Hello! Welcome to the September newsletter. Read on for announcements from Ruby Central and a report of the OSS work we’ve done from the previous month.

In August, Ruby Central's open source work was supported by Ruby Shield sponsor Shopify, AWS, the Sovereign Tech Fund (STF), and Ruby Central memberships from 29 other companies, including Partner-level member Sidekiq. In total, we were supported by 185 members. Thanks to all of our members for making everything that we do possible. <3

Ruby Central News

RubyConf 2024

RubyConf 24 is just around the corner! November 13-15 at the Chicago Hilton downtown. Join your #RubyFriends and fellow Ruby enthusiasts for keynotes, breakout sessions, workshops, a hack day, a job fair, and more! See the full Program.

Get your ticket!

Then, get your room in the conference hotel for the full conference experience. We have a fantastic discounted rate of $219++/night for conference attendees at the Hilton Chicago. It’s such a cool space with a modern twist to its original 1920s architecture incredibly close to fantastic sightseeing spots. The room block closes October 18.

Want to sponsor???

There is still time to get your name alongside the other sponsors for the event! Secure your sponsorship now to reach all our attendees, showcase your thought leadership, and cultivate invaluable industry relationships by emailing our wonderful sponsorships manager, Tom.

Contact Tom by mid-October to ensure we can add you to the print signage at the event!

Thank you to our generous sponsors! Alphabetical order. :)

Beyond Finance

Cedarcode

Chime

Cisco

Couchbase

Flagrant

GitHub

GitLab

HoneyBadger

PayPal

Reinteractive

Scout APM

Sidekiq

Shopify

Wellsheet

Workforce

RubyGems News

In August, we released RubyGems 3.5.17 and 3.5.18 along with Bundler 2.5.17 and 2.5.18. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems. Notable improvements include fixing an issue where gem uninstall <name>:<version> would fail on shadowed default gems, enabling lockfile checksums in future Bundler 3 even when there's no previous lockfile, and fixing an issue where bundle update <indirect_dep> would fail to upgrade when versions are present in two different sources.

Some other important accomplishments from the team this month include:

Fixing an Edge Case Where Bundler Was Removing Platforms Due to Bad Indentation

  • We resolved an issue where Bundler was removing platforms and associated gems from Gemfile.lock because of bad indentation.
  • Now, Bundler auto-fixes indentation by properly stripping whitespace, ensuring badly indented platforms are recognized and retained, which prevents broken dependencies and confusion.

Fixing a Source Dependency Confusion in bundle update <specific_gem>

  • We fixed an issue where bundle update <specific_gem> would confuse the source of <specific_gem> if an old version existed on a different gem server than specified in the lockfile, allowing smoother gem updates.
  • The bug was due to the additional unlocked resolution not using the correct source requirements during bundle update <specific_gem>. The fix ensures it now uses the same source requirements as the main resolution.

Improving Developer Experience When Setting Up RubyGems With an Unsupported Ruby

  • We added a clearer error message when an unsupported Ruby version is detected and the setup process is aborted, improving the process by preventing new developers from being discouraged by obscure errors.
  • This change helps people starting to develop RubyGems by immediately informing them if their Ruby version isn't supported.

Fixing gem uninstall <gem>:<version> Failing When Target Gem is Also a Default Gem

  • We resolved an issue where gem uninstall <gem>:<version> would fail with a confusing error if the target gem was also a default gem, providing a smoother CLI experience.
  • The fix skips the default copy of the gem during uninstallation, avoiding the "double uninstall" problem.

Fixing Issues With the--prefer-local Flag in bundle install

  • We resolved problems where the -prefer-local flag wasn't working effectively; it didn't fallback to remote gems when local ones didn't satisfy requirements and didn't prefer local gems for sub-dependencies.
  • We implemented a solution similar to how we handle prereleases: for each gem, first prefer local versions; if conflicts arise, allow remote versions for those specific gems.
  • This was inspired by @gouravkhunger, who uses -prefer-local to help package Ruby for his Jekyllex project.

Helping Appraisals Maintainers Run Tests With Latest Bundler

  • Ensured that Appraisals, a library for testing against multiple Gemfiles, works with the latest Bundler by proposing updates and fixing a small behavior changes in Bundler 2.4 that affected them.
  • Appraisals is tightly coupled to Bundler internals, so it's important it remains compatible to detect potential issues in Bundler itself.

In August, RubyGems gained 77 new commits contributed by 8 authors. They were 1,163 additions and 151 deletions across 90 files.

RubyGems.org News

The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in August was provided by AWSFastly, and DataDog.

The following are highlights of what the team worked on this month:

Prevented AWS Secrets From Being Printed in Logs or Error Messages

  • We modified the logging and error-handling mechanisms to ensure AWS secrets are sanitized and never outputted.
  • Although this issue wasn't occurring in CI, it's crucial to safeguard against future changes that might inadvertently expose sensitive information.

Renamed #search_field to Resolve a Naming Conflict With Rails Internals

  • The conflict was causing the Rails info page (/rails/info/routes) to raise an error, hindering access to important debugging routes.
  • To resolve this we changed the method name to eliminate the conflict, restoring normal functionality to the Rails info page.

Fixed a Minor Inefficiency in RubyGems Controller

  • The GemNameReservation query was being executed four times per request, leading to potential performance issues.
  • We refactored the controller logic to perform the GemNameReservation query only once per request, improving efficiency.

Fixed Broken Recovery Code Acceptance Tests

  • Tests were failing due to two issues, blocking the CI pipeline. We addressed each:
    • Invalid jQuery Selector Length Check: We corrected the jQuery selector $("#recovery-code-list").length to properly detect the element.
    • Confirmation Dialog Not Triggering on Path Change: We adjusted the test so that changing the current path triggers the confirm dialog as expected.

Optimized API Key Expiration Process by Skipping Already Expired Keys

  • The existing expiration process was inefficient because it looped through all API keys, including those that were already expired.
  • To fix this, we modified the API key expiration routine to process only unexpired API keys, thereby avoiding unnecessary iterations over keys that have already expired.

In August, RubyGems.org gained 57 new commits contributed by 6 authors. There were 134 additions and 137 deletions across 15 files.

Total spent

In August we spent $82,485.16 on development work.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org:

If we missed you, please let us know so we can include you in our shout out!