[pull] master from rubygems:master #82
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Support Ruby 3.5
…ed-gems Fix `bundle outdated <GEM>` failing if not all gems are installed
Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.204.0 to 1.206.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@401c19e...bfefad8) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/setup-ruby-1.206.0 Bump ruby/setup-ruby from 1.204.0 to 1.206.0
Test with Ruby 3.4.1
…ubocop-exclusions Remove no longer existing paths from rubocop exclusions
Add support for mise version manager file
Bump nokogiri in dev gems for faster setup in Ruby 3.4
Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.206.0 to 1.207.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@bfefad8...4a9ddd6) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/setup-ruby-1.207.0 Bump ruby/setup-ruby from 1.206.0 to 1.207.0
Run CI with Ruby 3.4 on Windows
Bumps the rb-sys group with 1 update in the /test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib directory: [rb-sys](https://github.com/oxidize-rb/rb-sys). Bumps the rb-sys group with 1 update in the /test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example directory: [rb-sys](https://github.com/oxidize-rb/rb-sys). Updates `rb-sys` from 0.9.104 to 0.9.105 - [Release notes](https://github.com/oxidize-rb/rb-sys/releases) - [Commits](oxidize-rb/rb-sys@v0.9.104...v0.9.105) Updates `rb-sys` from 0.9.104 to 0.9.105 - [Release notes](https://github.com/oxidize-rb/rb-sys/releases) - [Commits](oxidize-rb/rb-sys@v0.9.104...v0.9.105) --- updated-dependencies: - dependency-name: rb-sys dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rb-sys - dependency-name: rb-sys dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rb-sys ... Signed-off-by: dependabot[bot] <support@github.com>
…/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/rb-sys-c28bbae591 Bump the rb-sys group across 2 directories with 1 update
fix environment variable tests for `bundle exec` on Windows
Add basic tapioca check to CI
Fix broken links in the documents
Bundler does not really have a concept of "development dependencies", like RubyGems has. Bundler has the more generic concept of "groups". Under the hood, the `gemspec` DSL will put gemspec development dependencies under a `:development` Gemfile group, but there's no reason to instantiate these as development dependencies, they are regular runtime dependencies, except that they belong in a group named :development. By never instantiating development dependencies at all, we avoid having to introduce hacks to "undo" the type Bundler does not know about, and I also think the error messages read better.
…-message-on-incompatible-gemspec-development-dependencies Make Bundler never instantiate development dependencies
Resolver had internal logic to prioritize locked versions when sorting versions, however part of it was not being actually hit because of how unlocking worked in the resolver: a package was allow to be unlocked when that was explicit requested or when the list of unlocks was empty. That did not make a lot of sense and other cases were working because the explicit list of unlocks was getting "artificially filled". Now we consider a package unlocked when explicitly requested (`bundle update <package>`), or when everything is being unlocked (`bundle install` with no lockfile or `bundle update`). This makes things simpler and gets the edge case added as a test case working as expected.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.8 to 3.28.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@dd74661...9e8d078) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.215.0 to 1.219.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@2654679...f2f42b7) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ub/codeql-action-3.28.9
…/setup-ruby-1.219.0
…iveness-when-lockfile-has-incorrect-deps Fix dependency locking when Bundler finds incorrect lockfile dependencies
These don't really hurt, so I'm not sure why I introduced it.
To make it consistent with the spec above it.
There's no reason to call `converge_specs` when adding additional lower bound requirements to prevent downgrades, and it actually causes the extra requirements to be missed sometimes. Loop over the originally locked specs directly, adding the additional precaution of not adding the requirement if the Gemfile dependency has changed and it no longer matches the locked spec.
…d-downgrades Fix regression when running `bundle update <foo>` would sometimes downgrade a top level dependency
Sometimes security reports believe they have found a vulnerability because they find a domain we don't own being used in the rubygems repository. Though there is nothing vulnerable about using 'fake' domains in tests when they are never hit, it nonetheless reduces confusion for everyone if we constrain our test domains to domains we actually own and control.
Changelogs for RubyGems 3.6.4 and Bundler 2.6.4
Reduce confusion about domains used for testing
Real gems hardly ever do this, so don't do it ourselves for testing either.
Unfortunately this requires reverting a previous enhancement of reinstalling gems if they incorrectly ship with an empty installation dir. However, there's no way to distinguish this kind of bad state from a gem that's empty for real, for example, sorbet-static-and-runtime. This reverts commit 9720a9b, and adds a spec to make sure empty gems are not reinstalled every time.
…g-installation-detection Make sure empty gems are not reinstalled every time
It does not seem noisy anymore.
JRuby test updates
Removed not working script for Bundler 3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )