Hello! Welcome to the monthly update. During May, our work was supported by Zendesk, DigitalOcean, and many others.

ruby together news

In May, Ruby Together was supported by 39 different companies, and 5 companies joined as new members. On top of those companies, 5 new developers signed up as members. In total, we were supported by 114 developer members. Thanks to all of our members for making everything that we do possible. <3

rubygems & bundler news

This month in RubyGems, we released new versions for Bundler 2.2.18, 2.2.19 and RubyGems 3.2.18, 3.2.19 and focused on shipping a definitive fix for the dependency confusion issues that have been affecting Bundler for years. We finally managed to provide a fix (#4609) with bundler 2.2.18.

In addition to that, RubyGems saw several bug fixes and updates this month, some of which include the following:

  • fixed a resolution issue where gems were being unintentionally removed from the lockfile - #4580.
  • shipped a fix in RubyGems to improve the reproducibility of building packages - #4610.
  • shipped other minor improvements, and some internal changes to our development environment like moving away from minitest in favor of test-unit.

Checkout RubyGems and Bundler for the full changelog of the new versions shipped this month!

In May, Rubygems gained 132 new commits, contributed by 10 authors. There were 2419 additions and 2118 deletions across 228 files.

rubygems.org news

In May, RubyGems.org saw several bug fixes and updates, some of which include the following:

  • investigated and fixed cache poisoning by using x-forwarded-scheme header. The issue was reported on HackerOne.
  • set form-action and frame-ancestor CSP policy to mitigate bypass of X-Frame-Options using a proxy  - #2718.
  • researched verified publisher implementation for package manager - #2698.
  • added copy link to recovery code page and disabled continue link - #2717.
  • tested upgrade of Elasticsearch 7 on staging environment and estimated downtime requirements.

For this month, Rubygems.org gained 23 new commits, contributed by 3 authors. There were 155 additions and 100 deletions across 11 files.

As always, we continue to fix bugs, review and merge PR’s and reply to support tickets.

ruby toolbox news

Hey everyone!

As mentioned in the last update I’ve been working on bringing gem dependencies to the Ruby Toolbox project pages, and I’m happy to say that via this pull request they have now been launched. You can find them on each project page, for example take a look at the http gem over here.

A specialty of this feature is that right next to the dependency you can also find the corresponding project health indicators so if you’re looking at a library you can also see an indication of the status of it’s dependencies as well.

Now that this is out of the door, in June I want to spend a bit of time on maintenance of the data syncing mechanisms as they haven’t received much attention apart from being built at some point and are causing some noise for example when API rate limits are hit.

Stay safe and healthy and until next time!

Best, Chris

budget & expenses

In May, we saw $8,649.97 in total income, and spent a total of $10,003.58.

  • Stripe Payment Processing Fees $318.69
  • Employee Related $609.34
  • General & Administrative $189.84
  • IT & Software $1,210.71
  • 51.2 Hours of development work at $150/hr $7,675

Until next time,
Irene, André and the Ruby Together team