Hello! Welcome to the April newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In March, Ruby Central's open-source work was supported by Ruby Shield sponsor Shopify, AWS, the German Sovereign Tech Fund (STF), and Ruby Central memberships from 29 other companies, including Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 173 members. Thanks to all of our members for making everything that we do possible. <3 

Ruby Central News

New Jobs Added to Ruby Central Job Board

  • Revela recently posted a few new opportunities! Check it out here.

Keep up with Ruby Central’s AWS Software Engineer in Residence

  • Samuel Giddins, RubyGems.org lead Security Engineer and our Software Engineer in Residence, has been sharing the highs, lows, and progress updates of his security work on his blog. Last month his development work focused on continuing implementation of the pure-Ruby Sigstore verification library and fixing performance issues on RubyGems.org by identifying and resolving several N+1 query problems. You can learn more and follow along here. Thank you to AWS for supporting this work!

We’re revamping our Ruby Central Membership Program!

  • If you’re reading this in your email inbox, you should have already received this news. If not, check out this announcement to learn about all of the exciting new ways we’ll be engaging with our members and how you can get involved! 

Upcoming Conferences:

Get Involved:

  • If you'd like to get involved and help make our community and events even better, we'd love to have you join us! Check out our volunteer page, and/or feel free to shoot an email to our executive director, Adarsh, to find the best way to get plugged in.
  • Want to promote your company at RailsConf or RubyConf in 2024? Secure your sponsorship now to reach all our attendees, showcase your thought leadership, and cultivate invaluable industry relationships by emailing our wonderful sponsorships manager, Tom.
  • Remember, you can receive exclusive benefits like conference discounts and more by signing up for a Ruby Central membership. Check to see if your employer matches donations to Ruby Central, Inc. through Benevity and double your support!

RubyGems News

This month, RubyGems released RubyGems 3.5.7 and Bundler 2.5.7. These updates introduce a range of enhancements and bug fixes, all aimed at enhancing the developer experience. They include: the introduction of an attribute in Gem::SafeYAML.safe_load to control whether YAML aliases is enabled, a warning mechanism for when the required_ruby_version specification attribute is empty, and the removal of unnecessary configurations in the RuboCop setup generated by bundle gem.

Some other important accomplishments from the team this month include:

Making gem install respect the umask of the target system:

  • The goal of this change is to address the issue where RubyGems may install files with permissions that are broader than desired, giving write permissions to users other than the current user. This issue arises when the original packaging of files includes these broad permissions, likely due to an unsafe umask set by the gem's author.
  • The solution implemented by @deivid-rodriguez was to adopt a more straightforward approach than the previous attempt (which was reverted due to test failures in ruby core) by applying the target system’s umask to regular files (excluding directories) before setting their permissions.

Fixed Bundler’s application cache misuse:

  • This update resolves an issue in how Bundler was using its cache, leading to odd behavior. Users were seeing unusual updates, like Bundler claiming it was updating to versions that didn’t actually exist (for example, "Updating to 3.0.9").
  • The problem was rooted in how Bundler managed cached gems. These gems were mistakenly being considered in situations they shouldn’t have been, which caused not only strange messages but also errors in the lockfile, such as gems appearing under incorrect sources.
  • The solution implemented ensures that cached gems are kept separate from those available online, preventing the confusion that was causing these issues. This approach helps maintain clarity and accuracy in Bundler’s operations.

In March, RubyGems gained 67 new commits contributed by 13 authors. There were 934 additions and 194 deletions across 92 files.

RubyGems.org News

March's updates to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform.

The following are highlights of what the team worked on this month:

Major PostgreSQL zero downtime upgrade:

  • This significant update was carried out to ensure that application dependencies remain up-to-date. Notably, this is the second upgrade effort, moving from PostgreSQL version 12 to 13, following the original upgrade to version 12 in response to the end of life (EOL) for PostgreSQL 11 on Amazon RDS.
  • The upgrade process utilized pgbouncer and a manually managed blue/green environment to achieve zero downtime. For detailed scripts and an explanation of the procedure, visit the project’s GitHub page.
  • A detailed blog post with additional details will be released soon on the rubygems.org blog.

In March, RubyGems.org gained 69 new commits contributed by 12 authors. There were 466 additions and 1,263 deletions across 75 files.

Total spent

In March we spent $90,187.39 on development work.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org: