10 Jun 2021
May 2021 RubyGems Updates
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in May.
This month in RubyGems, we released new versions for Bundler
2.2.19 and RubyGems
3.2.19 and focused on shipping a definitive fix for the dependency confusion issues that have been affecting Bundler for years. We finally managed to provide a fix (#4609) with
In addition to that, RubyGems saw several bug fixes and updates this month, some of which include the following:
- fixed a resolution issue where gems were being unintentionally removed from the lockfile - #4580.
- shipped a fix in RubyGems to improve the reproducibility of building packages - #4610.
- shipped other minor improvements, and some internal changes to our development environment like moving away from
minitestin favor of
In May, Rubygems gained 132 new commits, contributed by 10 authors. There were 2419 additions and 2118 deletions across 228 files.
In May, RubyGems.org saw several bug fixes and updates, some of which include the following:
- investigated and fixed cache poisoning by using
x-forwarded-schemeheader. The issue was reported on HackerOne.
- set form-action and frame-ancestor CSP policy to mitigate bypass of X-Frame-Options using a proxy - #2718.
- researched verified publisher implementation for package manager - #2698.
- added copy link to recovery code page and disabled continue link - #2717.
- tested upgrade of Elasticsearch 7 on staging environment and estimated downtime requirements.
For this month, Rubygems.org gained 23 new commits, contributed by 3 authors. There were 155 additions and 100 deletions across 11 files.
As always, we continue to fix bugs, review and merge PR’s and reply to support tickets.
Here we outline additional exciting updates made to other projects in the Ruby Ecosystem.
gem dependencies in the Ruby Toolbox Project Page. You can now explore the dependencies for each project on RubyGems.
A specialty of this feature is that right next to the dependency you can also find the corresponding project health indicators so if you’re looking at a library you can also see an indication of the status of it’s dependencies as well.
Read more about this on the upcoming monthly update. You can sign up to receive updates every month as soon as they are released!
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.