summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* [DSL] Allow forcing a particular version of a gemseg-dsl-force-versionSamuel Giddins2017-07-025-2/+73
| | | | Even if it conflicts
* Auto merge of #5827 - greysteil:fix-typo, r=colby-swandaleThe Bundler Bot2017-06-291-1/+1
|\ | | | | | | | | | | Fix typo in pull request template Tiny typo fix.
| * Fix typo in pull request templateGrey Baker2017-06-291-1/+1
|/
* Auto merge of #5820 - bundler:seg-no-default-git-sources, r=indirectThe Bundler Bot2017-06-285-2/+27
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [2.0] [DSL] Remove default git sources on 2.0 ### What was the end-user problem that led to this PR? The problem was the default git source shortcuts have been deprecated, but still existed in 2.0. ### Was was your diagnosis of the problem? My diagnosis was we needed to avoid adding them in 2.0. ### What is your fix for the problem, implemented in this PR? My fix is to introduce a feature flag, which when enabled will stop adding the sources to the DSL, and additionally will disable the `github` DSL method.
| * [DSL] Remove default git sources on 2.0seg-no-default-git-sourcesSamuel Giddins2017-06-285-2/+27
|/
* Auto merge of #5823 - gxespino:small-doc-fixes, r=colby-swandaleThe Bundler Bot2017-06-285-6/+6
|\ | | | | | | | | | | Small documentation fixes for spelling and grammar Hi - I had some time and ran through all the docs looking for small typos and grammatical mistakes. Please let me know if I need to fill out the CHANGELOG and/or anything else.
| * Small documentation fixes for spelling and grammarGlenn Espinosa2017-06-275-6/+6
| |
* | Auto merge of #5792 - bundler:seg-remove-rubygems-aggregate, r=segiddinsThe Bundler Bot2017-06-2748-339/+2651
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [2.0] Remove RubyGems Aggregate & support transitive source pinning ### What was the end-user problem that led to this PR? The problem was that the resolver could resolve specs from _any_ of the sources specified in the Gemfile, even if that source had nothing to do with the spec in question. This was such a large security vulnerability that, when discovered, it warranted a CVE and its own minor release of Bundler. Closes #3671. Closes #3696. Closes #4059. ### Was was your diagnosis of the problem? My diagnosis was that we needed to get rid of the notion of a `rubygems aggregate` and enforce that specs could only come either from the source they were declared to come from (the top-level source if declared at the top-level of the Gemfile, else a scoped source), or a source that it transitively "inherited" from the gems that required it. ### What is your fix for the problem, implemented in this PR? My fix is to disable multiple top-level sources in the Gemfile, remove the RubyGems aggregate, and filter the sources gems could come from as described above. ### Why did you choose this fix out of the possible options? I chose this fix because it allows doing the filtering in a reasonably performant manner, and refactors the way we handle sources to abstract some of the grossness in such a way that the machinations to make sure that all of the necessary gem info is downloaded is encapsulated into a single method, driven from the definition, rather than being specific to rubygems sources. See https://github.com/bundler/bundler/pull/4714 and https://github.com/bundler/bundler/pull/4930 for the prior implementation.
| * More bundler 2 spec fixesseg-remove-rubygems-aggregateSamuel Giddins2017-06-2715-44/+349
| |
| * Only limit to 25 failures on CISamuel Giddins2017-06-231-1/+1
| |
| * Fix plugin installation when the plugin depends upon BundlerSamuel Giddins2017-06-233-3/+7
| |
| * Always serve the Bundler gemspec from the metadata sourceSamuel Giddins2017-06-233-40/+32
| |
| * Get the Bundler 2 specs passing with transitive source pinningSamuel Giddins2017-06-2326-144/+1818
| |
| * Fix plugin sourcesSamuel Giddins2017-06-231-0/+7
| |
| * Error if lockfile_uses_separate_rubygems_sources is set without ↵Samuel Giddins2017-06-233-5/+14
| | | | | | | | disable_multisource
| * Consolidate the double-checking logicSamuel Giddins2017-06-232-50/+14
| |
| * Avoid fetching the full index to get all dependency namesSamuel Giddins2017-06-233-2/+42
| |
| * Implement source pinning for 2.0Samuel Giddins2017-06-2318-64/+286
| |
| * Disable mutisource gemfiles by default on 2.0Samuel Giddins2017-06-233-2/+3
| |
| * Add failing test for invalid warningJuan Barreneche2017-06-231-4/+18
| | | | | | | | | | # Conflicts: # spec/install/gemfile/sources_spec.rb
| * Put new source pinning specs behind a feature flagSamuel Giddins2017-06-231-49/+53
| | | | | | | | Also update them to modern bundler test syntax
| * Failing spec for #3671.Tim Moore2017-06-231-1/+74
| |
| * Add a feature flag for the lockfile using separate RubyGems sourcesSamuel Giddins2017-06-233-0/+3
| |
* | Auto merge of #5782 - bundler:seg-global-gem-cache, r=indirectThe Bundler Bot2017-06-2711-16/+301
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [2.0] Add a global cache for downloaded .gem files ### What was the end-user problem that led to this PR? The problem was that bundler would need to download `foo-1.0.gem` files from a RubyGems server for each different ruby version installed on a user's machine. It also meant that people installing into a per-app path would need to re-download every gem for that bundle an additional time. This adds up, and makes `bundle install` slower than it needs to be. ### Was was your diagnosis of the problem? My diagnosis was that Bundler could keep a (per-source) cache of these `.gem` files, and pull from that cache instead of hitting the network whenever possible. ### What is your fix for the problem, implemented in this PR? My fix implements said cache, in a very similar way to the compact index cache (same cache slug per remote strategy, etc). This largely comes from https://github.com/bundler/bundler/pull/3983. ### Why did you choose this fix out of the possible options? I chose this fix because it is safe when used from multi-source gemfiles, it is easy to clear (`rm -rf bundle cache`), and it minimally interferes with the existing installation process.
