aboutsummaryrefslogtreecommitdiffstats
path: root/lib/bundler/source
Commit message (Collapse)AuthorAgeFilesLines
* [rubygems/rubygems] Use modern hashes consistentlyDavid Rodríguez2023-12-074-29/+29
| | | | https://github.com/rubygems/rubygems/commit/bb66253f2c
* [rubygems/rubygems] Avoid re-compiling static regexp in a loopSamuel Giddins2023-11-291-1/+1
| | | | | | Pathname::SEPARATOR_PAT is a constant and can safely be interpolated once, avoiding creating a new regexp object on every iteration https://github.com/rubygems/rubygems/commit/75d9c0f1e4
* [rubygems/rubygems] User bundler UA when downloading gemsSamuel Giddins2023-11-151-5/+10
| | | | | | | | | | | | | | | Gem::RemoteFetcher uses Gem::Request, which adds the RubyGems UA. Gem::RemoteFetcher is used to download gems, as well as the full index. We would like the bundler UA to be used whenever bundler is making requests. This PR also avoids unsafely mutating the headers hash on the shared `Gem::RemoteFetcher.fetcher` instance, which could cause corruption or incorrect headers when making parallel requests. Instead, we create one remote fetcher per rubygems remote, which is similar to the connection segregation bundler is already doing https://github.com/rubygems/rubygems/commit/f0e8dacdec
* [rubygems/rubygems] Drop support for Ruby 2.6 and Ruby 2.7 in BundlerDavid Rodríguez2023-11-131-1/+1
| | | | https://github.com/rubygems/rubygems/commit/93619c97ff
* [rubygems/rubygems] Fix regression on old git versionsDavid Rodríguez2023-11-081-1/+9
| | | | https://github.com/rubygems/rubygems/commit/abd91ca2e5
* [rubygems/rubygems] Restore using old way of passing Ruby version to resolverDavid Rodríguez2023-10-231-1/+1
| | | | | | | | | | | | | | | | We used `Bundler::RubyVersion.system.gem_version` for a long time, but I changed this to `Gem.ruby_version` at https://github.com/rubygems/rubygems/commit/94f96439438e. It's unclear why I did that though since I believe it was unrelated to the fix in there. Bootboot patches `Bundler::RubyVersion` to customize how Bundler works with Ruby versions, and that change broke that. Since it's unclear to me how to achieve what Bootboot is doing with the current code, and there was no strong reason for the change, let's restore it for now. https://github.com/rubygems/rubygems/commit/8ec36c6017
* [rubygems/rubygems] Improve errors and register checksums reliablyMartin Emde2023-10-231-1/+2
| | | | | | | | | | | | Improve error reporting for checksums, raises a new error class. Solve for multi-source checksum errors. Add CHECKSUMS to tool/bundler/(dev|standard|rubocop)26_gems.rb https://github.com/rubygems/rubygems/commit/26ceee0e76 Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
* [rubygems/rubygems] Refactor Checksum classes and methods to reduceMartin Emde2023-10-231-0/+1
| | | | | | | code. (https://github.com/rubygems/rubygems/pull/6917) https://github.com/rubygems/rubygems/commit/2238bdaadc
* [rubygems/rubygems] Refactor to checksums stored via sourceSamuel Giddins2023-10-232-1/+3
| | | | | | | | | | | | | | | | | | | | This gets the specs passing, and handles the fact that we expect checkums to be pinned only to a particular source This also avoids reading in .gem files during lockfile generation, instead allowing us to query the source for each resolved gem to grab the checksum Finally, this opens up a route to having user-stored checksum databases, similar to how other package managers do this! Add checksums to dev lockfiles Handle full name conflicts from different original_platforms when adding checksums to store from compact index Specs passing on Bundler 3 https://github.com/rubygems/rubygems/commit/86c7084e1c
* [rubygems/rubygems] 🐛 Specification of branch or ref with tag is ambiguousPeter Boling2023-10-031-2/+14
| | | | | | | - Specs for GitProxy were incorrect and insufficient - Specs are now correct and less insufficient https://github.com/rubygems/rubygems/commit/63d0a8cfd0
* [rubygems/rubygems] Refactor full sha revision match logickrororo2023-09-271-4/+8
| | | | https://github.com/rubygems/rubygems/commit/f0d8255ebd
* [rubygems/rubygems] Fix bundle install when older revisions of git sourcekrororo2023-09-271-3/+8
