[pull] master from JuliaLang:master#4
Open
pull[bot] wants to merge 303 commits into
Open
Conversation
…y URL or devved (#4225) Co-authored-by: Kristoffer <kcarlsson89@gmail.com> Co-authored-by: Florian Atteneder <florian.atteneder@gmail.com>
Co-authored-by: SundaraRaman R <sundar.vignyaan@gmail.com> Co-authored-by: Viral B. Shah <viral@mayin.org>
Co-authored-by: gbaraldi <baraldigabriel@gmail.com>
Co-authored-by: KristofferC <kristoffer.carlsson@juliacomputing.com>
The code here appeared to be untested and broke whenever something actually used it.
Example backtrace:
```
julia> JLLPrefixes.collect_artifact_paths(["ripgrep_jll"])
ERROR: MethodError: no method matching haskey(::Vector{Base.UUID}, ::String)
The function `haskey` exists, but no method is defined for this combination of argument types.
Closest candidates are:
haskey(::Pkg.Types.Manifest, ::Any)
@ Pkg ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/Pkg/src/Types.jl:323
haskey(::REPL.Terminals.TTYTerminal, ::Any)
@ REPL ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/REPL/src/Terminals.jl:155
haskey(::LibGit2.CachedCredentials, ::Any)
@ LibGit2 ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/LibGit2/src/types.jl:1357
...
Stacktrace:
[1] fixups_from_projectfile!(ctx::Pkg.Types.Context)
@ Pkg.Operations ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/Pkg/src/Operations.jl:238
[2] add(ctx::Pkg.Types.Context, pkgs::Vector{…}, new_git::Set{…}; allow_autoprecomp::Bool, preserve::Pkg.Types.PreserveLevel, platform::Base.BinaryPlatforms.Platform, target::Symbol)
@ Pkg.Operations ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/Pkg/src/Operations.jl:1710
[3] add
@ ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/Pkg/src/Operations.jl:1680 [inlined]
[4] add(ctx::Pkg.Types.Context, pkgs::Vector{…}; preserve::Pkg.Types.PreserveLevel, platform::Base.BinaryPlatforms.Platform, target::Symbol, allow_autoprecomp::Bool, kwargs::@kwargs{…})
@ Pkg.API ~/.julia/juliaup/julia-nightly/share/julia/stdlib/v1.13/Pkg/src/API.jl:328
```
…alled app (#4263) Co-authored-by: KristofferC <kristoffer.carlsson@juliacomputing.com>
… subdir is devved by name (#4271)
Co-authored-by: KristofferC <kristoffer.carlsson@juliacomputing.com>
…4277) Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: KristofferC <kristoffer.carlsson@juliacomputing.com>
Co-authored-by: KristofferC <kristoffer.carlsson@juliacomputing.com> Co-authored-by: Claude <noreply@anthropic.com>
…4396) Co-authored-by: KristofferC <kristoffer.carlsson@juliacomputing.com>
…by `[sources]` (#4611)
…icate their wrapper-ness in some way (#4625)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…o the General registry docs (#4626) Co-authored-by: Ian Butterworth <i.r.butterworth@gmail.com>
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Switch from the deprecated 2-arg `complete_path(path, pos)` to the 1-arg `complete_path(path)` form, and adapt to JuliaLang/julia#61397 which renamed `shell_escape` to `cmd_escape`. Co-authored-by: Claude <noreply@anthropic.com>
…compile (#4658) * Fix workspace test path: use test env Context for instantiate and precompile Previously, `Pkg.precompile()` was called without a Context, so it used the currently active (parent) project instead of the test project. The `instantiate` call also created a throwaway Context each time. Create a shared `test_ctx` pointing at the test env and pass it to both `instantiate` and `precompile` so they operate on the correct project. * Test that workspace test deps are precompiled Assert in WorkspaceTestInstantiate's runtests.jl that Example (a test-only dep) is precompiled before it is loaded. This catches the bug where Pkg.precompile targeted the parent project instead of the test subproject. * allow autoprecomp
The `syntax.julia_version` field written to Manifest.toml was recording the full DEV build number (e.g. `1.13.0-DEV.1234`) instead of dropping it to just `1.13.0-DEV`. This caused unnecessary manifest churn on each build, inconsistent with the behavior of the top-level `julia_version` field which already uses `dropbuild`. Fix `get_project_syntax_version` to: - Return `p.julia_syntax_version` directly instead of the undefined `syntax_table["julia_version"]` (which was a bug) - Apply `dropbuild(VERSION)` when falling back to the current Julia version Fixes JuliaLang/julia#61578 Co-authored-by: Claude <claude@anthropic.com>
* activate: warn if different versions are loaded * Add tests, docs, and changelog for activate mismatch warning - CHANGELOG: note the new warning under v1.14. - environments.md: document that activation does not unload modules and Pkg now warns on path/version mismatches. - test/api.jl: subprocess tests covering the warning, suppression on re-activating the same env, and the per-(project, package) dedup.
