Skip to content

[pull] main from Homebrew:main#1238

Merged
pull[bot] merged 14 commits into
gittools-bot:mainfrom
Homebrew:main
Jun 25, 2026
Merged

[pull] main from Homebrew:main#1238
pull[bot] merged 14 commits into
gittools-bot:mainfrom
Homebrew:main

Conversation

@pull

@pull pull Bot commented Jun 25, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

liby and others added 14 commits June 25, 2026 03:47
`brew bundle` keyed trust.json entries by a tap's mutable local name,
while `brew trust` keys a custom-remote tap by its remote reference, so
the two could write duplicate or mismatched entries for the same item.

Route bundle's `trusted:` items through `Homebrew::Trust.target`, the
canonicalizer `brew trust` already uses, passing the Brewfile-declared
`clone_target` so a not-yet-cloned tap resolves to the same key as the
installed one. Add a `remote:` override to `Tap#reference` for that
not-yet-cloned case, mirroring `Tap#matches_reference?`.
I noticed that autobump workflow failed to autobump synced
`loki`/`logcli` because the resulting PR message body exceeds 2^16 bytes
(https://github.com/Homebrew/homebrew-core/actions/runs/28116918257/job/83258667631#step:6:17552)
Turns out `bump-formula-pr` repeats the same release notes for synced
formulae. Let's make sure we don't repeat the same release notes twice
(maybe it makes sense to limit one release notes per PR but I guess
there are might be synced formulae which have different source URLs)

Signed-off-by: botantony <antonsm21@gmail.com>
Simple check that warns if new formula has the same stable URL as
already existing package. This should prevent PRs like
Homebrew/homebrew-core#289451 in the future

Signed-off-by: botantony <antonsm21@gmail.com>
Signed-off-by: Patrick Linnane <patrick@linnane.io>
Signed-off-by: Patrick Linnane <patrick@linnane.io>
Signed-off-by: Patrick Linnane <patrick@linnane.io>
…pass

Fix HOMEBREW_FORBID_PACKAGES_FROM_PATHS bypasses
formula_auditor: audit new formulae for duplicates
bump-formula-pr: do not repeat release notes multiple times
Redact GitHub token in bump dry-run output
Reject inline cask definitions passed to the MCP server
Key Brewfile trust entries by custom tap remotes
- Avoid dispatching `fetch` through `CoreCaskTap`.
- The inherited method is private on core tap singletons.
- Keep `brew update` working when caskroom redirects to Homebrew.
- Isolate the redirect regression with `:trust_store`.
@pull pull Bot locked and limited conversation to collaborators Jun 25, 2026
@pull pull Bot added the ⤵️ pull label Jun 25, 2026
@pull pull Bot merged commit b6075b3 into gittools-bot:main Jun 25, 2026
8 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants