🦋 RubyGems 4.0.13 adds a cooldown feature to Bundler for newly published gems.

bloglab@mstdn.feddit.social

RubyGems 4.0.13 adds a cooldown feature to Bundler for newly published gems.

The opt-in setting lets projects delay dependency resolution for new gem versions, reducing exposure during the short window when malicious releases often spread fastest.

RubyGems Adds Cooldown Feature to Bundler for Newly Publishe...

RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.

Socket (socket.dev)

https://bsky.app/profile/socket.dev/post/3mnjjpjpgoc2w

#Security #SupplyChain #Bluesky