| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Even if it conflicts
|
|\
| |
| |
| |
| |
| | |
Fix typo in pull request template
Tiny typo fix.
|
|/ |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[2.0] [DSL] Remove default git sources on 2.0
### What was the end-user problem that led to this PR?
The problem was the default git source shortcuts have been deprecated, but still existed in 2.0.
### Was was your diagnosis of the problem?
My diagnosis was we needed to avoid adding them in 2.0.
### What is your fix for the problem, implemented in this PR?
My fix is to introduce a feature flag, which when enabled will stop adding the sources to the DSL, and additionally will disable the `github` DSL method.
|
|/ |
|
|\
| |
| |
| |
| |
| | |
Small documentation fixes for spelling and grammar
Hi - I had some time and ran through all the docs looking for small typos and grammatical mistakes. Please let me know if I need to fill out the CHANGELOG and/or anything else.
|
| | |
|
|\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[2.0] Remove RubyGems Aggregate & support transitive source pinning
### What was the end-user problem that led to this PR?
The problem was that the resolver could resolve specs from _any_ of the sources specified in the Gemfile, even if that source had nothing to do with the spec in question. This was such a large security vulnerability that, when discovered, it warranted a CVE and its own minor release of Bundler.
Closes #3671.
Closes #3696.
Closes #4059.
### Was was your diagnosis of the problem?
My diagnosis was that we needed to get rid of the notion of a `rubygems aggregate` and enforce that specs could only come either from the source they were declared to come from (the top-level source if declared at the top-level of the Gemfile, else a scoped source), or a source that it transitively "inherited" from the gems that required it.
### What is your fix for the problem, implemented in this PR?
My fix is to disable multiple top-level sources in the Gemfile, remove the RubyGems aggregate, and filter the sources gems could come from as described above.
### Why did you choose this fix out of the possible options?
I chose this fix because it allows doing the filtering in a reasonably performant manner, and refactors the way we handle sources to abstract some of the grossness in such a way that the machinations to make sure that all of the necessary gem info is downloaded is encapsulated into a single method, driven from the definition, rather than being specific to rubygems sources.
See https://github.com/bundler/bundler/pull/4714 and https://github.com/bundler/bundler/pull/4930 for the prior implementation.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
disable_multisource
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
# Conflicts:
# spec/install/gemfile/sources_spec.rb
|
| |
| |
| |
| | |
Also update them to modern bundler test syntax
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[2.0] Add a global cache for downloaded .gem files
### What was the end-user problem that led to this PR?
The problem was that bundler would need to download `foo-1.0.gem` files from a RubyGems server for each different ruby version installed on a user's machine. It also meant that people installing into a per-app path would need to re-download every gem for that bundle an additional time. This adds up, and makes `bundle install` slower than it needs to be.
### Was was your diagnosis of the problem?
My diagnosis was that Bundler could keep a (per-source) cache of these `.gem` files, and pull from that cache instead of hitting the network whenever possible.
### What is your fix for the problem, implemented in this PR?
My fix implements said cache, in a very similar way to the compact index cache (same cache slug per remote strategy, etc). This largely comes from https://github.com/bundler/bundler/pull/3983.
### Why did you choose this fix out of the possible options?
I chose this fix because it is safe when used from multi-source gemfiles, it is easy to clear (`rm -rf bundle cache`), and it minimally interferes with the existing installation process.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
|\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow BUNDLE_GEMFILE to not be an absolute path
Hello - I was stalking the open issues and had time to implement this quick PR for your review. This is a direct fix to https://github.com/bundler/bundler/issues/5712.
I implemented the fix that @segiddins suggested in the comments, just added a test scenario. Please let me know if anything else is needed!
---
### What was the end-user problem that led to this PR?
The problem was that starting with Bundler 1.15.0, `Bundler.setup` fails with an `ArgumentError` raised from `Pathname#relative_path_from` when the following conditions are met:
- Bundler is in deployment mode; and
- A Gemfile is explicitly specified via the `BUNDLE_GEMFILE` environment variable; and
- That Gemfile is not an absolute path (e.g. `BUNDLE_GEMFILE=Gemfile`)
### Was was your diagnosis of the problem?
My diagnosis was that in `Bundler::SharedHelpers#default_gemfile`, the `Pathname` object being instantiated was not being expanded. So, in the case that `ENV["BUNDLE_GEMFILE"]` was not an absolute path, `Bundle.setup` would error out `Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)` since `Bundler.default_lockfile` derived itself from `Bundler.default_gemfile`.
### What is your fix for the problem, implemented in this PR?
My fix was to add `expand_path` to the `Pathname` object being returned in `Bundler::SharedHelpers#default_gemfile`
### Why did you choose this fix out of the possible options?
I chose this fix because Bundler was already deriving `Bundler::Sharedhelpers#root` with an `#expand_path`, so I wanted to follow that pattern.
|
| | |
|
|/ |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[2.0] Update the specs to pass under Bundler 2
### What was the end-user problem that led to this PR?
The problem was we have all these _amazing_ Bundler 2.0 features hidden behind feature flags. But we weren't testing all of bundler in that 2.0 mode.
### Was was your diagnosis of the problem?
My diagnosis was we needed to get the bundler 2 specs running, and passing!
### What is your fix for the problem, implemented in this PR?
My fix is to add a travis build entry to change `version.rb` to a 2.0 version and run the tests!
### Why did you choose this fix out of the possible options?
I chose this fix because it will completely imitate what happens once we change the version on `master`, and by keeping the test suite passing on both 1.0 and 2.0 modes, we'll be in a position to release a 1.16 to which we'll be able to (relatively easily) backport fixes that land after master switches to completely target 2.0.
|
| | |
|
| |
| |
| |
| | |
that example is run
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|