Hello! Welcome to the monthly update. During September, Ruby Central's open source work was supported by 35 different companies, including Fastly, Ruby member Zendesk and Ruby Shield sponsor Shopify.

In total, we were supported by 182 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

RubyConf San Diego (Nov 13-15, 2023)

RubyConf is the annual fall conference for Ruby enthusiasts to gather and enjoy talks about new projects, meet other Ruby developers, and hear from the community's leading minds. Here are a few things you should know:

About the event

  • RubyConf 2023 tickets are on sale now!
  • We've got an entire DAY lined up for workshops, community driven projects, & collaboration with Ruby organizations and members! Choose the Community Day Pass on the registration page to attend just that day (or the 3-day pass which includes Community Day).
  • ICYMI our Head of Open Source, André Arko, was featured on the Friendly Show podcast last month!

Get involved

  • Want to share your brand at RubyConf 2023? Secure your sponsorship now to reach over 500 attendees, showcase your thought leadership, and cultivate invaluable industry relationships by our sponsorships manager, Tom.
  • Reminder: you can receive exclusive benefits like conference discounts and more by signing up for a Ruby Central membership.

RubyGems News

This month in RubyGems, we released RubyGems 3.4.20 and Bundler 2.4.20.

One of the goals of this RubyGems release was to work on allowing RubyGems to gracefully fall back to a user install if the default gem home isn't writable. This will resolve a request some users of RubyGems have been wanting for eight years (#5327). Additionally, we updated the SPDX license list as of 2023-10-03 and raised Gem::Package::FormatError when gem encounters corrupt EOF (#6882), and ensured that loading multiple gemspecs with legacy YAML class references does not print a warning (#6889).

This month the Bundler team worked on Bundler’s performance and memory efficiency, reducing memory usage both during `bundle install` and when any command is run with Bundler. Some commands now use up to 25% less memory, saving as much as 10MB or more depending on bundle size, as well as speeding up boot time for Rails apps. (#6884, #6923, #6963, #6976, and others)

In preparation for the future release of Bundler 2.5.0, and building on the work of @segiddins and @mercedesb, we are improving the security of Bundler by adding SHA256 checksum verification of .gem files during installation, as described in this RFC

Some other improvements that landed in our repo this month but may not yet be released:

  • fixed a false positive SymlinkError in the symbolic link directory (#6947)
  • stop Bundler eagerly loading all specs with extensions (#6945)
  • added support for the version format ruby-3.2.2 in the ruby file: Gemfile directive, support ruby prerelease version formats 3.3.0-preview1, and explicitly reject 3.2.2@gemset because an separate .ruby-gemset file is preferred (#6954)
  • reduced memory allocations for stub specifications (#6972)
  • allowed standalone mode to work on a Windows edge case (#6989)
  • improved release scripts (#6999)
  • fixed the SafeMarshal test on jruby (#6984)

In September, RubyGems gained 116 new commits contributed by 14 authors. There were 2,455 additions and 571 deletions across 105 files.

RubyGems.org News

This month in RubyGems.org, we fixed potentially exposed user emails by hiding gravatars for accounts with private emails (#3731, #4104). This ensures user email addresses stay private when users have requested that. We also opened an RFC to enhance user profile in general.

Support for PostgreSQL 11 version will end next February, so we created a plan, wrote reference scripts and started documenting the upgrade. Check out the Postgres upgrade RFCs to hear the plan and offer feedback! (#52, #53)

Some other improvements that landed into our repo this month are:

  • added a log in Pusher when notify is called (#4072)
  • added a versions index on lower(gem_full_name) (#4095)
  • added backfill for spec_sha256 on versions (#4083)
  • handled nil api_key in the dashboards controller (#4081)
  • added a fix to precompile assets on CI before running tests (#4059)
  • made all texts in the about page translatable. (#4063)
  • made an update to only validate version metadata on create/change (#4100)
  • updated RubyGems & Bundler (#4103)

In September, RubyGems.org gained 64 new commits contributed by 5 authors. There were 1,855 additions and 1,070 deletions across 90 files.

Total spent

In September, we completed 359 hours of development work and spent $53,848.62.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org: