Hello, and welcome to the July newsletter. Read on for announcements about our Open Source Program and a report of the OSS work we’ve done over the past month!

As mentioned in our previous newsletters, we will now be sending out separate updates for the Open Source Program and general Ruby Central organization and community news.

You can expect our general Ruby Central newsletter (the Ruby Central README) in your inbox later this month.

Open Source Program Announcements

Ruby Central at Open Source Summit North America

At Open Source Summit North America, our lead security engineer, Samuel Giddins, continued discussions on supply chain security and creating a binary transparency scheme that will work across packaging repositories.

Binary transparency

This included developing a more comprehensive threat model that BT is meant to address, in addition to sketching out a deployment plan that will involve the different package registries witnessing each others BT logs.

Sigstore Ruby

Samuel also led a discussion at the Sigstore meetup at Open Source Summit around helping Sigstore client maintainers keep clients up-to-date. The conclusion was that Sigstore Ruby needs another maintainer, and the group will work to identify a good candidate to assist with maintenance and development.

RubyGems.org Policy Launch

The new policies went live on June 30th after some final discussions with legal counsel, and integrating critical last-minute community feedback we received, including an important clarification around restricting the deletion policy in the case of actively used gems.

RubyGems engineer Colby Swandale sent out the policy announcement email to all ~230,000 rubygems.org users, a first for the application. (We do not maintain any 3rd party email list, so we had to plan, schedule and send each email through rubygems.org job queues).

We have several follow-up actions for this:

  • We’ve published a blog post on RubyGems.org announcing the official rollout of the policies.
  • We have a backlog of policy-related customer support tickets to address.
  • The team will refine the specific policies around ownership transfer, absent accounts, and gem lifecycle (deprecation, yanking, deletion).

RubyGems News

In June, we introduced a new Bundler 4 mode for early feedback and continued work on the upcoming Bundler 2.7.0 and RubyGems 3.7.0 releases. These changes reflect our ongoing focus on flexibility, modernization, and improving developer workflows.

Bundler 4 mode is now available

  • We’ve launched a user-facing simulation mode that lets you preview Bundler 4 behavior before its final release. This feature allows developers to test upcoming breaking changes, provide feedback, and participate in shaping the final version. You can now opt in by configuring:
bundle config simulate_version 4
  • Initially, we tried overriding the Bundler::VERSION constant, but this proved unreliable due to side effects like misrepresenting versions in lockfiles. After significant refactoring across specs and core logic, we isolated version-specific behaviors into the Bundler::FeatureFlag class.
  • The result is a cleaner and more robust approach where Bundler behaves as if it's version 4, without changing the actual version.
  • Why Bundler 4 and not 3? We’re matching version numbers between Bundler and RubyGems to simplify releases and reduce confusion.

Upcoming Bundler 2.7.0 and RubyGems 3.7.0 releases:

  • This year we’re committed to releasing major versions of Bundler and RubyGems, and this is special. The last major Bundler release was 2.0.0 in 2019, but that version only dropped support for old versions of Ruby and delayed all breaking changes to a future major release. So effectively, the last “real” major Bundler release was 1.0.0 back in 2010! For RubyGems, the last major release was 3.0.0 in 2018.
  • To make transitioning easier and get more community consensus with breaking changes, we will be releasing mid-year minor releases—including an easy way to try future Bundler 4 (see update above).

Gems with prebuilt binaries

  • We finished refactoring Gem::Platform matching logic from Bundler into RubyGems. This work will enable sharing code for platform matching between Bundler & RubyGems in preparation for wheel support hitting both projects simultaneously.
  • We have already used this refactor to improve platform selection in the RubyGems CLI, picking the best platform gem that matches the running platform.
  • Our lead security engineer Samuel Giddins spent the majority of the month prototyping ways to encode the new platform information for wheels into existing platform strings in a backwards compatible way.
  • As a part of this prototyping work, Samuel researched the translation of Python’s platform tags into the Ruby ecosystem. He found that RubyGems, unlike CPython, won’t need a separate ABI tag (the binary level contract between compiled code) from the Ruby tag, since Ruby implementations tend not to have stable ABIs.
  • Expect a PR demonstrating wheels to hit in the coming month.

RubyGems.org News

This month, RubyGems.org continued to scale and improve its services with the support of our infrastructure sponsors: AWS, Fastly, and Datadog.

June 2025 was another high-traffic month on RubyGems.org, serving over 4.08 billion gem downloads, a slight increase over May’s 4.06 billion. We served 221 million downloads on our busiest day this month.

Ruby usage stats

  • Ruby 3.4 adoption continues to climb steadily. In June, it accounted for 10.93% of all gem downloads — up from 9.3% in May — showing strong momentum just six months after release.
  • Ruby 3.2 still leads with 33.84%, meanwhile, Ruby 3.1, which reached EOL in March, dropped further to 10.15%.
  • Would you like to get more insight into RubyGems.org stats? Feel free to explore RubyGems.org ClickHouse public dataset.

The following are highlights of what the team worked on this month:

PostgreSQL 14 upgrade

  • We have started updating RubyGems.org PostgreSQL, and are currently testing it in a staging environment. PostgreSQL is the main source of truth for RubyGems.org and the currently in use PostgreSQL 13 is slowly reaching EOL. We aim to upgrade to PostgreSQL 17 by the end of the summer.
  • We will be using the approach explained in pg major update, which has been successfully used in previous upgrades, to achieve zero-downtime. A separate blog post with more details on the process is forthcoming.

RubyGems Ecosystem News

This is where we highlight exciting updates made to Ruby infrastructure projects that support our RubyGems work.

Experimental namespacing progress:

  • A lot of activity continues around the experimental Namespace feature (see May 2025 newsletter) as numerous bugs and refinements are being addressed. Quality-of-life improvements are also starting to land, like Namespace#eval, which simplifies testing and experimentation inside a given namespace.

Array#join (Enumerable#join_map)proposal:

  • There’s growing momentum behind making joining transformed collections, a common Ruby pattern, more ergonomic. A new proposal for Array#join with a block and the related Enumerable#join_map aim to make expressions like: users.map(&:name).join(", ") more elegant and expressive, by writing: users.join_map(", ", &:name).
  • If accepted, this could be a small but meaningful step making Ruby simpler and more readable. If this improvement matters to you, consider sharing your thoughts on the Ruby bug tracker for Array#join or Enumerable#join_map. Community feedback often helps shape which proposals move forward.

New gems spotlight

  • June brought a few interesting new gems into the ecosystem. AWS released a fresh batch of SDK components like aws-sdk-evs, aws-sdk-mpa, and aws-sdk-aiops, which topped the download charts for new gems.
  • Alongside those, two standout gems deserve a mention:
    • hati-command (release announcement) – a small gem to help structure service objects around a clear success/failure contract, encouraging clean, expressive business logic.
    • llmed (by Jovany Leandro G.C)– a no-code-friendly gem that lets you build LLM-powered applications with just Markdown blocks. AI tooling is gaining traction in the Ruby world, and llmed is an exciting example of what’s possible.
  • We encourage you to check them out and maybe even build something fun and share it with the community.

Thank you

A huge thank you to all the contributors to RubyGems and RubyGems.org this month! We deeply appreciate your support and dedication.

Contributors to RubyGems:

Contributors to RubyGems.org:

If we missed you, please let us know so we can include you in our shout out!