Bundler does not really have a concept of "development dependencies",
like RubyGems has. Bundler has the more generic concept of "groups".
Under the hood, the `gemspec` DSL will put gemspec development
dependencies under a `:development` Gemfile group, but there's no reason
to instantiate these as development dependencies, they are regular
runtime dependencies, except that they belong in a group named
:development.
By never instantiating development dependencies at all, we avoid having
to introduce hacks to "undo" the type Bundler does not know about, and I
also think the error messages read better.
9a06fa5bda
- Similar change than 29a1be0008,
keep a single source of truth where we store the platform.
The only change worth highlighing is the platform "maglev".
It was not part of the supported platform of dependencies,
so calling `gem 'foo', plaftorm: 'maglev'` would not work.
However, it was supposed to according to 45ec86e2e5.
That's why it was possible to do `Bundler.current_ruby.maglev?` or
`Bundler.current_ruby.maglev_30?`.
I didn't change the current behaviour and maglev is not supported,
though I kept the `*maglev` methods as I believe CurrentRuby is
public API.
29e219ebcf
After having a second look at this deprecation, the explanation that
we're giving does not make a lot of sense. When working only with local
gems, Bundler will indeed generate a different lockfile depending on
the latest installed version of each gem is at `bundle install` time.
That's the same situation that happens with remote sources: Bundler will
generate a different lockfile depending on the latest version of each
gem available remotely.
So, I don't think "a consistent lockfile not getting generated" is a
good motivation for deprecating this.
Also, this deprecation brings additional challenges, since for example,
it should arguably not get printed when using `bundle install --local`?
The original problem when this deprecation was introduced was an
incorrect message about a missing gem having been yanked.
So, I think a better solution is to, as long as we give proper error
messages when things go wrong, let users do what's best for them and
undo the deprecation.
17499cb83f
DSLError prints the specific line in a Gemfile where the error was
raised. That's helpful when the error was explicitly raised by the
Gemfile DSL or, in the case it's implicitly raised, when the offending
code lives right in the Gemfile.
If it's an internal error, or something buried dowm in user code called
from the Gemfile, `DSLError` is not helpful since it hides the actual
culprit.
This commit tries to only raise `DSLError` in the cases mentioned above
and otherwise let the original error be raised.
b30ff5a682
This new shorthand, similar to the existing `github:` shorthand, adds
support for Gitlab repositories with a notable difference. Gitlab
projects may be organized into projects and subprojects. An example
Ruby gem exists at:
https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-rb
With the new shorthand, a user may install this gem from its repository
by adding:
```ruby
gem "gitlab-sdk", gitlab: "gitlab-org/analytics-section/product-analytics/gl-application-sdk-rb"
```
As with the `github:` shorthand, a supplied string with no `/` will be
interpreted as `example/example`.
Also in keeping with the utility of the `github:` shorthand, the new
`gitlab:` shorthand also supports Merge Request URLs.
```ruby
gem "gitlab-sdk", gitlab: "https://gitlab.com/gitlab-org/analytics-section/product-analytics/gl-application-sdk-rb/-/merge_requests/27"
```
The `gitlab:` gem source shortcut is modeled on the existing `github:`
shortcut, so the new specs mimic the existing examples.
f4399018c0
Generally the removed message is very similar, but often it needs to
specify that the feature has "been removed" instead of "will be
removed", or "been deprecated". And a few chunks of text needed more
substantial updates. And a number of them seemed to have been carefully
crafted to make sense in either context, so I left those alone.
8d42cf9104
If a Gemfile duplicates a development dependency also defined in a local
gemspec with a different requirement, the requirement in the local
gemspec will be silently ignored.
This surprised me.
I think we should either:
* Make sure both requirements are considered, like it happens for
runtime dependencies (I added a spec to illustrate the current behavior
here).
* Add a warning that the requirement in the gemspec will be ignored.
I think the former is slightly preferable, but it may cause some
bundle's that previously resolve to no longer resolver.
I went with the latter but the more I think about it, the more this
seems like it should behave like the former.
ad6843972f
Generally this warning is skipped for gemspec development dependencies.
I think because it's common to override them in the Gemfile to change
the source, for example.
But the order of conditions was not correct and the warning was still
being printed in one case.
da9d1d6a3f
Very often github source is used to temporarily use a modified gem
while a PR upstream is being reviewed.
So for instance https://github.com/ruby/bigdecimal/pull/211 will look like:
```ruby
gem "bigdecimal", github: "casperisfine/bigdecimal", branch: "git-gem" # https://github.com/ruby/bigdecimal/pull/200
```
It's annoying because you have to fiddle with the branch name, which is copied as `casperisfine:git-gem`, etc etc.
If I could simply use the PR URL like this:
```
gem "bigdecimal", github: "https://github.com/ruby/bigdecimal/pull/211"
```
It would make a very common task for me so much simpler.
517c527751
`check_rubygems_source_safety` is responsible for:
1. if there are multiple global sources
- for bundle 3.x raise an error
- for bundle 2.x print a warning
2. print a warning if there is no explicit global source
The second responsibility was added recently and now the logic could be
extracted to improve readability. Conditions are still live in the `check_rubygems_source_safety` method
since we don't want to call both functions always and that would help us achieve that.
f3d7e946ee
Raise a warning when parsing a Gemfile and it doesn't have a global source. Gemfiles like this, specially now that rubygems sources are are no longer merged into a single source for security, are very confusing because they generate a different lockfile depending on the gems you have locally installed. This is because bundler always use an implicit global source that defaults to locally installed gems.
b7523ad21c
When a development dependency was duplicated inside the gemspec and
Gemfile with the same requirements, we went from printing a warning to
removing the gem altogether.
This change makes it not print a warning, but don't remove the gem
either.
8bb2488131
