[pull] master from ruby:master#993
Merged
pull[bot] merged 25 commits intoturkdevops:masterfrom May 7, 2026
Merged
Conversation
Bumps the rb-sys group with 1 update in the /test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib directory: [rb-sys](https://github.com/oxidize-rb/rb-sys). Bumps the rb-sys group with 1 update in the /test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example directory: [rb-sys](https://github.com/oxidize-rb/rb-sys). Updates `rb-sys` from 0.9.125 to 0.9.127 - [Release notes](https://github.com/oxidize-rb/rb-sys/releases) - [Commits](oxidize-rb/rb-sys@v0.9.125...v0.9.127) Updates `rb-sys` from 0.9.125 to 0.9.127 - [Release notes](https://github.com/oxidize-rb/rb-sys/releases) - [Commits](oxidize-rb/rb-sys@v0.9.125...v0.9.127) --- updated-dependencies: - dependency-name: rb-sys dependency-version: 0.9.127 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rb-sys - dependency-name: rb-sys dependency-version: 0.9.127 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: rb-sys ... Signed-off-by: dependabot[bot] <support@github.com> ruby/rubygems@79a46384f1
```
compiling ../imemo.c
../imemo.c:563:20: warning: unused variable 'shape_id' [-Wunused-variable]
563 | shape_id_t shape_id = RBASIC_SHAPE_ID((VALUE)fields);
| ^~~~~~~~
1 warning generated.
```
Bundler::LockfileParser#initialize silently accepted any string input, including Gemfiles or arbitrary text, producing an empty parser with no indication that the input was invalid. This caused downstream tooling like bundler-audit to operate on unvalidated content. Detect non-lockfile content by checking for any of the known section headers; empty input is left untouched for backward compatibility. Rather than raising immediately, emit a deprecation warning via SharedHelpers.feature_deprecated! announcing that a future Bundler version will raise LockfileError. Expose LockfileParser#valid? so callers can branch on the result without string-matching the message. Fixes ruby/rubygems#8932 ruby/rubygems@7607fe4a5d
ruby/rubygems@2a47650f64 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Introduce a value object that holds a target/field/operation triple for the upcoming Gemfile `override` DSL. apply_to dispatches on the operation: a version spec string replaces the requirement absolutely, :ignore_upper strips < and <= while folding ~> into >=, and nil collapses to Gem::Requirement.default. The :ignore_upper logic is taken from Shopify/bundler-ignore-dependency. ruby/rubygems@4c2cafa4e8 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Reserve a slot on Definition for the upcoming Gemfile `override` DSL. This commit only stores the data; the DSL entry point and the resolver hookup come in later commits. ruby/rubygems@6fb2bf90fe Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Introduce Gemfile-level `override target, field: operation, ...` that collects Bundler::Override instances and forwards them to Definition via to_definition. Validation and resolver hookup come in later commits; this commit only wires the entry point. ruby/rubygems@e2fc49141c Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Switch remove_upper_bounds from a lower-bound allow-list to an upper-bound reject-list so that operators other than <, <=, and ~> are kept verbatim. The previous logic, inherited from Shopify/bundler-ignore-dependency, dropped != exclusions and could silently re-allow versions the user had explicitly pinned out (e.g. >= 1.0, != 1.5.0, < 2.0 collapsed to >= 1.0). ruby/rubygems@7d73d9e035 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Version requirements are per-gem and have no meaning relative to the `:all` target. Raise ArgumentError at the DSL entry point and store nothing when this combination is given, even if other valid fields are mixed in the same call. ruby/rubygems@aabf71f46f Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Reject anything other than :all or a String for the target, fields outside `:version`, and operations that are not a String, nil, or one of the supported Symbol values (currently only :ignore_upper). Validation runs before any Override is recorded so that a multi-field call with an invalid entry leaves the DSL state untouched. ruby/rubygems@c3b7aeb6b9 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two override statements that target the same gem and the same field make it ambiguous which operation should win. Raise ArgumentError when the new (target, field) pair already exists in the recorded overrides, leaving the previously recorded entry untouched. ruby/rubygems@1c90030cf9 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pass the Definition's overrides through to Resolver::Base and rewrite each dependency's requirement at the entry of to_dependency_hash so both direct and transitive deps are reshaped before PubGrub sees them. The hook is the same point Shopify/bundler-ignore-dependency uses, since prepare_dependencies and the @cached_dependencies closure both funnel through to_dependency_hash. Override#apply_to handles all three operation kinds, so :ignore_upper and nil also start working from this commit; integration coverage for those paths follows in later commits. ruby/rubygems@93b1c5b46c Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ncies The Resolver-only hook reshapes deps just before PubGrub sees them, but it does not influence the Bundler::Dependency objects fed into Definition#expanded_dependencies. As a result the Resolver::Package built from each direct dep keeps the original requirement, so its prerelease policy and (in later commits) lockfile change detection ignore the override entirely. Apply the override to direct deps at expanded_dependencies as well so that Package metadata and convergence see the effective requirement; the Resolver hook remains responsible for transitive deps fetched from gemspecs. ruby/rubygems@6f397af4cc Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…lockfile converge_dependencies compared the original Gemfile dependency against the locked spec, so adding `override "foo", version: "= X"` to a previously installed bundle did not register as a change. additional_base_requirements_to_prevent_downgrades then kept forwarding the locked version as a >= base requirement, which intersected the override and made it a no-op. Pass overrides into Definition.new positionally so they are available before the constructor calls converge_dependencies, and compare each direct dep's effective requirement (after override) to the locked spec. ruby/rubygems@248e1ba385 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When the Gemfile dependency does not request a prerelease, Resolver::Package's prerelease policy normally filters them out. Because Definition#expanded_dependencies now feeds the effective (override-applied) dep into Resolver::Base, an override that pins an exact prerelease propagates into the package's prerelease decision and the prerelease becomes selectable. Lock that contract in with an integration test on a has_prerelease 1.0 / 1.1.pre fixture. ruby/rubygems@a40b224354 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Verify end-to-end that override(..., version: :ignore_upper) drops < / <= bounds and folds ~> into >= so a Gemfile-pinned 0.9.1 ceiling no longer prevents myrack 1.0.0 from being chosen. ruby/rubygems@95224cff50 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Verify end-to-end that override(..., version: nil) collapses the requirement to Gem::Requirement.default for both direct deps (a Gemfile pin to 0.9.1 is removed) and transitive deps (a myrack_middleware-imposed = 0.9.1 floor is removed). ruby/rubygems@7df463f5c7 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add an OVERRIDE section between GEMSPEC and SOURCE PRIORITY that covers the syntax, the three operations (version spec string, :ignore_upper, nil), and the lockfile-vs-resolution boundary. ruby/rubygems@275cbcaef3 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… lockfile converge_dependencies only iterates @Dependencies (Gemfile-declared direct deps), so an override that targets a gem present only as a transitive dependency never registered as a change. With an existing lockfile, @dependency_changes stayed false, the resolver was skipped, and the override was a silent no-op. After the direct-dep loop, inspect @OVERRIDES for any String target that is locked but not a direct dep and force it onto @gems_to_unlock / @changed_dependencies so resolution runs and the Resolver-side override hook applies. ruby/rubygems@a4f8f386f2 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- AC_ARG_ENABLE's action-if-given ran unconditionally for both
--enable-multiarch and --disable-multiarch, setting multiarch=""
in both cases
- ${multiarch+set} treats an empty-string variable as set, so
--disable-multiarch was silently ignored and multiarch stayed enabled
- Use AS_CASE([$enableval], ...) to unset multiarch when "no" is given
In glob_opendir(), each directory entry is copied before the entries array is grown. If growing ent->sort.entries fails, the function jumps to the nomem label before the copied entry is stored in the array. glob_dir_finish() only frees entries already recorded in ent->sort.entries, so the current rdp is leaked on that error path. Free rdp before jumping to nomem. Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
The first sub-test froze on the 6th comparator call. CRuby's insertion sort makes 10 comparisons reversing [1,2,3,4,5], but TimSort detects the descending run in 4 and never reaches 6 and the freeze line silently does nothing.
Separately, three independent paths (block + numeric, block + non-numeric, no-block + non-numeric) were bundled into one method even though the test had independent setup. Split into:
test_freeze_inside_sort_bang
test_freeze_inside_sort_bang_non_numeric_block
test_freeze_inside_sort_bang_non_numeric_no_block
`Pathname::SEPARATOR_PAT` should be private, but was not set to private just due to a typo. ruby/rubygems@67ce6df4c9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )