May 2021 Monthly Update
ruby together news
In May, Ruby Together was supported by 39 different companies, and 5 companies joined as new members. On top of those companies, 5 new developers signed up as members. In total, we were supported by 114 developer members. Thanks to all of our members for making everything that we do possible. <3
rubygems & bundler news
This month in RubyGems, we released new versions for Bundler
2.2.19 and RubyGems
3.2.19 and focused on shipping a definitive fix for the dependency confusion issues that have been affecting Bundler for years. We finally managed to provide a fix (#4609) with
In addition to that, RubyGems saw several bug fixes and updates this month, some of which include the following:
- fixed a resolution issue where gems were being unintentionally removed from the lockfile - #4580.
- shipped a fix in RubyGems to improve the reproducibility of building packages - #4610.
- shipped other minor improvements, and some internal changes to our development environment like moving away from
minitestin favor of
In May, Rubygems gained 132 new commits, contributed by 10 authors. There were 2419 additions and 2118 deletions across 228 files.
In May, RubyGems.org saw several bug fixes and updates, some of which include the following:
- investigated and fixed cache poisoning by using
x-forwarded-schemeheader. The issue was reported on HackerOne.
- set form-action and frame-ancestor CSP policy to mitigate bypass of X-Frame-Options using a proxy - #2718.
- researched verified publisher implementation for package manager - #2698.
- added copy link to recovery code page and disabled continue link - #2717.
- tested upgrade of Elasticsearch 7 on staging environment and estimated downtime requirements.
For this month, Rubygems.org gained 23 new commits, contributed by 3 authors. There were 155 additions and 100 deletions across 11 files.
As always, we continue to fix bugs, review and merge PR’s and reply to support tickets.
ruby toolbox news
As mentioned in the last update I’ve been working on bringing gem dependencies to the Ruby Toolbox project pages, and I’m happy to say that via this pull request they have now been launched. You can find them on each project page, for example take a look at the http gem over here.
A specialty of this feature is that right next to the dependency you can also find the corresponding project health indicators so if you’re looking at a library you can also see an indication of the status of it’s dependencies as well.
Now that this is out of the door, in June I want to spend a bit of time on maintenance of the data syncing mechanisms as they haven’t received much attention apart from being built at some point and are causing some noise for example when API rate limits are hit.
Stay safe and healthy and until next time!
budget & expenses
In May, we saw $8,649.97 in total income, and spent a total of $10,003.58.
- Stripe Payment Processing Fees $318.69
- Employee Related $609.34
- General & Administrative $189.84
- IT & Software $1,210.71
- 51.2 Hours of development work at $150/hr $7,675
Until next time,
Irene, André and the Ruby Together team
June 18, 2021