RubyGems Navigation menu

Blog

Back to blog posts

March 2024 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in March.

RubyGems News

This month, RubyGems released RubyGems 3.5.7 and Bundler 2.5.7. These updates introduce a range of enhancements and bug fixes, all aimed at enhancing the developer experience. They include: the introduction of an attribute in Gem::SafeYAML.safe_load to control whether YAML aliases is enabled, a warning mechanism for when the required_ruby_version specification attribute is empty, and the removal of unnecessary configurations in the RuboCop setup generated by bundle gem.

Some other important accomplishments from the team this month include:

Making gem install respect the umask of the target system:

  • The goal of this change is to address the issue where RubyGems may install files with permissions that are broader than desired, giving write permissions to users other than the current user. This issue arises when the original packaging of files includes these broad permissions, likely due to an unsafe umask set by the gem’s author.
  • The solution implemented by @deivid-rodriguez was to adopt a more straightforward approach than the previous attempt (which was reverted due to test failures in ruby core) by applying the target system’s umask to regular files (excluding directories) before setting their permissions.

Fixed Bundler’s application cache misuse:

  • This update resolves an issue in how Bundler was using its cache, leading to odd behavior. Users were seeing unusual updates, like Bundler claiming it was updating to versions that didn’t actually exist (for example, “Updating to 3.0.9”).
  • The problem was rooted in how Bundler managed cached gems. These gems were mistakenly being considered in situations they shouldn’t have been, which caused not only strange messages but also errors in the lockfile, such as gems appearing under incorrect sources.
  • The solution implemented ensures that cached gems are kept separate from those available online, preventing the confusion that was causing these issues. This approach helps maintain clarity and accuracy in Bundler’s operations.

In March, RubyGems gained 67 new commits contributed by 13 authors. There were 934 additions and 194 deletions across 92 files.

RubyGems.org News

March’s updates to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform.

The following are highlights of what the team worked on this month:

Major PostgreSQL zero downtime upgrade:

  • This significant update was carried out to ensure that application dependencies remain up-to-date. Notably, this is the second upgrade effort, moving from PostgreSQL version 12 to 13, following the original upgrade to version 12 in response to the end of life (EOL) for PostgreSQL 11 on Amazon RDS.
  • The upgrade process utilized pgbouncer and a manually managed blue/green environment to achieve zero downtime. For detailed scripts and an explanation of the procedure, visit the project’s GitHub page.
  • A detailed blog post with additional details will be released soon.

In March, RubyGems.org gained 69 new commits contributed by 12 authors. There were 466 additions and 1,263 deletions across 75 files.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org:


Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.

Gift Egwuenu