Hello! Welcome to the monthly update. During October, our work was supported by Zendesk, Bleacher Report, Stitch Fix, and many others.

ruby together news

In October, Ruby Together was supported by 43 different companies, including Ruby member Zendesk and Sapphire member Stripe. 5 companies joined as new members.

On top of those companies, 5 new developers signed up as members, including Aleksandar Krastev, Exequiel Rozas, and Joel Hawksley. In total, we were supported by 104 developer members. Thanks to all of our members for making everything that we do possible. <3

rubygems news

In October we released Bundler version 2.2.0.rc.2 and RubyGems version 3.2.0.rc.2.

In addition to shipping those releases, we also:

  • upgraded Bundler & RubyGems vendored Molinillo to 0.7.0 (it’s latest release). - #3402, #3388
  • fixed an issue with the specific_platform setting.
  • merged a PR that stops changing the CWD for building extensions, which should allow concurrent extension compilation without any contention. - #3498
  • worked on PRs to improve independence between test and lib code (simplifies and helps packagers), and added some changes to improve specs.
  • added improvements to require more default gems lazily.
  • fixed an issue with help commands when Bundler has been installed by ruby-core installer and man is not available. - #3997
  • wrapped up a PR to allow installing plugins from local paths. - #4020
  • fixed daily Bundler CI by marking the new pathname default gem as unsupported. - #4029
  • fixed a Kernel.warn stackoverflow. - #3987improved the deprecation path for gem query. - #4021
  • fixed issues with Bundler not loading RubyGems plugins in $LOAD_PATH locations, which was affecting some version managers. - #3534

As always, we continue responding to RubyGems & Bundler issues and PRs, doing issue triage on both old and new issues, and reducing the number of open tickets.

This month, RubyGems gained 143 new commits, contributed by 11 authors. There were 2,889 additions and 1,705 deletions across 889 files.

rubygems.org news

This month we implemented a bulk update to RubyGem downloads count to reduce the processing time for FastlyLogProcessor by about 20 seconds. We studied an old HackerOne Report and proposed a solution for it that will get implemented into RubyGems.org.

We also made the following changes and improvements:

  • imported Fastly rubygems.org production configuration to Terraform.
  • updated Fastly vcl to unset X-Forwarded-Host from requests to fix a HO report.
  • added regex whitelist for URL on honeycomb logs export to ensure we don’t inadvertently send any sensitive information.
  • fixed total count shown on search pagination. - #2526
  • rebased and updated a PR to separate the edit profile and account settings, making options like MFA registration easier to find. - #2537
  • updated staging.rubygems.org to support TLS 1.3 as recommended by the most recent TLS documentation of Fastly.
  • created a support ticket on Fastly to request a limit increase on TLS certificates and enable the limited offering of GlobalSign certificates.
  • updated DMARC record of rubygems.org to use Slack group and Postmarkapp.
  • replied to support tickets and google group threads.

Finally, we deployed an option to review changes thanks to @mensfeld; users can now compare differences between releases.

In total, Rubygems.org gained 46 new commits, contributed by 8 authors. There were 694 additions and 442 deletions across 63 files.

gemstash news

This month we made a couple of improvements to the Gemstash project documentation: we added documentation about Gemstash and documentation recommending Gemstash instead of gem server (due to the fact that we plan to deprecate gem server).

budget & expenses

In October, we saw $13,962.51 in total income, and spent a total of $11,479.85.

  • Stripe Payment Processing Fees $303.26
  • Employee Related $215.88
  • General & Administrative $286.18
  • IT & Software $776.29
  • Professional Fees $319.00
  • 65.9 Hours of development work at $9,882.50

Until next time,
Irene, André, and the Ruby Together team