Hello! Welcome to the April newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.
In March, Ruby Central's open-source work was supported by Ruby Shield sponsor Shopify, AWS, the German Sovereign Tech Fund (STF), and Ruby Central memberships from 29 other companies, including Partner-level member Contributed Systems, the company behind Mike Perham’s Sidekiq. In total, we were supported by 173 members. Thanks to all of our members for making everything that we do possible. <3
Ruby Central News
New Jobs Added to Ruby Central Job Board
- Revela recently posted a few new opportunities! Check it out here.
Keep up with Ruby Central’s AWS Software Engineer in Residence
- Samuel Giddins, RubyGems.org lead Security Engineer and our Software Engineer in Residence, has been sharing the highs, lows, and progress updates of his security work on his blog. Last month his development work focused on continuing implementation of the pure-Ruby Sigstore verification library and fixing performance issues on RubyGems.org by identifying and resolving several N+1 query problems. You can learn more and follow along here. Thank you to AWS for supporting this work!
We’re revamping our Ruby Central Membership Program!
- If you’re reading this in your email inbox, you should have already received this news. If not, check out this announcement to learn about all of the exciting new ways we’ll be engaging with our members and how you can get involved!
Upcoming Conferences:
- Ruby Central
- RailsConf Detroit on May 7 - 9 is just over two weeks away!
- New talks and events have been added to the schedule (like lighting talks and the job fair 👀). Check them out here and then buy your tickets here. We hope you'll join us!
- Room reservation cut-off date EXTENDED: The LAST DAY to book a room in our RailsConf room block at Detroit Marriott at the Renaissance Center is now MONDAY, APRIL 22. This will save you some change: the average price online is $235 and our rate is $212. Reserve your room here.
- The RubyConf 2024 website is live! This year's RubyConf will be in Chicago on Nov 13-15th at the Hilton Downtown Chicago. If you're on our mailing list you'll be the first to know when tickets go on sale. If you're not yet, join the list here. In the meantime, you can reserve your room at our special conference rate now.
- RailsConf Detroit on May 7 - 9 is just over two weeks away!
- Community Conferences
- April is chock-full of Ruby conferences in Brazil, Australia, Australia again(!), Poland and Bulgaria. Visit their event websites to find out more.
- RubyKaigi 2024 is happening on May 15th and our very own Security Engineer in Residence Samuel Giddins will be speaking! 👏👏
- Also coming up in May: Helvetic Ruby (May 17), Blue Ridge Ruby (May 30-31), Ruby for Good (May 30 - June 2), and RubyDay (May 31).
- Updated information is always available at rubyconferences.org, which includes a super-handy iCal feed.
Get Involved:
- If you'd like to get involved and help make our community and events even better, we'd love to have you join us! Check out our volunteer page, and/or feel free to shoot an email to our executive director, Adarsh, to find the best way to get plugged in.
- Want to promote your company at RailsConf or RubyConf in 2024? Secure your sponsorship now to reach all our attendees, showcase your thought leadership, and cultivate invaluable industry relationships by emailing our wonderful sponsorships manager, Tom.
- Remember, you can receive exclusive benefits like conference discounts and more by signing up for a Ruby Central membership. Check to see if your employer matches donations to Ruby Central, Inc. through Benevity and double your support!
RubyGems News
This month, RubyGems released RubyGems 3.5.7 and Bundler 2.5.7. These updates introduce a range of enhancements and bug fixes, all aimed at enhancing the developer experience. They include: the introduction of an attribute in Gem::SafeYAML.safe_load
to control whether YAML aliases is enabled, a warning mechanism for when the required_ruby_version
specification attribute is empty, and the removal of unnecessary configurations in the RuboCop setup generated by bundle gem
.
Some other important accomplishments from the team this month include:
Making gem install respect the umask of the target system:
- The goal of this change is to address the issue where RubyGems may install files with permissions that are broader than desired, giving write permissions to users other than the current user. This issue arises when the original packaging of files includes these broad permissions, likely due to an unsafe umask set by the gem's author.
- The solution implemented by @deivid-rodriguez was to adopt a more straightforward approach than the previous attempt (which was reverted due to test failures in
ruby core
) by applying the target system’s umask to regular files (excluding directories) before setting their permissions.
Fixed Bundler’s application cache misuse:
- This update resolves an issue in how Bundler was using its cache, leading to odd behavior. Users were seeing unusual updates, like Bundler claiming it was updating to versions that didn’t actually exist (for example, "Updating to 3.0.9").
- The problem was rooted in how Bundler managed cached gems. These gems were mistakenly being considered in situations they shouldn’t have been, which caused not only strange messages but also errors in the lockfile, such as gems appearing under incorrect sources.
- The solution implemented ensures that cached gems are kept separate from those available online, preventing the confusion that was causing these issues. This approach helps maintain clarity and accuracy in Bundler’s operations.
In March, RubyGems gained 67 new commits contributed by 13 authors. There were 934 additions and 194 deletions across 92 files.
RubyGems.org News
March's updates to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform.
The following are highlights of what the team worked on this month:
Major PostgreSQL zero downtime upgrade:
- This significant update was carried out to ensure that application dependencies remain up-to-date. Notably, this is the second upgrade effort, moving from PostgreSQL version 12 to 13, following the original upgrade to version 12 in response to the end of life (EOL) for PostgreSQL 11 on Amazon RDS.
- The upgrade process utilized
pgbouncer
and a manually managed blue/green environment to achieve zero downtime. For detailed scripts and an explanation of the procedure, visit the project’s GitHub page. - A detailed blog post with additional details will be released soon on the rubygems.org blog.
In March, RubyGems.org gained 69 new commits contributed by 12 authors. There were 466 additions and 1,263 deletions across 75 files.
Total spent
In March we spent $90,187.39 on development work.
Thank you
Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.
Contributors to RubyGems:
- @nobu Nobuyoshi Nakada
- @martinemde Martin Emde
- @deivid-rodriguez David Rodríguez
- @kateinoigakukun Yuta Saito
- @hsbt Hiroshi Shibata
- @simi Josef Šimánek
- @cuishuang Cui Fliter
- @jez Jake Zimmerman
- @duckinator Ellen Marie Dash
- @agrobbin Alex Robbin
- @ccutrer Cody Cutrer
- @JaneScarlet Amanda JC
Contributors to RubyGems.org:
- @segiddins Samuel Giddins
- @jgarber623 Jason Garber
- @hsbt Hiroshi Shibata
- @simi Josef Šimánek
- @martinemde Martin Emde
- @deivid-rodriguez David Rodríguez
- @indirect André Arko
- @spk Laurent Arnoud
- @bradly Bradly Feeley
- @joeldrapper Joel Drapper
- @ytjmt Yuki Tsujimoto