Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Pkg3 #27046

Merged
merged 8 commits into from
May 11, 2018
Merged

Bump Pkg3 #27046

merged 8 commits into from
May 11, 2018

Conversation

KristofferC
Copy link
Member

  • Downloads archives by treehash (content) instead of version name.
  • Fixes spammy progressbar in CI, fixes Excessive download progress output in CI logs #27040
  • Fixes a problem that dependencies for developed packages were merged with the dependencies in the registry for that version
  • Implements instantiate which just "realizes" a manifest without doing any resolving or anything. This is what you would if someone e.g. sent you their Project + Manifest and you want to have the same environment as them.
  • Fixes a problem with free when a registered package is added from a git repository.

KristofferC and others added 8 commits May 9, 2018 11:56
@KristofferC
fix that adding julia as a packag was possible (#267)
a221e91
@KristofferC
fix pin on repo added packages (#268)
24376f8 
* fix pin on repo added packages

* more pin free fixes
@KristofferC
fix some printing inconsistencies (#272)
76a6362 
* fix some printing inconsistencies
@KristofferC
no longer collect dependencies from the registry for fixed packages (#…
e0d5ea6 
…273)
@KristofferC
implement instantiate (#278)
6bd42a4 
can be used to instantiate a manifest without going through the resolver
also, show warning in status output about non downloaded packages
@simonbyrne @KristofferC
Download archives by tree hash instead of tag (#281)
4ec7bb2 
* Download archives by tree hash instead of tag

Since we don't do any validation of the archives, downloading based on tag presents a potential security hole whereby a compromised repository retags a version.

This should fix that by downloading the archive for the tree directly. Note that the documentation (https://developer.github.com/v3/repos/contents/#get-archive-link) says that it should be a valid git reference, but using hashes seems to work as well.

* add note to method
@KristofferC
use smaller granularity in progressbar when testing
978d2e8
@KristofferC
fix spelling of instantiate
980be60
@KristofferC KristofferC mentioned this pull request May 9, 2018
Closed
@KristofferC KristofferC closed this May 9, 2018
@KristofferC KristofferC reopened this May 9, 2018
@StefanKarpinski
Copy link
Member

Any reason not to merge?

@KristofferC KristofferC merged commit 749afcb into master May 11, 2018
@martinholters martinholters deleted the kc/bump_pkg3_8 branch May 12, 2018 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Excessive download progress output in CI logs
3 participants
@KristofferC @StefanKarpinski @simonbyrne