RubyGems Navigation menu

Blog

Back to blog posts

February 2023 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in February.

RubyGems News

This month in RubyGems, we released RubyGems 3.4.7 and Bundler 2.4.7.

The following improvements and fixes are included in these releases (see the changelog for more information):

  • added a --gemfile flag to the bundle init command to configure the gemfile name to be able to generate a custom name - #6046.
  • added a warning on self-referencing gemspec dependencies - #6335.
  • fixed inconsistent behavior of zero-byte files in one of the archives - #6329.
  • restored older (better) version of error message when locked ref does not exist, to improve clarity - #6356.
  • fixed gem crashing when installing from a corrupted lockfile - #6355.
  • fixed crash in PubGrub involving empty ranges - #6365.

Other improvements we worked on during this month that weren’t included in the February release are:

  • adding an experimental feature for the gem exec command to run executables from gems that may or may not be installed - #6309.
  • implementing safe load for all marshaled data - #6384.
  • making the gemspec file generated by bundle gem properly exclude itself from packaged gem - #6339.
  • preserving bundler-setup-relative paths if the :path option is set to relative in standalone setup - #6327.

In February, RubyGems gained 108 new commits, contributed by 16 authors. There were 1,744 additions and 217 deletions across 100 files.

RubyGems.org News

This month, we made significant progress on the backend admin dashboard. We implemented robust auditing of all changes and added support for resetting users’ MFA, blocking a user, and deleting webhooks.

admin dashboard

We announced the deprecation of the dependency API, and we plan to implement brownouts and remove the endpoint entirely. We also migrated all RDS instances to be managed by Terraform and tested the migration of managed node groups on the rubygems.org EKS cluster.

In addition to these updates, RubyGems.org saw several bug fixes and updates, some of which include:

  • the addition of telemetry to capture MFA login durations - #3376.
  • the integration of DataDog for application performance monitoring - #3461.
  • the set up of GitHub OAuth to protect the new /admin namespace - #3388.
  • an updated Rails test job name for stability across version updates - #3420.
  • fixed test avo warnings (via removal of redundant rake tasks loading) - #3422.
  • an added avo MFA reset admin action & view of audit entries - #3426.
  • a fixed ERD CI (via an updated erd.dot) - #3490.
  • an updated Terraform package: 0.13.7 -> 1.3.9.
  • updated Terraform providers packages: AWS 2.51 -> 4.54, external 1.2 -> 2.2, Kubernetes 1.8 -> 2.18,template 2.1 -> 2.3.

In February, RubyGems.org gained 209 new commits, contributed by 17 authors. There were 7,602 additions and 1,071 deletions across 273 files.

Ruby Ecosystem News

Here we outline additional exciting updates made to other projects in the Ruby Ecosystem.

New: Ruby SSL Check

  • we updated ruby-ssl-check to print a warning if you’re using an unmaintained version of Ruby - #14.

As always, we continue to fix bugs, review and merge PRs and reply to support tickets.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org:


Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.

Gift Egwuenu