admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity
41,139 Commits 15 Branches 471 Tags
Commit Graph

32742 Commits

Author SHA1 Message Date
BrewTestBot
02e90c53eb
brew vendor-gems: commit updates. 2024-07-31 17:08:33 +00:00
dependabot[bot]
6eb7e58bfd
build(deps-dev): bump sorbet in /Library/Homebrew 
Bumps [sorbet](https://github.com/sorbet/sorbet) from 0.5.11500 to 0.5.11501.
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

---
updated-dependencies:
- dependency-name: sorbet
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-31 17:06:57 +00:00
Patrick Linnane
1af028f18a
Merge pull request #17920 from Homebrew/tapioca-args-fix 2024-07-31 09:53:41 -07:00
Bo Anderson
05d6c06c84
tapioca/compilers/args: remove non-AbstractCommand handling 2024-07-31 17:30:31 +01:00
William Woodruff
9d313b23eb
sandbox: disallow backslashes in path filter names 
This should really be an allowlist rather than a denylist,
but for the time being this at least prevents someone from
causing an obtuse sandbox error by naming a file something like
"foo\".

Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-31 12:10:51 -04:00
Mike McQuaid
ca22e9ccfa
Merge pull request #17904 from Homebrew/lock_improvements 2024-07-30 18:02:02 +01:00
Patrick Linnane
c609f24efb
Merge pull request #17908 from Homebrew/dependabot/bundler/Library/Homebrew/sorbet-0.5.11500 2024-07-30 09:53:58 -07:00
Patrick Linnane
65725edcdd
Merge pull request #17911 from Homebrew/dependabot/bundler/Library/Homebrew/racc-1.8.1 2024-07-30 09:52:03 -07:00
Mike McQuaid
e3a1a9dccf
Improve locking UX 
My experience recently playing around with our locking behaviour is
that, while mostly seamless and not seen by users, it's leaks
implementation details a bit too heavily.

As a result, the following improvements are in this commit:
- Ensure that, whenever possible, we tell the user the actual command
  that is holding a given lock instead of the lock name (an internal
  implementation detail)
- Make the locking error output a little more consistent and user
  friendly
- Add a `DownloadLock` class to simplify locking downloads
- Add a `HOMEBREW_LOCK_CONTEXT` variable to allow adding additional
  context for logging error messages
- Lock paths and leave deciding how this translates to lock names up
  to the locking code itself
- Lock the Cellar/Caskroom paths explicitly rather than implicitly

Co-authored-by: Carlo Cabrera <30379873+carlocab@users.noreply.github.com>
 2024-07-30 17:51:02 +01:00
BrewTestBot
88eb68b799
Update RBI files for sorbet. 
Autogenerated by the [vendor-gems](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/vendor-gems.yml) workflow.
 2024-07-30 16:43:10 +00:00
BrewTestBot
14553e367f
brew vendor-gems: commit updates. 2024-07-30 16:42:50 +00:00
dependabot[bot]
2876c6bce2
build(deps-dev): bump sorbet in /Library/Homebrew 
Bumps [sorbet](https://github.com/sorbet/sorbet) from 0.5.11495 to 0.5.11500.
- [Release notes](https://github.com/sorbet/sorbet/releases)
- [Commits](https://github.com/sorbet/sorbet/commits)

---
updated-dependencies:
- dependency-name: sorbet
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-30 09:41:28 -07:00
BrewTestBot
987481a0e4
brew vendor-gems: commit updates. 2024-07-30 16:40:43 +00:00
dependabot[bot]
21b5931b99
build(deps-dev): bump racc from 1.8.0 to 1.8.1 in /Library/Homebrew 
Bumps [racc](https://github.com/ruby/racc) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/ruby/racc/releases)
- [Changelog](https://github.com/ruby/racc/blob/master/ChangeLog)
- [Commits](https://github.com/ruby/racc/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: racc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-30 15:56:12 +00:00
dependabot[bot]
4ca51e5625
build(deps-dev): bump spoom from 1.4.1 to 1.4.2 in /Library/Homebrew 
Bumps [spoom](https://github.com/Shopify/spoom) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/Shopify/spoom/releases)
- [Commits](https://github.com/Shopify/spoom/compare/v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: spoom
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-30 15:54:55 +00:00
William Woodruff
6e9947d570
Merge pull request #17897 from Homebrew/ww/std-pip-args-allow-wheel 2024-07-30 11:49:17 -04:00
William Woodruff
575592d7f9
Update Library/Homebrew/language/python.rb 
Co-authored-by: Bo Anderson <mail@boanderson.me>
 2024-07-30 11:38:07 -04:00
William Woodruff
9804e58ceb
python: don't assume resources have URLs 
Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-30 09:51:33 -04:00
William Woodruff
c6ba4844b3
specialize wheel resource handling 
Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-30 08:38:58 -04:00
Carlo Cabrera
0f71de045e
brew.sh: fix brew -v 
`brew -v` was previously equivalent to `brew --version`, but it
currently returns the output of `brew help`. (This also occurs with
`brew -x`, where x is any single character.)