| | | | https://github.com/rubygems/rubygems/commit/a30712c0fc
* [rubygems/rubygems] Unify LockfileParser loading of SPECS sectionMartin Emde2023-09-121-0/+1
| | | | | | Ensure unrecognized SPECS types are ignored https://github.com/rubygems/rubygems/commit/5b33e91075
* [rubygems/rubygems] Reduce excess index creation and mergingMartin Emde2023-09-071-1/+1
| | | | | | | | | | | | | | When @allow_cached is true, @allow_local is always true, therefore, the #installed_specs will always be merged after #cached_specs is called. This makes starting with installed_specs.dup redundant. When #cached_specs is called because @allow_remote is true and @allow_cached is false, then installed_specs will be added after cached_specs based on @allow_local. We never need to add installed_specs here, so don't. https://github.com/rubygems/rubygems/commit/49b38f9750
* [rubygems/rubygems] Improve efficiency of Index#use and #search_allMartin Emde2023-09-071-7/+7
| | | | | | | | | | | | | | | | Rename Index#use(override = true) to #merge! Rename Index @all_specs to @duplicates, it is not actually all specs. @duplicates only holds specs that would have been overridden during a call to Index#use or Index#merge! Reduced dupes in @duplicates by not double adding the new spec to the index and the @duplicates during #merge! Reduce Array creation by using specialized methods when the one result or no results are needed from the search. https://github.com/rubygems/rubygems/commit/47e91125db
* [rubygems/rubygems] Source::Rubygems#fetch_names is only called with ↵Martin Emde2023-09-071-6/+6
| | | | | | override = false https://github.com/rubygems/rubygems/commit/790202691d
* [rubygems/rubygems] Remove redundant checksDavid Rodríguez2023-08-281-3/+2
| | | | https://github.com/rubygems/rubygems/commit/d66815633b
* [rubygems/rubygems] Fix standalone install crashing when using legacy multi ↵David Rodríguez2023-08-281-1/+3
| | | | | | | | | | | | | | remote gemfiles If a legacy multi remote Gemfile depends transitively on a default gem, then in standalone mode we'd fail to fetch the proper version from the source that includes it, since we were adding it to `specs` (instead of `remote_specs`), which was already including the default version of the gem, and thus preventing the remote version from "overwriting that" and being added to the index. We should add it to the `remote_specs` index directly instead. https://github.com/rubygems/rubygems/commit/05f4f9dfc0
* [rubygems/rubygems] Refactor Fetcher#api_fetcher? and fetcher loading logicMartin Emde2023-08-281-1/+1
| | | | https://github.com/rubygems/rubygems/commit/f664d60114
* [rubygems/rubygems] Don't use full indexes unnecessarily on legacy GemfilesDavid Rodríguez2023-08-251-10/+5
| | | | | | | | | | On legacy Gemfiles with multiple remote sources, where all of them support the compact index API, we were still falling back to full indexes. Fixing this also allows to simplifying the code. https://github.com/rubygems/rubygems/commit/b1357c8e72
* [rubygems/rubygems] Fix git source conservativenessDavid Rodríguez2023-08-161-0/+7
| | | | https://github.com/rubygems/rubygems/commit/9a0e0dfd5b
* [rubygems/rubygems] Don't run any git commands when sorting and comparing ↵David Rodríguez2023-07-131-13/+19
| | | | | | | | | | | | | | | | | | | | | | | | git sources Previously, when sorting and comparing git Gemfile vs lockfile sources during `bundler/setup` to figure out whether we need to re-resolve or not, we would try to find the default branch if nothing more specific was specified in the Gemfile. If the git cache has been deleted thought, that would fail. The error would still be swallowed (and the branch would simply not be displayed), but trying to clone would still generate the side effect of creating the parent folder for the clone. That could affect non-writable systems that don't expect `bundler/setup` to write to the filesystem at all. To fix this, override `Bundler::Source::Git#identifier` to use exclusively static information, so it does not even try to clone the repo nor generate any side effects. https://github.com/rubygems/rubygems/commit/582eb2ef39
* [rubygems/rubygems] Fix git source lockfile unstabilityDavid Rodríguez2023-07-041-13/+31
| | | | | | | | | | | | | | | We have some flags that limit running git commit commands under certain situations, for example, when running under `--local`. However, those should only affect remote git operations, not local read-only operations like `git --version`, or `git rev-parse --abbrev-ref HEAD`. This commit refactors things to achieve that. By doing this, the `#to_s` representation of a source is more consistent, since we don't get any errors when reading the checked out branch, and we avoid some flip-flop lockfile issues. https://github.com/rubygems/rubygems/commit/4a529fce81
* [rubygems/rubygems] When printing frozen errors, print only Gemfile informationDavid Rodríguez2023-07-042-1/+15
| | | | https://github.com/rubygems/rubygems/commit/93f74abc5f
* Merge rubygems/rubygems HEADHiroshi SHIBATA2023-06-202-16/+15
| | | | Pick from https://github.com/rubygems/rubygems/commit/880dd95996c93adc1e032399816931b243c5fe17
* [rubygems/rubygems] Delay cache access in `LockfileParser`David Rodríguez2023-06-061-4/+7
| | | | | | | | It's the only part that needs "root folder resultion" to figure out the folder for the cache, but it's only needed for some things, so run that logic lazily when needed. https://github.com/rubygems/rubygems/commit/c7b9eae0bc
* [rubygems/rubygems] Remove one fallback to full indexes on big gemfilesDavid Rodríguez2023-04-071-8/+5
| | | | | | | | | | | | | | | | | | | If Gemfile has a lot of dependencies, we have an optimization that uses the full index in that case, assuming it's going to be faster. I think this is an old optimization that predates compact index API times, I believe we no longer need it these days. Also, since a few releases ago we check for circular dependencies when resolving by looping through all versions of each name and removing those that have circular dependencies that would trip up the resolver. This loop becomes actually very slow when full indexes are used because to find dependencies of a gemspec, we need to explicitly fetch the marshaled gemspec (`gemspec.rz` endpoint) for it, so the optimization has the opposite effect of making things very slow. https://github.com/rubygems/rubygems/commit/2f46289bd3
* When running `bundle lock --update <name>`, checkout locked revision of ↵David Rodríguez2023-03-171-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | unrelated git sources directly Since Bundler 2.4, we will try to checkout any branch specified in the Gemfile, while until Bundler 2.3 we would directly checkout the locked revision. This should not make any difference in most situations, but in some edge cases, like if the branch specified in the `Gemfile` has been renamed, but the locked revision still exist, it causes an error now while before it would update the lockfile without issues. I debated which behavior was best, since I was not sure. But my conclusion is that if the situation does not require expiring the lockfile source in favor of the Gemfile source, we should use the locked revision directly and proceed happily. So I restored Bundler 2.3 behavior. I think this is consistent with how yanked gems are handled, for example. Of course, if explicitly updating the git source itself, or all gems, we will still get any errors like missing branches related to the git source.
* Normalize git sourcesDavid Rodríguez2023-03-172-3/+2
| | | | | Just like gem sources, a "style-only" change, like adding a trailing slash, should not expire them.
* [rubygems/rubygems] Respect --no-install option for git: sourcesJulie Haehn2023-03-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the --no-install option to `bundle package` is totally ignored for git sources. This can have very strange effects if you have: - a git-sourced gem, - with native extensions, - whose extconf.rb script depends on another gem, - which is installed from Rubygems in the gemfile. In that circumstance, `bundle package --no-install --all` will download the Rubygems dependencies to `vendor/cache` but NOT install them. It will also check out the git gems to `vendor/cache` (good), and attempt to build their native extensions (bad!). The native extension build will fail because the extconf.rb script crashes, since the dependency it needs is missing. I implemented a fix for this in `source/git.rb`, since this is analogous to what's happening in `source/rubygems.rb`. I do admit though the whole thing is a little strange though - an "install" method that.... proceeds to look at a global flag to not install anything. Add test to confirm cache respects the --no-install flag https://github.com/rubygems/rubygems/commit/5a77d1c397 Co-authored-by: KJ Tsanaktsidis <kj@kjtsanaktsidis.id.au>
