Ruby Weekly Issue 803: June 4, 2026

#803 — June 4, 2026

Together with

Cool Down Before You Install: Give New Gems a Few Days to Be Vetted — A compromised account can ship a malicious gem and your next bundle install can pull it within minutes. Bundler 4.0.13, released yesterday, provides an opt-in 'cooldown' to hold back releases until they've 'aged' a few days. Meanwhile, bundle outdated shows what’s waiting and for how long.

Hiroshi Shibata (RubyGems)

What Is Legacy Software in the Age of AI? — Software becomes legacy by succeeding long enough to accumulate the weight of every decision and shortcut made along the way. AI creates speed, but also many unintended consequences resulting in more user friction, not less.

Test Double sponsor

Beyond Enumerable: For Want of Better Windows — Enumerable gives names to most of the loops you’d otherwise hand-write, but not all of them. Brandon goes after a shape it doesn't have, stateful sliding windows, and builds his own efficient implementation.

Brandon Weaver

💡 I've been using Ruby for decades but still enjoy an occasional browse through the Enumerable docs as I still haven't internalized it all!

⚡️ IN BRIEF:

Matz's Spinel Ruby AOT compiler has continued to improve over the past few weeks, adding support for Time, Rational/Complex, keyword args, GC introspection, and initial steps towards networking and gem support.
📺 The videos from Tropical on Rails, which took place in Brazil this April, are now available on YouTube.
🎂 Shopify, perhaps the world's largest Rails monolith, launched 20 years ago this week.

Managing Ruby Versions with Mise — A very basic introduction, but as I’ve fallen in love with Mise this year for managing all of my languages (e.g. Go, Node, Rust) and multiple Ruby implementations (e.g. TruffleRuby and JRuby, alongside CRuby) I want it to be on everyone’s radar. It’s great!

Georgi Mitrev

💰 37signals became Mise's first 'premier' sponsor this week.

What If Hanami Had Templateless Views? — It doesn’t take much to add this to Hanami, showing just how flexible the web framework can be.

Paweł Świątkowski

Jidoka: Automation with a Human Touch — Pair coding agents with senior engineers to modernize legacy code and ship faster with built-in quality.

JIDOKA by SINAPTIA sponsor

📄 How to Choose a Gem Wisely – The basics of dependency hygiene. Gelsey Torres

📄 Implementing Account-Specific Rate Limits in Rails Tejas Bubane

🛠 Code & Tools

Meet Mata: Live Reloading with DOM Morphing for Rack Apps — A lightweight "live reload" solution for views in Rack apps. It uses Server-Sent Events (SSE) and idiomorph for updating the DOM. GitHub repo.

Rails Designer

⚡ If you only need Rails, Hotwire Spark offers a broader live reloading approach.

Depot's Sherlock Can Now Analyze Your CI Builds — Ask it to break down your pipeline analytics, debug slow builds, or open a support ticket. It just works.

Depot sponsor

SimpleCov 1.0 RC1: The Code Coverage Analysis Tool — SimpleCov provides an effective way to use the code coverage data collected during testing by Coverage. The changelog is a rather long list, but shows big strides forward in its config, parallel test support, and coverage for unloaded files.

Berlin, Fleischer, Matsuda, et al.

🔒 Console1984: A More Secure, Auditable Rails Console — rails console can often come in handy in prod, but it can also provide users with a little too much power. This extension helps to protect against easy access of sensitive information and provides an audit trail for when it happens.

Basecamp

💡 Back in 2023, 37signals wrote about how they use Console1984 and other tools to allow employees to navigate customer information with care.

Tmuxinator: A Tool to Manage Complex tmux Sessions Easily — tmux is a terminal multiplexer a lot like screen but with more features (and increasingly popular in the LLM era as a way to give agents persistent, controllable terminal sessions).

Bargi and Chow

🎁 Gem in a Box 3.1 – Self-hosted gems server with push support. v3.1 deprecates the RubyGems proxy.
RuboCop 1.87.0 – Adds --enable-all-cops and --disable-all-cops options along with an experimental Rubydex integration.
Ratomic 0.2 – Mike Perham's library of Ractor-safe mutable data structures.
🔒 Puma 8.0.2 and 7.2.1 – Two security-related bugs patched.
Excon 1.5 – Fast HTTP 1.1 client library.
Cucumber 11.1, RMagick 7.0.3, Passenger 6.1.4

📰 Classifieds

🔬 Shipping AI code? Undercover CI catches untested methods in your PRs before you merge. Coverage percentages won't. Free for open source.

📢 Elsewhere in the ecosystem

🗣️ The Ruby Users Forum (above) launched earlier this year as a venue for Rubyists to ask questions and hang out with other Rubyists. It has also become a way to get support for numerous Ruby projects, now including Sidekiq and Faktory, with creator Mike Perham ready to answer your questions.
As well as being a Rubyist, Remi Mercier is also a glass-maker and is going to make a limited-edition stained glass to commemorate Ruby.
DHH makes the argument that agents 'democratize open source'.
PostgreSQL 19, currently in beta, is getting built-in support for graph style SQL/PGQ queries and traversal.