This is because the `-?` pattern matches `-` followed by any single
character. We need to quote it to capture the intended meaning.
 2024-07-30 17:09:11 +08:00
Mike McQuaid
cae9660c36
Merge pull request #17773 from branchvincent/node-shebangs 2024-07-30 08:34:29 +01:00
Mike McQuaid
33f555eac9
Merge pull request #17901 from iMichka/archive 2024-07-30 08:31:09 +01:00
Bo Anderson
1b8a8a0902
attestation: only extract credentials when necessary 2024-07-30 04:51:29 +01:00
Bo Anderson
a0a3333ee4
utils/github/api: fix encoding errors when reading from keychain 2024-07-30 04:51:00 +01:00
Michka Popoff
352678d933
feat: enable audit for wayback urls on all formulae 
Still for core only

Follow up of #16476

With https://github.com/Homebrew/homebrew-core/pull/160050 all formuale in core have been treated
 2024-07-29 23:55:17 +02:00
BrewTestBot
2f395346e7
Update RBI files for spoom. 
Autogenerated by the [vendor-gems](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/vendor-gems.yml) workflow.
 2024-07-29 18:51:04 +00:00
BrewTestBot
298af3d084
brew vendor-gems: commit updates. 2024-07-29 18:50:49 +00:00
dependabot[bot]
e8b5f023cc
build(deps-dev): bump spoom from 1.4.0 to 1.4.1 in /Library/Homebrew 
Bumps [spoom](https://github.com/Shopify/spoom) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/Shopify/spoom/releases)
- [Commits](https://github.com/Shopify/spoom/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: spoom
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-29 18:35:36 +00:00
William Woodruff
107d57d220
extend/kernel: forward the latest: kwarg 
Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-29 13:43:42 -04:00
William Woodruff
5e0e0d56af
attestation: remove gh version detection 
I'm declaring bankruptcy on this entire approach:

1. We can attempt to match on versions, but this will fail
   when the version of `gh` installed is built from `HEAD`
   or similar.
2. We can match on dates instead (since `gh --version` also includes
   the date), but this is even more brittle + implies a support
   contract we don't actually have (we don't actually want
   to say we support random dated builds between public releases
   of `gh`).

This moves us back to a simpler approach: if `gh` is present,
we use it. If `gh` is not present, we attempt to install it
with `ensure_executable!`. If the user's `gh` is present but too old,
it'll fail during attestation verification with a reasonable error,
which IMO is fine for now since this is all still in beta.

Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-29 13:13:55 -04:00
William Woodruff
38e47ea996
Merge pull request #17896 from Homebrew/ww/pypi-normalize 2024-07-29 10:38:14 -04:00
William Woodruff
de582fbdbf
resource_auditor: make typechecker happy 
Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-29 10:27:42 -04:00
William Woodruff
921fa5b6ed
resource_auditor: normalize PyPI names to kebab case before auditing 
Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-29 10:18:17 -04:00
Mike McQuaid
96cbc7bd6e
dev-cmd/release: add missing require. 2024-07-29 09:25:51 +01:00
Issy Long
9e98bbf59a
Revert "dev-cmd/contributions: Show only the CSV output for --csv" 2024-07-28 19:28:19 +01:00
Issy Long
df6b06c57e
Merge pull request #17888 from Homebrew/bin-pathname-audit-bugs 
rubocops/text: Allow all "#{bin}/foo" interpolated strings with spaces
 2024-07-28 17:44:59 +01:00
Patrick Linnane
6509dc1f29
Merge pull request #17883 from bevanjkay/unpack-strategy-types 2024-07-28 09:30:24 -07:00
Issy Long
f0084e611a
rubocops/text: Allow all "#{bin}/foo" interpolated strings with spaces 
- This was complaining about `shell_output("#{bin}/abricate-get_db --help 2>&1")` which it shouldn't have.
 2024-07-28 17:18:35 +01:00
Issy Long
c880dd4350
dev-cmd/contributions: Show only the CSV output for --csv 
- This was noisy when using `--csv` as it would print the text output
  and then the CSV output.
 2024-07-28 16:17:07 +01:00
Sam Ford
a196898ad3
unpack_strategy/cab: align method order 
This simply moves the `Cab#dependencies` method above
`#extract_to_dir`, to align it with the other strategies.
 2024-07-28 10:17:23 -04:00
Sam Ford
6918160fd9
UnpackStrategy: Make #dependencies non-nilable 
`T.nilable` was removed from the `P7Zip#dependencies` type signature
in a previous commit, as `UnpackStrategy#dependencies` doesn't allow
for a nilable return type. This updates the type signature for the
other `#dependencies` methods to also remove `T.nilable`, as they
would produce a runtime error otherwise.
 2024-07-28 10:15:02 -04:00
Bevan Kay
0a658a3290
unpack_strategy/p7zip: update types 2024-07-28 22:31:38 +10:00
Bevan Kay
98ec6a9722
unpack_strategy: update types 2024-07-28 22:31:38 +10:00
Issy Long
0af1ce866c
utils/github/api: Fix uninitialized constant Etc 
- I saw this in:

```
Error: uninitialized constant GitHub::API::Etc
Warning: Removed Sorbet lines from backtrace!
Rerun with `--verbose` to see the original backtrace
/opt/homebrew/Library/Homebrew/utils/github/api.rb:140:in `uid_home'
/opt/homebrew/Library/Homebrew/utils/github/api.rb:154:in `block in github_cli_token'
/opt/homebrew/Library/Homebrew/utils/uid.rb:8:in `drop_euid'
/opt/homebrew/Library/Homebrew/utils/github/api.rb:150:in `github_cli_token'
/opt/homebrew/Library/Homebrew/utils/github/api.rb:194:in `credentials'
/opt/homebrew/Library/Homebrew/utils/github/api.rb:251:in `open_rest'
/opt/homebrew/Library/Homebrew/utils/github/api.rb:334:in `open_graphql'
/opt/homebrew/Library/Homebrew/utils/github.rb:414:in `members_by_team'
/opt/homebrew/Library/Homebrew/dev-cmd/contributions.rb:71:in `run'
/opt/homebrew/Library/Homebrew/brew.rb:95:in `<main>'
```
 2024-07-27 23:45:16 +01:00
Mike McQuaid
7abc6f4349
cask/installer: improve *_FORBIDDEN_* env handling. 
- Improve the error message when a cask or formula is forbidden by an
  environment variable (fixes #17880)
- Move the `forbidden_tap_check` and `forbidden_cask_and_formula_check`
  methods to the top of the `install` method, so that they are checked
  before the main cask is downloaded.
 2024-07-27 16:13:51 +01:00
Mike McQuaid
04621bab95
Merge pull request #17879 from Homebrew/kernel_require_utils 2024-07-26 20:02:00 +01:00
William Woodruff
0b2a74dcd9
Merge pull request #17878 from Homebrew/ww/mirrored-bottle-attestations 2024-07-26 14:48:54 -04:00
Mike McQuaid
42438f45ae
extend/kernel: add missing utils require. 
Don't require this globally to avoid slowing down boot.
 2024-07-26 19:48:51 +01:00
William Woodruff
6e2975d026
attestation: handle mirrored bottles correctly 
Signed-off-by: William Woodruff <william@yossarian.net>
 2024-07-26 14:26:45 -04:00
Mike McQuaid
a901a9c389
sbom: ensure Homebrew versions are more consistent. 
Avoid making bottles non-reproducible by ensuring that the Homebrew
version doesn't include the full commit hash but just a `-dev` suffix.

This is similar to the approach we use for analytics.
 2024-07-26 17:37:05 +01:00