RubyGems Navigation menu

Blog

Back to blog posts

August 2024 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in August.

RubyGems News

In August, we released RubyGems 3.5.17 and 3.5.18 along with Bundler 2.5.17 and 2.5.18. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems. Notable improvements include fixing an issue where gem uninstall <name>:<version> would fail on shadowed default gems, enabling lockfile checksums in future Bundler 3 even when there’s no previous lockfile, and fixing an issue where bundle update <indirect_dep> would fail to upgrade when versions are present in two different sources.

Some other important accomplishments from the team this month include:

Fixing an Edge Case Where Bundler Was Removing Platforms Due to Bad Indentation

  • We resolved an issue where Bundler was removing platforms and associated gems from Gemfile.lock because of bad indentation.
  • Now, Bundler auto-fixes indentation by properly stripping whitespace, ensuring badly indented platforms are recognized and retained, which prevents broken dependencies and confusion.

Fixing a Source Dependency Confusion in bundle update <specific_gem>

  • We fixed an issue where bundle update <specific_gem> would confuse the source of <specific_gem> if an old version existed on a different gem server than specified in the lockfile, allowing smoother gem updates.
  • The bug was due to the additional unlocked resolution not using the correct source requirements during bundle update <specific_gem>. The fix ensures it now uses the same source requirements as the main resolution.

Improved Developer Experience When Setting Up RubyGems With an Unsupported Ruby

  • We added a clearer error message when an unsupported Ruby version is detected and the setup process is aborted, improving the process by preventing new developers from being discouraged by obscure errors.
  • This change helps people starting to develop RubyGems by immediately informing them if their Ruby version isn’t supported.

Fixed gem uninstall <gem>:<version> Failing When Target Gem is Also a Default Gem

  • We resolved an issue where gem uninstall <gem>:<version> would fail with a confusing error if the target gem was also a default gem, providing a smoother CLI experience.
  • The fix skips the default copy of the gem during uninstallation, avoiding the “double uninstall” problem.

Fixed Issues With the--prefer-local Flag in bundle install

  • We resolved problems where the --prefer-local flag wasn’t working effectively; it didn’t fallback to remote gems when local ones didn’t satisfy requirements and didn’t prefer local gems for sub-dependencies.
  • We implemented a solution similar to how we handle prereleases: for each gem, first prefer local versions; if conflicts arise, allow remote versions for those specific gems.
  • This was inspired by @gouravkhunger, who uses --prefer-local to help package Ruby for his Jekyllex project.

Helped Appraisals Maintainers Run Tests With Latest Bundler

  • Ensured that Appraisals, a library for testing against multiple Gemfiles, works with the latest Bundler by proposing updates and fixing a small behavior changes in Bundler 2.4 that affected them.
  • Appraisals is tightly coupled to Bundler internals, so it’s important it remains compatible to detect potential issues in Bundler itself.

In August, RubyGems gained 77 new commits contributed by 8 authors. They were 1,163 additions and 151 deletions across 90 files.

RubyGems.org News

The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in August was provided by AWSFastly, and DataDog.

The following are highlights of what the team worked on this month:

Prevented AWS Secrets From Being Printed in Logs or Error Messages

  • We modified the logging and error-handling mechanisms to ensure AWS secrets are sanitized and never outputted.
  • Although this issue wasn’t occurring in CI, it’s crucial to safeguard against future changes that might inadvertently expose sensitive information.

Renamed #search_field to Resolve a Naming Conflict With Rails Internals

  • The conflict was causing the Rails info page (/rails/info/routes) to raise an error, hindering access to important debugging routes.
  • To resolve this we changed the method name to eliminate the conflict, restoring normal functionality to the Rails info page.

Fixed a Minor Inefficiency in RubyGems Controller

  • The GemNameReservation query was being executed four times per request, leading to potential performance issues.
  • We refactored the controller logic to perform the GemNameReservation query only once per request, improving efficiency.

Fixed Broken Recovery Code Acceptance Tests

  • Tests were failing due to two issues, blocking the CI pipeline. We addressed each:
    • Invalid jQuery Selector Length Check: We corrected the jQuery selector $("#recovery-code-list").length to properly detect the element.
    • Confirmation Dialog Not Triggering on Path Change: We adjusted the test so that changing the current path triggers the confirm dialog as expected.

Optimized API Key Expiration Process by Skipping Already Expired Keys

  • The existing expiration process was inefficient because it looped through all API keys, including those that were already expired.
  • To fix this, we modified the API key expiration routine to process only unexpired API keys, thereby avoiding unnecessary iterations over keys that have already expired.

In August, RubyGems.org gained 57 new commits contributed by 6 authors. There were 134 additions and 137 deletions across 15 files.

Thank you

Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to RubyGems.org:

If we missed you, please let us know so we can include you in our shout out!


Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.

Gift Egwuenu