Merge branch 'rubygems:master' into fix-bundle-plugin-bug

Author: dfop02

.github/dependabot.yml

@@ -5,7 +5,7 @@ updates:
     schedule:
       interval: 'weekly'
   - package-ecosystem: 'cargo'
-    directory: '/test/rubygems/test_gem_ext_cargo_builder/custom_name/'
+    directory: '/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib'
     schedule:
       interval: 'weekly'
   - package-ecosystem: 'cargo'

.github/workflows/install-rubygems.yml

@@ -105,7 +105,7 @@ jobs:
           ruby-version: ${{ matrix.ruby.value }}
           bundler: none
       - name: Setup java
-        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+        uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
         with:
           distribution: temurin
           java-version: 19.0.2

.github/workflows/jruby-bundler.yml

@@ -36,7 +36,7 @@ jobs:
           ruby-version: jruby-9.4.2.0
           bundler: none
       - name: Setup java
-        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+        uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
         with:
           distribution: temurin
           java-version: 19.0.2

.github/workflows/weekly-update.yml

@@ -0,0 +1,43 @@
+name: weekly-update
+
+on:
+  schedule:
+    - cron: '0 0 * * 0'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  weekly_update:
+    name: Rubygems weekly update
+    runs-on: ${{ matrix.os }}
+    if: github.repository == 'rubygems/rubygems'
+    strategy:
+      matrix:
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Config git
+        run: |
+          git config --global user.name "License Update"
+          git config --global user.email license.update@rubygems.org
+          git config --global push.autoSetupRemote true
+
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - name: Check versions
+        run: |
+          ruby --version
+          rake --version
+
+      - name: Update SPDX license list
+        run: |
+          rake update_licenses_branch
+          git diff --no-ext-diff --ignore-submodules --quiet "${BASE##*/}" -- || {
+            git push origin
+            gh pr create --base "${BASE##*/}" --fill --label "rubygems: enhancement"
+          }
+        env:
+          BASE: ${{ github.ref }}
+          GH_TOKEN: ${{ github.token }}

CHANGELOG.md

@@ -1,3 +1,39 @@
+# 3.4.19 / 2023-08-17
+
+## Enhancements:
+
+* Installs bundler 2.4.19 as a default gem.
+
+## Performance:
+
+* Speedup building docs when updating rubygems. Pull request
+  [#6864](https://github.com/rubygems/rubygems/pull/6864) by
+  deivid-rodriguez
+
+# 3.4.18 / 2023-08-02
+
+## Enhancements:
+
+* Add poller to fetch WebAuthn OTP. Pull request
+  [#6774](https://github.com/rubygems/rubygems/pull/6774) by jenshenny
+* Remove side effects when unmarshaling old `Gem::Specification`. Pull
+  request [#6825](https://github.com/rubygems/rubygems/pull/6825) by nobu
+* Ship rubygems executables in `exe` folder. Pull request
+  [#6704](https://github.com/rubygems/rubygems/pull/6704) by hsbt
+* Installs bundler 2.4.18 as a default gem.
+
+# 3.4.17 / 2023-07-14
+
+## Enhancements:
+
+* Installs bundler 2.4.17 as a default gem.
+
+## Performance:
+
+* Avoid unnecessary work for private local gem installation. Pull request
+  [#6810](https://github.com/rubygems/rubygems/pull/6810) by
+  deivid-rodriguez
+
 # 3.4.16 / 2023-07-10
 
 ## Enhancements:

Manifest.txt

@@ -403,6 +403,9 @@ lib/rubygems/ext/ext_conf_builder.rb
 lib/rubygems/ext/rake_builder.rb
 lib/rubygems/gem_runner.rb
 lib/rubygems/gemcutter_utilities.rb
+lib/rubygems/gemcutter_utilities/webauthn_listener.rb
+lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb
+lib/rubygems/gemcutter_utilities/webauthn_poller.rb
 lib/rubygems/indexer.rb
 lib/rubygems/install_default_message.rb
 lib/rubygems/install_message.rb
@@ -541,8 +544,6 @@ lib/rubygems/util/list.rb
 lib/rubygems/validator.rb
 lib/rubygems/version.rb
 lib/rubygems/version_option.rb
-lib/rubygems/webauthn_listener.rb
-lib/rubygems/webauthn_listener/response.rb
 lib/rubygems/yaml_serializer.rb
 rubygems-update.gemspec
 setup.rb

POLICIES.md

@@ -95,7 +95,7 @@ and not get any conflicts.
     changelogs into master.
 *   Once CI passes, merge the release PR, switch to the stable branch and pull
     the PR just merged.
-*   Release `bundler` with `(cd bundler && bin/rake release)`.
+*   Release `bundler` with `rake bundler:release`.
 *   Release `rubygems` with `rake release`.
 
 ### Steps for minor and major releases
@@ -112,7 +112,7 @@ and not get any conflicts.
     to the master PR.
 *   Once CI passes, merge the release PR, switch to  the stable branch and pull
     the PR just merged.
-*   Release `bundler` with `(cd bundler && bin/rake release)`.
+*   Release `bundler` with `rake bundler:release`.
 *   Release `rubygems` with `rake release`.
 
