Blog
20 Dec 2024
November 2024 RubyGems Updates
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in November.
RubyGems News
In November, we released RubyGems 3.5.23 and Bundler 2.5.23. These releases bring a series of enhancements and bug fixes designed to improve the overall developer experience with RubyGems. Notable improvements include validating the user input encoding for gem CLI arguments and ensuring the--enable-load-relative binstubs prolog works correctly when Ruby is not installed in the same directory as the binstub. Additionally, we updated the --ext=rust option to support compiling native extensions from source and resolved an issue where bundle check could sometimes lock gems under the wrong source.
Some other important accomplishments from the team this month include:
Welcoming First-Time Contributors
We’re thrilled to see an influx of new contributors and are focusing on making contributions seamless and enjoyable.
- @soda92, a new Ruby enthusiast working on Windows, contributed extensively by:
- Improving setup documentation for Windows developers.
- Fixing broken links, unifying documentation, and enhancing the README to better explain what RubyGems is.
- Adding debugging instructions for Windows, improving RSpec tests, and fixing a
bundle execissue on Windows.
- @andrew enhanced
bundle fundby creating its missing man page and extended his work to cover other missing man pages. He also added a spec to ensure all Bundler commands remain fully documented. - @jeromedalbert has been a consistent contributor, helping with issue triaging, documentation, and bug fixes. Notably, he updated the CONTRIBUTING guide link, fixed issues with
bundle remove, and added the spec for ensuring command documentation. - @marcoroth and @gemmaro made their first contributions by improving the default output of
bundle gem.
We deeply appreciate the efforts of all contributors in making RubyGems and Bundler better for everyone! 🎉
Auditing and Updating Vendored Dependencies to the Latest Versions
- November and December are dedicated to thorough housekeeping to prepare for the final releases of RubyGems and Bundler. This includes updating all development and test dependencies, either via Dependabot PRs or manually, and ensuring compatibility with the latest Ruby patch levels, including Ruby 3.4. Daily CI against
ruby-headhas also been verified as green. - We also improved license management by fixing the weekly automated PR process for new SPDX licenses and updating the license list with the latest additions. These updates ensure a polished and reliable release for all users.
Bundler 2.6 and RubyGems 3.6 Coming Soon
- The upcoming releases of Bundler 2.6 and RubyGems 3.6, set for early December, include significant improvements and new features. The checksums feature is now ready for beta release, with fixes based on early feedback. Resolution enhancements bring smarter auto-fixing of incorrect lockfiles, better handling of git dependencies, and improved conservativeness of
bundle install. We’ve also reverted to the previous git gems cache format to resolve adoption issues while retaining critical fixes. - Additional updates include improved lockfile support for users switching between stable and development Ruby versions, security enhancements to better redact credentials in Bundler outputs, and performance improvements like parallelized
bundle install --localand performance-focused RuboCop checks.
In November, RubyGems gained 194 new commits contributed by 18 authors. There were 3,441 additions and 1,360 deletions across 248 files.
RubyGems.org News
The updates made this month to RubyGems.org reflect a strong commitment to improving user experience, enhancing security, and modernizing the platform. Sponsored hosting for RubyGems.org in November was provided by AWS, Fastly, and DataDog.
The following are highlights of what the team worked on this month:
Introducing Organizations on RubyGems.org
- Organizations were added to RubyGems.org to help teams and businesses manage gems and users under a single umbrella. The new Organization Onboarding feature simplifies migrating gems to an Organization by allowing users to provide organization details, select gems, and assign roles to users.
- After confirming the details, the onboarding process automatically links gems to the Organization, creates Membership records, establishes the Organization, and removes outdated Ownership records, streamlining team and business gem management.
Streamlined Profile Update Experience
- We’ve improved the profile update workflow to prevent unnecessary frustration when a password is missing. Previously, if users updated their email but forgot to include their password, the page would reload, display an error, and require the email to be re-entered.
- Now, when submitting the form without a password, the page will focus on the password field and display a prompt, allowing users to enter their password without losing any previously entered information.
Improved Control for Yanked Gems
- We’ve introduced updates to ensure gem owners retain access to critical controls even when all versions of a gem are yanked.
- Owners can now manage ownerships, trusted publishers, and push new gem versions through a streamlined sidebar view. For non-owners, the adoption option will remain visible if it’s currently active. This enhancement helps maintain seamless management and transparency for gem owners.
In November, RubyGems.org gained 78 new commits contributed by 9 authors. There were 4,530 additions and 596 deletions across 173 files.
RubyGems Ecosystem
Here we outline additional exciting updates made to other projects in the RubyGems Ecosystem.
Ruby Toolbox
Ruby Toolbox Frontend Stack Update
- The Ruby Toolbox frontend now uses
vite-railsfor asset bundling, ensuring compatibility with Rails 8. This upgrade replaces the previousSprockets/Webpackersetup. - During the migration, we resolved legacy JavaScript issues and replaced an outdated autocompleter library, streamlining and modernizing the frontend.
Thank you
Thank you to all the contributors of RubyGems and RubyGems.org for this month! Your contributions are greatly appreciated, and we are grateful for your support.
Contributors to RubyGems:
- @segiddins Samuel Giddins
- @simi Josef Šimánek
- @deivid-rodriguez David Rodríguez
- @hsbt Hiroshi Shibata
- @simi Josef Šimánek
- @jeromedalbert Jerome Dalbert
- @duckinator Ellen Marie Dash
- @samisalamiws Samisalamiws
- @timon Artem Ignatyev
- @soda92 Maple
- @andrew Andrew Nesbitt
- @larskanis Lars Kanis
- @adam12 Adam Daniels
- @mame Yusuke Endoh
- @gemmaro Gemmaro
- @djberube David J Berube
- @indirect André Arko
- @corsonknowles Dave Corson-Knowles
- @eregon Benoit Daloze
- @marcoroth Marco Roth
Contributors to RubyGems.org:
- @martinemde Martin Emde
- @simi Josef Šimánek
- @segiddins Samuel Giddins
- @hsbt Hiroshi Shibata
- @colby-swandale Colby Swandale
- @kairoaraujo Kairo Araujo
- @kinsomicrote Kingsley Chijioke
- @jacklynhma Jacklyn Ma
If we missed you, please let us know so we can include you in our shout out!
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.