Method calls with keyword splat args compile differently than
without since they merge the keyword arg hash with the keyword splat
hash. We know this information at parse time, so can set a flag
which the compiler can use.
https://github.com/ruby/prism/commit/e5f8a9a3cd
We used `Bundler::RubyVersion.system.gem_version` for a long time, but I
changed this to `Gem.ruby_version` at
https://github.com/rubygems/rubygems/commit/94f96439438e. It's unclear why I did that
though since I believe it was unrelated to the fix in there.
Bootboot patches `Bundler::RubyVersion` to customize how Bundler works
with Ruby versions, and that change broke that.
Since it's unclear to me how to achieve what Bootboot is doing with the
current code, and there was no strong reason for the change, let's
restore it for now.
https://github.com/rubygems/rubygems/commit/8ec36c6017
Improve error reporting for checksums, raises a new error class.
Solve for multi-source checksum errors.
Add CHECKSUMS to tool/bundler/(dev|standard|rubocop)26_gems.rb
https://github.com/rubygems/rubygems/commit/26ceee0e76
Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
https://github.com/rubygems/rubygems/commit/86c7084e1c
1. Use the checksum provided by the server if provided: provides security
knowing if the gem you downloaded matches the gem on the server
2. Calculate the checksum from the gem on disk: provides security knowing
if the gem has changed between installs
3. In some cases, neither is possible in which case we don't put anything
in the checksum and we maintain functionality as it is today
Add the checksums to specs in the index if we already have them
Prior to checksums, we didn't lose any information when overwriting specs
in the index with stubs. But now when we overwrite EndpointSpecifications
or RemoteSpecifications with more generic specs, we could lose checksum
info. This manually sets checksum info so we keep it in the index.
https://github.com/rubygems/rubygems/commit/de00a4f153
We lock the checksum for each resolved spec under a new CHECKSUMS
section in the lockfile.
If the locked spec does not resolve for the local platform, we preserve
the locked checksum, similar to how we preserve specs.
Checksum locking only makes sense on install. The compact index
information is only available then.
https://github.com/rubygems/rubygems/commit/bde37ca6bf
These are necessary to get the tests passing with LibreSSL 3.8.1+,
which dropped support for TLSv1.0 and TLSv1.1 for security reasons.
This updates the tests to use TLSv1.2 on OpenBSD. This is only
strictly necessary on OpenBSD 7.4+, but it will work fine in previous
versions as well.
https://github.com/ruby/drb/commit/32707b2db5
Currently, you can install multiple versions of the same gem just fine:
```
$ gem install simplecov:0.19.0 simplecov:0.22.0
Fetching simplecov-0.19.0.gem
Successfully installed simplecov-0.19.0
Parsing documentation for simplecov-0.19.0
Installing ri documentation for simplecov-0.19.0
Done installing documentation for simplecov after 0 seconds
Fetching simplecov-0.22.0.gem
Successfully installed simplecov-0.22.0
Parsing documentation for simplecov-0.22.0
Installing ri documentation for simplecov-0.22.0
Done installing documentation for simplecov after 0 seconds
2 gems installed
```
But to uninstall both of them, you need to run the equivalent uninstall
command twice:
```
~$ gem uninstall simplecov:0.19.0 simplecov:0.22.0
Successfully uninstalled simplecov-0.22.0
~$ gem uninstall simplecov:0.19.0 simplecov:0.22.0
Gem 'simplecov' is not installed
Successfully uninstalled simplecov-0.19.0
```
This resolves that problem by using the gem's full name (which includes
the version) when tracking which ones have already been uninstalled so
when it gets to the second version listed it doesn't think it was
already uninstalled.
https://github.com/rubygems/rubygems/commit/d96101b753
Vinicius Stock
Kevin Newton
Jemma Issroff
Michael Chui
Samuel Giddins
OKURA Masafumi
Hiroshi SHIBATA
dearblue
Mau Magnaguagno
David Rodríguez
Martin Emde
Martin Emde
Mercedes Bernard
Thong Kuah
Stan Lo
Matt Valentine-House
Jeremy Evans
Kyle Stevens