Bumps [julia-actions/setup-julia](https://github.com/julia-actions/setup-julia) from 2 to 3. - [Release notes](https://github.com/julia-actions/setup-julia/releases) - [Commits](julia-actions/setup-julia@v2...v3) --- updated-dependencies: - dependency-name: julia-actions/setup-julia dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ian Butterworth <i.r.butterworth@gmail.com>
…on a stale manifest (#4678) * instantiate: add `update_on_mismatch` kwarg to fall back to `update` on a stale manifest For tooling and helper environments (formatters, doc-render scripts, etc.), the strict default of `Pkg.instantiate` is the wrong fit: the maintainer wants the env to keep working across teammates editing `Project.toml` and Julia minor bumps, without paying the registry-update + precompilation cost of a blanket `Pkg.update()` on every run. The new `update_on_mismatch::Bool` kwarg (and `-u` / `--update_on_mismatch` REPL flag) makes `instantiate` fall back to `Pkg.update()` whenever the existing manifest cannot be used as-is, instead of warning or erroring. The default (`false`) preserves the existing behavior. * fix workspace forwarding --------- Co-authored-by: Ian Butterworth <i.r.butterworth@gmail.com>
* prefer adding already loaded dep versions * fix: make it a preference, not a fix * fix: prefer loaded versions via resolver weight, not pinning Remove apply_preferred_versions_to_direct! which was setting pkg.version = VersionSpec(pref_version) for direct deps, creating a hard constraint instead of a soft preference. The resolver's PREFERRED_VERSION_WEIGHT_BONUS already handles this correctly as a soft preference for all packages (both direct and indirect). Also pass preferred_versions to all resolution tiers instead of only an extra first tier. Since the weight bonus is additive and cannot cause resolver errors, it can safely apply at every tier. Co-authored-by: Claude <noreply@anthropic.com>" * Fix preferred version bonus lost when eq class representative is higher version When build_eq_classes1! merges versions with identical compatibility into equivalence classes, it previously always chose the highest version as the representative. If the preferred (already-loaded) version was not the highest, it would be collapsed away and the PREFERRED_VERSION_WEIGHT_BONUS could never be applied, causing the resolver to pick the newer version instead. Fix by detecting when a preferred version falls inside an equivalence class and promoting it to be the representative of that class. Co-authored-by: Claude <claude@anthropic.com> * Refactor: scope preferred-loaded variables inside if target == :deps * Default prefer_loaded_versions to REPL mode only Pkg.add (functional API) now defaults to prefer_loaded_versions=false for reproducibility, while pkg> add (REPL mode) defaults to true so interactive use stays loading-consistent. Co-authored-by: Claude <noreply@anthropic.com> * Mention pkg> up in prefer_loaded_versions docs Co-authored-by: Claude <noreply@anthropic.com> * Code review fixes for prefer_loaded_versions - Fix Pkg.add docstring example to demonstrate opting in (=true) rather than the now-default-in-functional-mode =false. - Flip Operations.add internal default to false to match the "programmatic call = pure" stance; API.add always passes the kwarg. - Add a REPL-mode test using IN_REPL_MODE scoped value to lock in that the REPL default is on without an explicit kwarg. Co-authored-by: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Claude <noreply@anthropic.com>
…4682) * Add precompile statements for `Val{PkgArtifacts}` artifact dispatch. Avoids load-time codegen in JLL packages using `using Pkg.Artifacts`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * precompile: resolve stdlib `Artifacts` via `parentmodule` and guard internals `PkgArtifacts.Artifacts._artifact_str` resolved to `PkgArtifacts._artifact_str` (since `const Artifacts = PkgArtifacts` shadows the stdlib name and `Pkg` then re-aliases the same way), which is undefined. Use `parentmodule` on an imported stdlib function to reach the real `Artifacts` module, and gate each precompile on `isdefined` so it stays robust if the internals change in future Julia versions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pins the default GITHUB_TOKEN to contents: read on workflows that don't call a GitHub API beyond the initial checkout. Other workflows that need write scopes are left implicit for a maintainer to declare. Motivation: CVE-2025-30066 (March 2025 tj-actions/changed-files compromise) exfiltrated GITHUB_TOKEN from workflow logs. Per-workflow caps bound runtime authority irrespective of repo or org default, give drift protection, and are credited per-file by the OpenSSF Scorecard Token-Permissions check. YAML validated locally with yaml.safe_load. Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )