Happy Wednesday! Here is issue #152 of our newsletter, bringing you news and the best tools for your current or future Rails projects… 1. 🚀 Many Rails applications still rely on older asset pipelines that can slow down frontend modernization efforts. In this article, Rishi discusses migrating from Sprockets to JS bundling with esbuild, covering the tooling changes, setup process, and common migration challenges. Discover how to streamline your JavaScript bundling and embrace modern frontend tooling with this practical guide. Perfect for teams eager to level up their Rails apps! 2. 🌟 Join the 2026 Ruby on Rails Community Survey and share your insights. Your voice matters in painting a complete picture of our community's evolving landscape. It's quick, anonymous, and your input will help everyone in the Rails world. The survey collects insights from the community on tooling, deployment, AI usage, salaries, and development practices. Don't miss the chance to contribute to this valuable resource! 3. 🔒 Supply chain attacks continue to target the open source tools developers rely on every day. In this report, Stephen at Snyk details how the Mini Shai-Hulud attack compromised several TanStack npm packages and what the incident reveals about package ecosystem security. Discover how this unprecedented breach used valid SLSA provenance to infiltrate giants like Mistral AI and UiPath. Learn the critical steps to protect your projects now! It’s an important reminder to carefully review dependency management and CI/CD security practices. 4. 🚨 Supply chain attacks aren’t always aimed at developers directly; sometimes, the package registry itself is the target. Recent news reports and posts from Maciej Mensfeld with Mend.io detail how more than 150 malicious RubyGems packages were used in attacks involving XSS payloads and data exfiltration attempts targeting the RubyGems infrastructure itself, prompting RubyGems to temporarily suspend new account signups. More information to follow. The incident highlights the growing sophistication of attacks against open source ecosystems and serves as an important reminder to stay vigilant about dependency and registry security. 5. 🛠️ Ever wondered how Rails magically turns a route into a controller action? Syed from Rails Revelry breaks down how Rails dispatches a request through the framework, from routing to controller execution. A helpful deep dive for developers who want a better understanding of Rails internals and request handling, with insights into params setup and callback magic! Perfect for those 'aha!' debugging moments! 6. 🔧 Ruby isn’t usually the first language people associate with embedded systems or microcontrollers. In this post, Joseph Schito introduces RubyDuino, a Ruby-to-Arduino Uno compiler built on Matz’s Spinel project. It’s an interesting experiment that explores how Ruby can be used to program Arduino hardware and bring Ruby development into the embedded space. 7. ✨ Setting up a VPS for the first time can feel intimidating if you’ve mostly worked with managed platforms. In this guide, SerpApi walks through configuring an Ubuntu VPS from scratch, covering essential setup steps, security basics, and server configuration. 8. 🛠️ Forget everything you know about Ruby Arrays. In this article, Ruby Stack News explores MRI internals and how Ruby arrays evolved into a playground for VM optimizations and performance techniques. It’s a fascinating deep dive for developers curious about how Ruby works at the runtime level. 9. 🐢 Slow AI API calls can easily block requests and hurt application responsiveness. In this post, Norvilis shows how to use Solid Queue in Rails to move OpenAI API calls into background jobs for more reliable processing. It’s a practical approach for improving performance and handling AI workloads more cleanly in production applications. Modernizing your stack is the easy part; knowing where AI fits in is much harder. The AI Readiness Assessment helps CTOs and engineering teams evaluate their readiness for AI-assisted development, identify high-impact opportunities, close workflow gaps, and get a clear strategy with cost-benefit analysis. Check out our other articles on: Ruby | Rails | Compatibility | Upgrades | Tech Debt | AI Bookmark, share, or save them for later. We hope these links are helpful to you.😉 Know anyone who would love to receive this newsletter? Tell them to subscribe to the Rails Upgrade News newsletter… Best, The FastRuby.io Team |
Don't wait to bring your Rails application up to date.
We will get on a quick call and recommend a couple of options to start upgrading your Rails app.
