February 2023 Monthly Update

Hello! Welcome to the monthly update. During February, our work was supported by Shopify, Zendesk and many others.

Ruby Central News

In February, Ruby Central's open source work was supported by 35 different companies, including Ruby member Zendesk and Ruby Shield sponsor Shopify.

In total, we were supported by 124 developer members. Thanks to all of our members for making everything that we do possible. <3

RubyGems News

This month in RubyGems, we released RubyGems 3.4.7 and Bundler 2.4.7.

The following improvements and fixes are included in these releases (see the changelog for more information):

• added a --gemfile flag to the bundle init command to configure the gemfile name to be able to generate a custom name - #6046.
• added a warning on self-referencing gemspec dependencies - #6335.
• fixed inconsistent behavior of zero-byte files in one of the archives - #6329.
• restored older (better) version of error message when locked ref does not exist, to improve clarity - #6356.
• fixed gem crashing when installing from a corrupted lockfile - #6355.
• fixed crash in PubGrub involving empty ranges - #6365.

Other improvements we worked on this month that weren't included in the February release are:

• adding an experimental feature for the gem exec command to run executables from gems that may or may not be installed - #6309.
• implementing safe load for all marshaled data - #6384.
• making the gemspec file generated by bundle gem properly exclude itself from packaged gem - #6339.
• preserving bundler-setup-relative paths if the :path option is set to relative in standalone setup - #6327.

In February, RubyGems gained 108 new commits, contributed by 16 authors. There were 1,744 additions and 217 deletions across 100 files.

RubyGems.org News

This month, we made significant progress on the backend admin dashboard. We implemented robust auditing of all changes and added support for resetting users' MFA, blocking a user, and deleting webhooks.

We announced the deprecation of the dependency API, and we plan to implement brownouts and remove the endpoint entirely. We also migrated all RDS instances to be managed by Terraform and tested the migration of managed node groups on the rubygems.org EKS cluster.

In addition to these updates, RubyGems.org saw several bug fixes and updates, some of which include:

• the addition of telemetry to capture MFA login durations - #3376.
• the integration of DataDog for application performance monitoring - #3461.
• the set up of GitHub OAuth to protect the new /admin namespace - #3388.
• an updated Rails test job name for stability across version updates - #3420.
• fixed test avo warnings (via removal of redundant rake tasks loading) - #3422.
• an added avo MFA reset admin action & view of audit entries - #3426.
• a fixed ERD CI (via an updated erd.dot) - #3490.
• an updated Terraform package: 0.13.7 -> 1.3.9.
• updated Terraform providers packages: AWS 2.51 -> 4.54, external 1.2 -> 2.2, Kubernetes 1.8 -> 2.18,template 2.1 -> 2.3.

In February, RubyGems.org gained 209 new commits, contributed by 17 authors. There were 7,602 additions and 1,071 deletions across 273 files.

Ruby Ecosystem News

Here we outline additional exciting updates made to other projects in the Ruby Ecosystem.

New: Ruby SSL Check

• we updated ruby-ssl-check to print a warning if you're using an unmaintained version of Ruby - #14.

As always, we continue to fix bugs, review and merge PRs and reply to support tickets.

Total Spent

In February we completed 978 hours of development work @$150/hour, and spent $146,653.05.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

• @simi Josef Šimánek
• @martinemde Martin Emde
• @hsbt Hiroshi SHIBATA
• @deivid-rodriguez David Rodríguez
• @nobu Nobuyoshi Nakada
• @amatsuda Akira Matsuda
• @sambostock Sam Bostock
• @composerinteralia Daniel Colson
• @koic Koichi ITO
• @jhawthorn John Hawthorn
• @gustavothecoder Gustavo Ribeiro
• @mercedesb Mercedes
• @segiddins Samuel Giddins
• @indirect André Arko
• @luke-gru Luke Gruber
• @duckinator Ellen Marie Dash

Contributors to RubyGems.org:

• @simi Josef Šimánek
• @jenshenny Jenny Shen
• @bettymakes Betty Li
• @ericherscovich Eric Herscovich
• @arunagw Arun Agrawal
• @sambostock Sam Bostock
• @segiddins Samuel Giddins
• @hsbt Hiroshi SHIBATA
• @indirect André Arko
• @jchestershopify Jacques Chester
• @martinemde Martin Emde
• @javier-menendez Javier Menéndez Rizo

March 20, 2023