November 2020 Monthly Update

Hello! Welcome to the monthly update. During November, our work was supported by Zendesk, Stitch Fix, DigitalOcean, and many others.

ruby together news

In November, Ruby Together was supported by 41 different companies, including Ruby member Zendesk and Sapphire member Stripe. 1 company joined as a new member.

On top of those companies, Dan Milne signed up as a new developer member. In total, we were supported by 102 developer members. Thanks to all of our members for making everything that we do possible. <3

rubygems & bundler news

In November, we worked on the Bundler Version Locking RFC that allows a user to specify a required Bundler version in the Gemfile/gemspec with a working proof of concept. We also made improvements to platform support by enabling the specific_platform functionality by default, and decided to delay the change to resolve all Gemfile platforms automatically.

In addition to that, we made the following improvements and fixes:

• fixed a missing require issue. #4036
• fixed a couple of minor “Windows paths” issues. #4038, #4039
• fixed gem specification --platform. #4043
• added an --all-platforms flag that optionally allows generating Windows binstubs from non-Windows platforms. #3886
• merged a PR to fix a bundle remove bug where it was removing comments. #4045
• merged a PR to support the new signin endpoints. #3840
• merged a PR to improve the -C flag to gem build. #3983
• added a fix to slightly improve some “gem not found” error messages. #4019
• fixed an intermittent spec failure. #4060
• fixed an issue with changelog generation. #4059
• fixed an issue with nested bundler invocations. #4063
• fixed a discrepancy between executing with or without bundle exec. #4063
• added more descriptive errors about default network errors. #4061
• fixed a CI issue that appeared under Windows. #4068
• merged a tweak to the bundle gem default skeleton. #4066
• extended gem DSL with a force_ruby_platform option. #4049

In November, RubyGems & Bundler gained 58 new commits, contributed by 10 authors. There were 816 additions and 426 deletions across 79 files.

rubygems.org news

This month, we coordinated with Fastly support to enable Globalsign certs and AAAA records in our TLS config. We updated RubyGems CLI gem signin according to changes requested in a review and also made the following fixes and improvements:

• added a new way to match RubyGems versions using the build-arg in docker image. #2548
• fixed failing tests in shoulda-matchers update and reported an issue of invalid objects should belong_to tests on shoulda-matchers repo. #1375
• investigated DelegationError for ownership records with nil user_id.
• updated our DMARC policy to ensure that spoofed emails with rubygems.org in sender get marked as spam.
• worked on a PR to resolve a HackerOne report, disallowing duplicate canonical version numbers. #2559
• read the privacy policies of other package manager websites and researched the requirements for CCPA and GDPR.
• added Pagerduty integration for Cloudwatch ALB alerts.

As always, we continue to fix bugs, review and merge PR’s and reply to support tickets.

In November, RubyGems.org gained 23 new commits, contributed by 3 authors. There were 89 additions and 15 deletions across 12 files.

budget & expenses

In November, we saw $7,839.53 in total income, and spent a total of $12,992.05.

• Stripe Payment Processing Fees $274.76
• Employee Related $500.60
• General & Administrative $115.43
• IT & Software $737.26
• Professional Fees $2,388.00
• 59.8 Hours of development work at $8,975.00

Until next time,
Irene, André and the Ruby Together team

December 17, 2020