 ## Committer Access

Rakefile

@@ -418,8 +418,8 @@ namespace "blog" do
       digest = OpenSSL::Digest::SHA256.file(file).hexdigest
       basename = File.basename(file)
 
-      checksums << "* #{basename}  \n"
-      checksums << "  #{digest}\n"
+      checksums += "* #{basename}  \n"
+      checksums += "  #{digest}\n"
 
       release_url = URI("https://rubygems.org/#{file.end_with?("gem") ? "gems" : "rubygems"}/#{basename}")
       response = Net::HTTP.get_response(release_url)
@@ -547,9 +547,23 @@ task :check_manifest do
   end
 end
 
+license_last_update = nil
+
 desc "Update License list from SPDX.org"
 task :update_licenses do
   load "tool/generate_spdx_license_list.rb"
+  license_last_update = generate_spdx_license_list
+end
+
+desc "Create branch to update License list"
+task :update_licenses_branch => :update_licenses do
+  if license_last_update
+    file, mtime = license_last_update
+    date = mtime.strftime("%Y-%m-%d")
+    branch_name = "license-list-#{date}"
+    system(*%w[git checkout -b], branch_name, exception: true)
+    system(*%w[git commit -m], "Update SPDX license list as of #{date}", *file, exception: true)
+  end
 end
 
 require_relative "bundler/spec/support/rubygems_ext"
@@ -727,7 +741,9 @@ namespace :bundler do
   task :build => ["bundler:build_metadata"] do
     Rake::Task["bundler:build_metadata:clean"].tap(&:reenable).invoke
   end
-  task "bundler:release:rubygem_push" => ["bundler:release:setup", "man:check", "bundler:build_metadata", "bundler:release:github"]
+
+  desc "Push to rubygems.org"
+  task "release:rubygem_push" => ["bundler:release:setup", "man:check", "bundler:build_metadata", "bundler:release:github"]
 
   desc "Generates the changelog for a specific target version"
   task :generate_changelog, [:version] do |_t, opts|

bundler/CHANGELOG.md

@@ -1,3 +1,43 @@
+# 2.4.19 (August 17, 2023)
+
+## Enhancements:
+
+  - Add `file` option to `ruby` method in Gemfile [#6876](https://github.com/rubygems/rubygems/pull/6876)
+  - Show better error when PAT can't authenticate to a private server [#6871](https://github.com/rubygems/rubygems/pull/6871)
+  - Don't fallback to old dependency API when bad credentials are configured [#6869](https://github.com/rubygems/rubygems/pull/6869)
+
+## Bug fixes:
+
+  - Fix git source conservativeness [#6850](https://github.com/rubygems/rubygems/pull/6850)
+
+## Documentation:
+
+  - Clarify that `bundle info` takes a gem name [#6875](https://github.com/rubygems/rubygems/pull/6875)
+
+# 2.4.18 (August 2, 2023)
+
+## Security:
+
+  - Merge URI-0.12.2 for Bundler [#6779](https://github.com/rubygems/rubygems/pull/6779)
+
+## Enhancements:
+
+  - Update Magnus version in Rust extension gem template [#6843](https://github.com/rubygems/rubygems/pull/6843)
+
+## Documentation:
+
+  - Update bundle-outdated(1) man to use table output [#6833](https://github.com/rubygems/rubygems/pull/6833)
+
+# 2.4.17 (July 14, 2023)
+
+## Enhancements:
+
+  - Avoid printing "Using ..." messages when version has not changed [#6804](https://github.com/rubygems/rubygems/pull/6804)
+
+## Bug fixes:
+
+  - Fix `bundler/setup` unintendedly writing to the filesystem [#6814](https://github.com/rubygems/rubygems/pull/6814)
+
 # 2.4.16 (July 10, 2023)
 
 ## Bug fixes:

bundler/doc/playbooks/RELEASING.md

@@ -93,8 +93,8 @@ $ git cherry-pick -m 1 dd6aef9
 
 After running the task, you'll have a release branch ready to be merged into the
 stable branch. You'll want to open a PR from this branch into the stable branch
-and provided CI is green, you can go ahead, merge the PR and run `bin/rake
-release` from `bundler/` directory in the updated stable branch.
+and provided CI is green, you can go ahead, merge the PR and run `rake
+bundler:release` from the updated stable branch.
 
 Here's the checklist for releasing new minor versions:
 
@@ -105,8 +105,8 @@ Here's the checklist for releasing new minor versions:
   a PR to the stable branch with the generated changes.
 * [ ] Get the PR reviewed, make sure CI is green, and merge it.
 * [ ] Pull the updated stable branch, wait for CI to complete on it and get excited.
-* [ ] Run `bin/rake release` from the `bundler/` directory updated stable
-  branch, tweet, blog, let people know about the prerelease!
+* [ ] Run `rake bundler:release` from the updated stable branch, tweet, blog,
+  let people know about the prerelease!
 * [ ] Wait a **minimum of 7 days**
 * [ ] If significant problems are found, increment the prerelease (i.e. 2.2.pre.2)
   and repeat, but treating `.pre.2` as a _patch release_. In general, once a stable
@@ -124,8 +124,8 @@ Wait! You're not done yet! After your prelease looks good:
 * [ ] Write a blog post announcing the new version, highlighting new features and
   notable bugfixes
 * [ ] Pull the updated stable branch, wait for CI to complete on it and get excited.
-* [ ] Run `bin/rake release` in the `bundler/` directory of the updated stable
-  branch, tweet, link to the blog post, etc.
+* [ ] Run `rake bundler:release` from the updated stable branch, tweet, link to
+  the blog post, etc.
 
 At this point, you're a release manager! Pour yourself several tasty drinks and
 think about taking a vacation in the tropics.