#768 — September 25, 2025 |
The top item in today's issue focuses on a complex issue that has arisen around the RubyGems and Bundler projects. These matters are of importance to Ruby's packaging ecosystem but skip to our 'In Brief' section if the inner workings and ownership of these projects aren't of interest to you. |
|
Ruby Weekly |
|
|
Last Friday, Ellen Dash, a long-time RubyGems maintainer, posted a PDF titled 'Ruby Central's Attack on RubyGems' explaining how the RubyGems GitHub organization was renamed, a new maintainer was added to the RubyGems project, and existing maintainers were removed, noting: "This was a hostile takeover." Ruby Central then posted 'Strengthing the Stewardship of RubyGems and Bundler', a rather dry explanation saying that in order to "strengthen supply chain security" (perhaps triggered by recent issues in the npm ecosystem) they needed to strengthen "governance processes" and formalize/tighten access to production systems (as they maintain RubyGems.org). Ruby Central's Executive Director Shan Cureton also posted ▶️ a 9-minute video covering the same ground. Joel Drapper has written a Ruby Central Fact Check post tackling the claims made. |
🚨 Ready for Rails 7.1 EOL? Our Free AI Tool Can Help (In Minutes) — Ready or not, Rails 7.1 EOL is October 1st. Our FREE AI-powered tool builds your Rails upgrade roadmap in minutes, not weeks. Don’t have time to follow the roadmap? 🌳 Our Bonsai team can help: Fixed costs, security patches, & zero downtime. FastRuby.io | Upgrade Solutions sponsor |
|
..STORY CONTINUES FROM ABOVE Was this just a poorly executed attempt to run a tighter ship for the RubyGems system? There's more to it than that, as Joel Drapper deftly covers in this summary of the entire situation — explaining that access and rights that long-time RubyGems and Bundler maintainers should not have lost were unfairly taken away (since RubyGems.org and the RubyGems/Bundler projects are not the same thing). Today, Andre Arko (of Bundler fame) posted his take saying that 'Bundler belongs to the Ruby community', giving a lot of (interesting!) history to the development of Bundler, how Ruby Together and Ruby Central merged, and why Ruby Central isn't able to assert it owns Bundler itself. The story has yet to reach a conclusion, and we'll let you know when it does. TLDR: Read Joel Drapper's summary, as well as that of former Ruby Central member Josef Šimánek. |
|
⚡️ IN BRIEF:
|
|
JRuby and JDK 25: Startup Time with AOTCache — Java 25, and therefore JDK 25, was released last week and JRuby (the JVM-based Ruby implementation), benefits from improvements to the JVM’s ahead-of-time caching feature. JRuby programs have historically run quickly, but had longer startup times than CRuby programs – this is beginning to improve, and here’s how. Charles Oliver Nutter |
|
The Complete Guide to Using Dev Containers with Rails — An exhaustive look at development containers (a.k.a. devcontainers), including how to add tools, switch to Postgres, and configure them for multiple different IDEs. Julian Rubisch |
|
Survey: Tech Challenges in the Healthcare Space 🩺 — Know an engineering, IT, product, marketing, or strategy leader in the healthcare space? We're benchmarking challenges they're facing. Test Double sponsor |
|
📄 Creating a Rails Console-like Environment for a Plain Ruby Project – Certainly something I've had to do a few times! Daniela Baron 📄 Flaky Tests, Be Gone: Long-Lasting Relief for Chronic CI Retry Irritation – An attempt to cover ‘every known cause of test flakiness’ when tests run locally but not in CI. There’s a lot here. Artur Petrov 📄 Adding User Auth with the Rails 8 Auth Generator in API-Only Apps Exequiel Rozas |
🛠 Code & Tools |
|
|
Elephantshark: A Tool to Monitor Postgres Network Traffic — A Ruby-powered tool that sits between the two parties in a Postgres-protocol exchange, forwarding messages in both directions while parsing and logging them. GitHub repo. George MacKerron (Neon) |
💡 In related news, Postgres 18 was released today – we've covered what's new in today's issue of Postgres Weekly. |
|
🚅 Smart Rails Applications Are Not the Future, They're the Present — Learn about the strengths of Rails in the AI era and why we choose it for building AI-powered features. See what we built. SINAPTIA sponsor |
|
Superglue 2.0 Alpha: React + Rails Turbo Streams — Turbo Streams, part of the Hotwire project, makes it possible to deliver quick page changes as fragments of HTML over WebSockets or SSE and now the Superglue Rails + React integration library has initial support for using Turbo Streams with your Rails-backed React apps too. Johny Ho (Thoughtbot) |
|
Unicode::Emoji: Modern Regular Eexpressions to Work with Emojis — Provides various sophisticated regular expressions to work with emoji in strings, incorporating the latest Unicode / Emoji standards. Jan Lelis |
|
Dial: A Modern Profiler for Rails Apps — Uses Vernier for profiling and Prosopite for N+1 query detection. Unlike rack-mini-profiler, it’s only for Rails apps. Joshua Young |
|