11 May 2021
April 2021 RubyGems Updates
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in April.
This month in RubyGems, we released new versions for RubyGems v3.2.16, v3.2.17 and corresponding versions for Bundler (v2.2.16 and v2.2.17).
As part of those releases, we made the following improvements and fixes:
- fixed an issue affecting custom
sidekiq-progem servers, which was preventing users from upgrading their sidekiq-pro version - #4563.
- made Bundler more secure by preventing any credentials from being logged to the screen, thus potentially preventing users from unintentionally leaking them when pasting them to a Github issue or similar situations - #4564, #4566.
- fixed a few resolution and materialization issues in Bundler - #4556, #4562, and also improved RubyGems handling of repositories including symlinks - #2836.
In April, Rubygems gained 101 new commits, contributed by 15 authors. There were 1,591 additions and 391 deletions across 134 files.
In April, RubyGems.org saw several bug fixes and updates, some of which include the following:
- enabled support of non-SNI traffic on rubygems.org by migration of fastly endpoints to a dedicated IP - #4228.
- enabled auth. requirement for URL purge requests to Fastly.
- fixed failing background jobs for sending the email confirmation - #2694, #2695.
- added validation for
unconfirmed_emailregex - #2694.
- reduced abusers rate limit to 30 rps - #2703.
- enabled Multi-Factor Authentication (MFA) instruction only if
current_userhas MFA disabled - #2705.
- thanks to @arthurnn and @greysteil, we now support automatic revocation of API keys committed to GitHub repositories - #2687. Note that this is only supported for new API key format. Please check our guide for migration from legacy API key.
For this month, RubyGems.org gained 45 new commits, contributed by 9 authors. There were 424 additions and 52 deletions across 34 files.
Ruby Toolbox and API News
In April, we focused on maintenance work that involved fixing random failures in the Ruby Toolbox visual regression CI tests, dependency upgrades, fixes on a webhook reception, and renaming default git branches to main across all Ruby Toolbox repositories.
On Ruby API, we worked on importing the core Ruby type signatures using the
RBS gem where the current definitions are being maintained. Our aim is for the type signatures be parsed inside Ruby API so they can be presented to the user in an easy to understand and digestible fashion.
As always, we continue to fix bugs, review and merge PR’s and reply to support tickets.
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.