| * | Avoid leaving test data in the md5 availability cacheseg-global-gem-cacheSamuel Giddins2017-06-271-1/+8
| | |
| * | Put the global gem cache behind a feature flagSamuel Giddins2017-06-275-0/+8
| | |
| * | Add specs for the global gem cacheSamuel Giddins2017-06-273-1/+199
| | |
| * | Globally cache downloaded .gem filesSamuel Giddins2017-06-271-2/+66
| | |
| * | Avoid grabbing the BUNDLE_APP_CONFIG env var twiceSamuel Giddins2017-06-271-2/+2
| | |
| * | Extract md5 checking to SharedHelpersSamuel Giddins2017-06-274-12/+20
| |/
* | Auto merge of #5815 - gxespino:non-absolute-paths, r=segiddinsThe Bundler Bot2017-06-273-14/+54
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow BUNDLE_GEMFILE to not be an absolute path Hello - I was stalking the open issues and had time to implement this quick PR for your review. This is a direct fix to https://github.com/bundler/bundler/issues/5712. I implemented the fix that @segiddins suggested in the comments, just added a test scenario. Please let me know if anything else is needed! --- ### What was the end-user problem that led to this PR? The problem was that starting with Bundler 1.15.0, `Bundler.setup` fails with an `ArgumentError` raised from `Pathname#relative_path_from` when the following conditions are met: - Bundler is in deployment mode; and - A Gemfile is explicitly specified via the `BUNDLE_GEMFILE` environment variable; and - That Gemfile is not an absolute path (e.g. `BUNDLE_GEMFILE=Gemfile`) ### Was was your diagnosis of the problem? My diagnosis was that in `Bundler::SharedHelpers#default_gemfile`, the `Pathname` object being instantiated was not being expanded. So, in the case that `ENV["BUNDLE_GEMFILE"]` was not an absolute path, `Bundle.setup` would error out `Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)` since `Bundler.default_lockfile` derived itself from `Bundler.default_gemfile`. ### What is your fix for the problem, implemented in this PR? My fix was to add `expand_path` to the `Pathname` object being returned in `Bundler::SharedHelpers#default_gemfile` ### Why did you choose this fix out of the possible options? I chose this fix because Bundler was already deriving `Bundler::Sharedhelpers#root` with an `#expand_path`, so I wanted to follow that pattern.
| * Move expand_path to #default_gemfile and add integration specGlenn Espinosa2017-06-253-22/+54
| |
| * Allow BUNDLE_GEMFILE to not be an absolute pathGlenn Espinosa2017-06-242-2/+10
|/
* Auto merge of #5800 - bundler:seg-bundler-2-specs, r=segiddinsThe Bundler Bot2017-06-2349-260/+418
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [2.0] Update the specs to pass under Bundler 2 ### What was the end-user problem that led to this PR? The problem was we have all these _amazing_ Bundler 2.0 features hidden behind feature flags. But we weren't testing all of bundler in that 2.0 mode. ### Was was your diagnosis of the problem? My diagnosis was we needed to get the bundler 2 specs running, and passing! ### What is your fix for the problem, implemented in this PR? My fix is to add a travis build entry to change `version.rb` to a 2.0 version and run the tests! ### Why did you choose this fix out of the possible options? I chose this fix because it will completely imitate what happens once we change the version on `master`, and by keeping the test suite passing on both 1.0 and 2.0 modes, we'll be in a position to release a 1.16 to which we'll be able to (relatively easily) backport fixes that land after master switches to completely target 2.0.
| * [Definition] Avoid a group_by when not running a new resolveseg-bundler-2-specsSamuel Giddins2017-06-231-3/+3
| |
| * Update the version spec to handle when the specs start in the day before ↵Samuel Giddins2017-06-231-3/+1
| | | | | | | | that example is run
| * Update the update spec for Bundler 2 allowing Bundler conflictsSamuel Giddins2017-06-231-1/+8
| |
| * Improve realworld specs on 2.0Samuel Giddins2017-06-233-15/+13
| |
| * [Source::Git] Print the underlying error when falling back to cached git dataSamuel Giddins2017-06-231-2/+2
| |
| * Get the 2.0 specs passing under 2.0Samuel Giddins2017-06-2324-149/+214
| |
| * [Init] Don’t create a gems.rb when a Gemfile existsSamuel Giddins2017-06-231-2/+6
| |
| * [Definition] Fully unlock on 2.0 when the dep in the Gemfile changesSamuel Giddins2017-06-231-3/+6
| |
| * Filter git credentials when a revision is missingSamuel Giddins2017-06-231-1/+1
| |
| * Get the specs passing in 1.0 modeSamuel Giddins2017-06-2311-37/+37
| |
| * [UI::Shell] Warn on STDERR in Bundler 2Samuel Giddins2017-06-232-3/+17
| |
| * Update the specs to pass under Bundler 2Samuel Giddins2017-06-237-31/+33
| |
| * [Travis] Begin testing Bundler 2Samuel Giddins2017-06-231-0/+3
| |
| * [Rakefile] Allow stubbing the Bundler version on travisSamuel Giddins2017-06-231-0/+12
| |
| * Allow filtering specs based on the bundler versionSamuel Giddins2017-06-231-0/+1
| |
| * Introduce a CommandExecution helper class in the specsSamuel Giddins2017-06-234-26/+77
| |
View Lorry Controller Status