* [rubygems/rubygems] Give a better message when Gemfile branch does not existDavid Rodríguez2023-02-211-4/+16
| | | | https://github.com/rubygems/rubygems/commit/cb4fc41cbc
* [rubygems/rubygems] Restore better error message when locked ref does not existDavid Rodríguez2023-02-211-4/+6
| | | | https://github.com/rubygems/rubygems/commit/c8e024359f
* Merge RubyGems/Bundler master.Hiroshi SHIBATA2023-01-311-1/+1
| | | | Pick from https://github.com/rubygems/rubygems/commit/5ace20dbecfeaf09fba5f616193f3cfcff70ba00
* Merge RubyGems and Bundler masterHiroshi SHIBATA2023-01-101-1/+1
| | | | from https://github.com/rubygems/rubygems/commit/0635c1423db5d7c461d53bf0c3329bca75de7609
* Update Bundler to 2.4.1 & and RubyGems to 3.4.1David Rodríguez2022-12-251-14/+17
|
* Merge RubyGems-3.4.0 and Bundler-2.4.0Hiroshi SHIBATA2022-12-241-19/+14
|
* Merge RubyGems/Bundler masterHiroshi SHIBATA2022-12-201-29/+36
| | | | Pick from https://github.com/rubygems/rubygems/commit/ba3adad4d80038ffd7bea015da2f11d3e8a2ff82
* Merge RubyGems/Bundler masterHiroshi SHIBATA2022-12-152-22/+48
| | | | Pick from https://github.com/rubygems/rubygems/commit/084f7d1f21f6fc3e2bb685b7bda3653fb2891c6e
* Merge RubyGems/Bundler masterHiroshi SHIBATA2022-12-124-13/+11
| | | | from https://github.com/rubygems/rubygems/commit/bfb0ae69776069155d2092702bfbb5a12617d85a
* Merge RubyGems/Bundler masterHiroshi SHIBATA2022-12-092-42/+141
| | | | Pick from https://github.com/rubygems/rubygems/commit/823c776d951f3c35094611473ec77f94e8bf6610
* Migrate our resolver engine to PubGrubHiroshi SHIBATA2022-11-121-1/+0
| | | | | | https://github.com/rubygems/rubygems/pull/5960 Co-authored-by: David Rodríguez <deivid.rodriguez@riseup.net>
* Resync Bundler & RubyGemsDavid Rodríguez2022-09-081-6/+6
|
* Merge ↵Hiroshi SHIBATA2022-09-053-87/+8
| | | | https://github.com/rubygems/rubygems/commit/16c3535413afebcdbab7582c6017c27b5da8a8dc
* Merge rubygems master from ↵Hiroshi SHIBATA2022-07-291-1/+1
| | | | https://github.com/rubygems/rubygems/commit/446cc57a7ccdf1924deb291be9571219e7ba8523
* [rubygems/rubygems] Account for default gems not having remote when cachingDavid Rodríguez2022-07-021-6/+12
| | | | https://github.com/rubygems/rubygems/commit/b93d4de2ff
* [rubygems/rubygems] Move rubygems source specific logic to rubygems sourceDavid Rodríguez2022-07-021-1/+1
| | | | https://github.com/rubygems/rubygems/commit/6aa4c422a7
* Sync RubyGems & Bundler with upstream repoDavid Rodríguez2022-06-241-7/+5
|
* [rubygems/rubygems] Fix `bundle package --no-install` no longer skipping installDavid Rodríguez2022-06-231-0/+2
| | | | | | | | | | | | This is a regression from https://github.com/rubygems/rubygems/commit/cf749f8ffabd. The funny thing is that we have a spec for this feature, so it was unclear how we regressed here. It turns out there was a bug in one of our negative matchers checking that gems ARE NOT included in a bundle. This commit fixes the bug in the negative matcher and reverts https://github.com/rubygems/rubygems/commit/cf749f8ffabd (with a slightly simpler diff). https://github.com/rubygems/rubygems/commit/3f9a4ff32a
* [rubygems/rubygems] Reuse package from the installer for extracting the ↵David Rodríguez2022-06-111-18/+25
| | | | | | | | | | specification Previously we would instantiate two different packages and extract the specification from the package twice for each gem installed. We can reuse the installer for this so that we just need to do it once. https://github.com/rubygems/rubygems/commit/e454f850b1
* [rubygems/rubygems] Move security exception handling to the only place using itDavid Rodríguez2022-06-111-0/+4
| | | | https://github.com/rubygems/rubygems/commit/ba975b3b7f
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-25 03:00:56 +0000