September 2021 Monthly Update

Hello! Welcome to the monthly update. During September, our work was supported by Zendesk, Stitch Fix, DigitalOcean, and many others.

ruby together news

In September, Ruby Together was supported by 36 different companies, including Ruby member Zendesk. This month, 3 companies joined as new members.

On top of those companies, 3 new developers signed up as members, including Marco Roth, Kim Laplume, and Max Woolf. In total, we were supported by 110 developer members. Thanks to all of our members for making everything that we do possible. <3

rubygems & bundler news

This month in RubyGems, we saw some updates and fixes on the RubyGems and Bundler projects. Some of those changes include the following:

• released a new version for RubyGems 3.2.27, which included:
• fixing an issue when installing some gems from GitHub private gem servers
• setting some unredacted credentials in verbose mode
• improving loading the library by using require_relative for internal requires.
• released version 3.2.28 for RubyGems, which included:
• fixing a regression introduced by the redaction fix in 3.2.27, which adds support for the MINGW-UCRT platform
• making sure not to load the URI gem unnecessarily
• relaxing gem spec validations to allow descriptions that include the “TODO” string.
• made progress on a gem rebuild command that will allow exactly reproducing existing package builds (still unreleased).
• released Bundler version 2.2.27, which fixed a couple of bundle check regressions, as well as issues with plugins and syntax errors on the generated Github Actions configuration in new gems. It also optimizes some requires and adds support for redacting credentials using the x-oauth-basic form.
• released Bundler version 2.2.28, which made sure bundle remove automatically regenerates the lock file — deprecating the --install flag — and also updates the gemspec generated on new gems to use example.com as the sample gem server (instead of the potentially malicious mygemserver.com).
• made progress on the Bundler version locking RFC implementation (still to be released).

In September, Rubygems gained 36 new commits, contributed by 10 authors. There were 154 additions and 21 deletions across 24 files.

rubygems.org news

In September, RubyGems.org saw several bug fixes and updates, some of which include the following:

• investigated increased traffic and deployed a fix for tarpitting abusive clients.
• updated Capybara, faraday_middleware-aws-sigv4, and aws-sdk dependencies in preparation for the Ruby 3 update.
• fixed versions and v1/deps fastly cache not being purged on gem push - #2793.
• updated the ownerships call PR to fix styling and add authorization - #2748.
• thanks to @matiaskorhonen, we are now storing the certificate chain used to sign the published versions - #2444.

This month, Rubygems.org gained 75  new commits, contributed by 7 authors. There were 579 additions and 112 deletions across 53 files.

ruby toolbox news

Hey everyone,

I hope this update finds you well! In September I added the ability to browse a project’s reverse dependencies - the list of gems that declare that project as a dependency - based on the RubyGems dependency data that I added to the Ruby Toolbox earlier this year.

Taking a look into which other open source projects are using a library can be a helpful indicator when choosing a gem, so I hope you will find this new addition useful!

In October I’d like to tackle a few topics I have had on my unwritten roadmap for quite some time but haven’t gotten around to so far: I’d like to gather and display lines of code statistics for all gems to give an indication of size and complexity: I’d also like to integrate with the Ruby Advisory DB data to display security warnings for libraries on the site.

Until next time!

Best, Chris

budget & expenses

In September, we saw $10,100.67 in total income, and spent a total of $27,101.07.

• Stripe Payment Processing Fees $308.27
• Employee Related $578.40
• General & Administrative 218.92
• IT & Software $795.88
• 168 Hours of development work at $150/hr $25,199.60

Until next time,
Irene, André, and the Ruby Together team

October 18, 2021