Blog
17 Jun 2024
May 2024 RubyGems Updates
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in May.
RubyGems News
In May, we released RubyGems 3.5.10 and 3.5.11 , and Bundler 2.5.10 and 2.5.11. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems, including: a security update to limit the size of the metadata and checksums files in a gem package, a fix for an issue when plugin stubs would sometimes not be properly removed by gem uninstall
, the deprecation of Bundler constants and the addition of--glob
flag to bundle add
. Finally, Ngan Pham, software engineer at Gusto, penned this guest blog post on an exciting improvement to auto_install
@technicalpickles implemented, that is also included in this Bundler release.
Some other important accomplishments from the team this month include:
Improve handling of applications with a local cache of gems
- Recently we had fixed some issues for gems with a local cache of gems. Unfortunately these fixes created both functionality and performance regressions with this mode of operation. We worked on fixing these issues while also improving Bundler’s internal code organization.
- We made handling the type of gems considered by bundler (locally installed, cached, or remote) more explicit and moved it out of
Bundler::Definition
which is a class with too many responsibilities. This allowed us to simplify the code and fix reported issues about functionality and performance, improving the RubyGems experience for both users and developers.
Making default gems behave like regular gems
- Handling default gems can be challenging even with minor Ruby updates. This can impact Bundler when switching Ruby versions, leading to missing gems.
- Default gems also require special internal handling. Ideally, we want to treat default gems like regular gems, allowing them to be cached and fully installed in Bundler’s configured path. Although we attempted this change for Bundler 2.5, we reverted it just before release due to reports of issues.
- This time, we’ve tried to learn from past experiences and re-enable the feature, ensuring that default gems are considered a last resort if their regular copies cannot be found. This approach maintains backward compatibility.
Fixing a shallow clone bug in Bundler git sources
- Bundling a git source could fail if the git server does not support shallow cloning. This issue was a regression from previous versions of Bundler.
- @llenk joined us at RailsConf 2024’s Hack Day and helped work on a fix for this. We focused on a bug report about git sources breaking for some users. @llenk developed a solution that first attempts an efficient shallow clone and, if that fails, automatically retries with a full git clone.
Refactoring the Compact Index Client
- The
CompactIndexClient
, Bundler’s high efficiency gem resolution interface to rubygems.org and other gem sources, has grown organically over time. - Previously we had to refactor the updater to make it compatible with other gem sources and to clarify behavior. Increasing the readability of critical code paths makes it easier for new and experienced contributors alike to improve code, find bugs and increase performance.
- Inspired by memory improvements implemented during RailsConf 2024’s Hack Day, we have refactored the client, improved the cache interfaces and extracted a compact index parser.
Improving the memory footprint of bundle update
- When running
bundle update
and parsing the compact index versions file, an inefficiency caused nearly 70MB of unnecessary memory usage each time. - This issue was discussed during at session at RailsConf 2024, which led @jacklynhma to join us during the conference’s Hack Day and help tackle it. We quickly identified a change to reduce the memory footprint of parsing compact index versions: updating cache checksums. @jacklynhma successfully implemented this improvement.
==> after <==
Total allocated: 689.06 MB (9638226 objects)
Total retained: 237.01 MB (2979180 objects)
==> before <==
Total allocated: 755.64 MB (10379242 objects)
Total retained: 236.94 MB (2977745 objects)
Fixing a Bundler Error Message Related Bug
- A user reported that they received a confusing error message during a failed Bundle install of the Crono gem, leading them to open an issue. The error message incorrectly suggested a problem with Bundler, while the actual issue was operating system incompatibility.
- After collaborating with the user to define the problem, the error message was clarified to accurately reflect the operating system incompatibility issue. It now also provides clear guidance on gem naming to help users resolve the problem.
In May, RubyGems gained 131 new commits contributed by 18 authors. They were 1,961 additions and 864 deletions across 142 files.
RubyGems.org News
The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in May was provided by AWS, Fastly, and DataDog. The following are highlights of what the team worked on this month:
Set up Users for Trusted Publishing at RailsConf 2024
- At the end of last year we announced the release of Trusted Publishing, a new feature that will help make RubyGems.org more secure, and make it easier to automate gem publishing.
- RailsConf 2024’s Hack Day provided contributors with an opportunity to get involved in RubyGems projects and learn how to set up Trusted Publishing. During the event, @segiddins successfully set up a Trusted Publishing API for users, making the process even more accessible.
Added a timescaledb to RubyGems.org infrastructure
- Earlier this year we began work on the metrics project, which seeks to introduce granular tracking and insights of gem downloads for users. To continue momentum on this, we have started the process of adding Timescale DB to RubyGems.org stack. We plan to use a separate Timescale instance to hold analytics information, like downloads over time.
In May, RubyGems.org gained 83 new commits contributed by 11 authors. There were 1,429 additions and 662 deletions across 135 files.
Thank you
Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.
Contributors to RubyGems:
- @deivid-rodriguez David Rodríguez
- @nobu Nobuyoshi Nakada
- @segiddins Samuel Giddins
- @simi Josef Šimánek
- @jenshenny Jenny Shen
- @kateinoigakukun Yuta Saito
- @hsbt Hiroshi Shibata
- @voxik Vít Ondruch
- @llenk Ellen Keal
- @x-yuri X Yuri
- @martinemde Martin Emde
- @jacklynhma Jacklyn Ma
- @stomar Marcus Stollsteimer
- @dkav Darren Kavanagh
- @MSP-Greg MSP Greg
- @pascalbetz Pascal Betz
- @indirect André Arko
- @k0kubun Takashi Kokubun
- @sachin-sandhu S.Sandhu
- @duckinator Ellen Marie Dash
- @honeyankit Ankit Honey
- @JRice Jeremy Rice
Contributors to RubyGems.org:
- @martinemde Martin Emde
- @segiddins Samuel Giddins
- @simi Josef Šimánek
- @colby-swandale Colby Swandale
- @jacklynhma Jacklyn Ma
- @nateberkopec Nate Berkopec
- @javier-menendez Javier Menéndez Rizo
- @hsbt Hiroshi Shibata
- @indirect André Arko
If we missed you, please let us know so we can include you in our shout out!
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.