Explore >> Select a destination

You are here

 bundler.io
Bundler: Bundler v2.6: lockfile checksums are finally there
| | eregon.me
A Migration Path to Bundler 2+ · On the Edge of Ruby
2.7 parsecs away

Travel
| | Bundler 2 did not arrive quietly. It was noticed by almost every CI build failing when running bundle install. As a result, it seems many still avoid Bundler 2 and just use Bundler 1. In this post, I present some ideas on how to get more people to use Bundler 2, and no longer need Bundler 1 which will not be maintained forever.
| | mensfeld.pl
The Silent Guardian: Why Bundler Checksums Are a Game-Changer for Your Applications
1.4 parsecs away

Travel
| | Learn how Bundler 2.6's checksum verification protects your Ruby projects from supply chain attacks. Discover implementation steps and best practices for securing your gem dependencies.
| | yehudakatz.com
Clarifying the Roles of the .gemspec and Gemfile
4.8 parsecs away

Travel
| | TL;DR Although apps and gems look like they share the concept of "dependency", there are some important differences between them. Gems depend on a name and version range, and intentionally don't care about where exactly the dependencies come from. Apps have more controlled deployments, and need a guarantee that
| | bentsukun.ch
The XZ Backdoor · benzblog
12.9 parsecs away

Travel
| [AI summary] A security vulnerability in the xz compression tool was discovered, involving a backdoor inserted by a maintainer named Jia Tan, which could allow remote code execution through SSH logins, highlighting concerns about trust and security in open source development.