler/(dev|standard|rubocop)26_gems.rb
https://github.com/rubygems/rubygems/commit/26ceee0e76
Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
|
|
code.
(https://github.com/rubygems/rubygems/pull/6917)
https://github.com/rubygems/rubygems/commit/2238bdaadc
|
|
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
https://github.com/rubygems/rubygems/commit/86c7084e1c
|
|
if possible
1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server
2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs
3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today
Add the checksums to specs in the index if we already have them
Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.
https://github.com/rubygems/rubygems/commit/de00a4f153
|
|
We lock the checksum for each resolved spec under a new CHECKSUMS
section in the lockfile.
If the locked spec does not resolve for the local platform, we preserve
the locked checksum, similar to how we preserve specs.
Checksum locking only makes sense on install. The compact index
information is only available then.
https://github.com/rubygems/rubygems/commit/bde37ca6bf
|
|
https://github.com/rubygems/rubygems/commit/9635a2fd74
|
|
Pick from https://github.com/rubygems/rubygems/commit/880dd95996c93adc1e032399816931b243c5fe17
Notes:
Merged: https://github.com/ruby/ruby/pull/7961
|
|
This error message is also printed when using `bundler/setup` in frozen
model, so we're not necessarily installing any gems when it happens.
This new message play nicer with all situations.
https://github.com/rubygems/rubygems/commit/6874bbacce
|
|
I think it communicates better what's going on.
https://github.com/rubygems/rubygems/commit/07a25767a4
|
|
https://github.com/rubygems/rubygems/commit/22b8caf42f
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/7873
|
|
https://github.com/rubygems/rubygems/commit/86b574824d
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/6987
|
|
Pick from https://github.com/rubygems/rubygems/commit/ba3adad4d80038ffd7bea015da2f11d3e8a2ff82
Notes:
Merged: https://github.com/ruby/ruby/pull/6966
|
|
Passing this flag allows bumping to the current version, even if that
version is prerelease. This works in concert with the current flags.
https://github.com/rubygems/rubygems/commit/a6409e3509
Notes:
Merged: https://github.com/ruby/ruby/pull/6966
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/6715
|
|
When `--conservative` is passed, explicit unlocks are set for top level
gems via `@unlock[:gems]`, so that only those particular gems are
allowed to be updated.
When we compute the "base resolve" from the lockfile (the set of gems
whose versions should be kept pinned by the resolver), we always exclude
gems explicitly unlocked through `@unlock[:gems]` from it. This is done
by the `converge_specs` method.
However, the `converge_specs` method is also used for figuring out
additional lower bound requirements from the lockfile. But in this case,
even if gems are explicitly unlock in `@unlock[:gems]`, we still want to
add the additional requirement, so that gems are not downgraded by the
resolver.
So the solution is to move the line filtering out gems in
`@unlock[:gems]` from the `converged_specs` method out of that method,
so that it only applies for computing the "base resolve", but not the
addtional lower bound requirements.
https://github.com/rubygems/rubygems/commit/405119bd7b
Notes:
Merged: https://github.com/ruby/ruby/pull/6268
|
|
https://github.com/rubygems/rubygems/commit/446cc57a7ccdf1924deb291be9571219e7ba8523
Notes:
Merged: https://github.com/ruby/ruby/pull/6198
|
|
https://github.com/rubygems/rubygems/commit/3f7d0352e84b29d4a2d4cd93b31e5ebdb5f79cc6
Notes:
Merged: https://github.com/ruby/ruby/pull/5669
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/5669
|
|
Picked at 12aeef6ba9a3be0022be9934c1a3e4c46a03ed3a
Notes:
Merged: https://github.com/ruby/ruby/pull/5462
|
|
https://github.com/rubygems/rubygems/commit/a053b7e4d4
|
|
These specs were monkeypatching `RUBY_VERSION`, but that obviously
doesn't change the running ruby to behave any different.
The removal of some features, in particular, `String#untaint`, made
these specs fail, because untaint is no longer available under ruby-core
and bundler calls `untaint` when `RUBY_VERSION` is less than "2.7",
which these specs were overwriting it to be.
Rewrite these specs to not overwrite `RUBY_VERSION`, but still test the
same things.
https://github.com/rubygems/rubygems/commit/e8c7b92901
Notes:
Merged: https://github.com/ruby/ruby/pull/5350
|
|
Gemfile
https://github.com/rubygems/rubygems/commit/6a19cca7e5
|
|
It doesn't add anything.
https://github.com/rubygems/rubygems/commit/ece3c864df
|
|
This is in preparation for deprecating source-less gemfiles.
https://github.com/rubygems/rubygems/commit/d6493fa3e2
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4634
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4533
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4367
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4383
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4143
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3864
|
|
https://github.com/rubygems/rubygems/commit/27e0e4ecb6
Notes:
Merged: https://github.com/ruby/ruby/pull/3275
|
|
https://github.com/rubygems/rubygems/commit/4d1a0c465a
Notes:
Merged: https://github.com/ruby/ruby/pull/3212
|
|
https://github.com/rubygems/rubygems/commit/746a4b3d74
Notes:
Merged: https://github.com/ruby/ruby/pull/3212
|
|
https://github.com/rubygems/rubygems/commit/ade0c441d5
Notes:
Merged: https://github.com/ruby/ruby/pull/3212
|
|
This spec is specifically testing for the case where there's no
`Gemfile.lock` file and it's only doing the expected thing because the
`bundle install` command is silently failing. Remove the `bundle
install` to reduce confusion.
https://github.com/rubygems/rubygems/commit/ec39fbde0e
Notes:
Merged: https://github.com/ruby/ruby/pull/3212
|
