Blog

Ruby gems.rb and gems.lock file support

With bundle 2.0 just around the corner, some changes are coming in the Ruby community. The most visible breaking change will be the usage of new files to replace Gemfile and Gemfile.lock. There have been a lot of discussion around these files, started in 2010. The core team has decided to rename these files to gems.rb and gems.lock. It will be now the default files for all ruby projects using dependencies.

Fake packages with code execution of malware

A Slovak security team published last week a security advisory on some PyPI packages. In summary: “SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI, posing as well known libraries. A prominent example is a fake package urllib-1.21.1.tar.gz, based upon a well known package urllib3-1.21.1.tar.gz. Such packages may have been downloaded by unwitting developer or administrator by various means, including the popular “pip” utility (pip install urllib).

npm monthly - Sept 2017 with React, Webpack, debug, Sinon.JS and babel-core!

Welcome to this new npm monthly! It covers a bit more than the last month as we took a summer break from these updates. In this edition, we have a lot to share for some major npm packages used by thousands and thousands of you, dear readers! React 16 betas & RCs The first beta of React was released in July, followed by 4 more betas and release candidates. You can learn all the details about what’s in this new version in this GH issue.

Rubygems Monthly - Sept 2017 with Spree, Puma, Sequel, Redis, Bundler, Sprockets and Mongoid!

Hey folks, after the summer break, we’re back with our Rubygems Monthly newsletter! Quick news about Gemnasium: we are now on the GitHub Marketplace we started the work on adding support for Java recently…and if you want to get it earlier than everyone, just go here. The Java support will come to Gemnasium Enterprise first. That’s the biggest news of the last few weeks :) Let’s talk about the major gem releases of the last month now!

PyPI monthly: IPython, pytest, cryptography and NumPy

Hey folks, JP from Gemnasium here for our monthly PyPI digest! If you want to get this in your inbox monthly, you can subscribe with the little popup at the bottom left or just here. Also, if you’re interested, we have similar blog series/newsletters for Ruby, Javascript and PHP. So, what’s new and worth your time this month? IPython 6.1 In case you missed it, 6.0+ is only compatible with Python 3.

npm monthly #2: Chai 4, ESLint 4, webpack 2.6 and 3, gulp-uglify 3 and jsdom 11!

Hey folks, JP from Gemnasium here for our monthly npm digest! If you want to get this in your inbox monthly, you can subscriber with the little popup at the bottom left or just here. Also, if you’re interested, we have similar blog posts for Ruby, Python and PHP. So, what’s new and worth your time this month? Chai 4 HUGE release for Chai. It’s faster, thanks to the rewritten deep equality code.

Rubygems Monthly: Sinatra 2, Bundler 1.15, Rubocop, CanCanCan 2, Devise, Puma and ActsAsTaggableOn 5

Hey folks, JP from Gemnasium with you here today. We started to do Rubygems Monthly and other similar ones for npm, PyPI, and PHP a month ago. Reception is great, so here’s the second edition! Before we dive right in, in case you missed it, we published a blog post yesterday called “How to deal with major Ruby on Rails upgrades (like moving from 4.1 to 5.1)” which is going through the framework we use for big app upgrades with the customers of our professional services (yes, we do some consulting!

How to deal with major Ruby on Rails upgrades (like moving from 4.1 to 5.1)

Who doesn’t like to build new apps? As much as it’s fun building new things, we also need to maintain and upgrade apps over time. Most people prefer to build new apps, and we can understand that. But we also like to maintain older apps. Make them fresh again. Part of the lifecycle of an app is upgrading dependencies to newer ones, especially when they get vulnerable to some security issues, or when you use versions that are not maintained anymore.

PHP packages monthly: PHPUnit 6, PHP_CodeSniffer 3, Silex 2.1, Swiftmailer 6, Symfony 3.3.0 RC1 and more!

Welcome to our first PHP package monthly! What’s this all about? Being a company that monitors people’s dependencies to help them keep their project safe and up to date, we have a lot of data about packages. We asked ourselves how we can use that data to be even more useful to our customers and the whole community. The answer? PHP package monthly. A monthly newsletter that will tell you about a handful of the most notable package updates of the last month.

PyPI monthly #1: Requests, Django, pytest, Coverage.py and more!

Welcome to the first edition of PyPI monthly! What’s this all about? Being a company that monitors people’s dependencies to help them keep their project safe and up to date, we have a lot of data about packages. We asked ourselves how we can use that to be even more useful to our customers and the whole community. The answer? PyPI monthly. A monthly newsletter that will tell you about a handful of the most notable package updates of the last month.