Tired of spending hours looking for what has changed in your dependencies?
Save your time! Gemnasium brings you 1-click changelogs!
For each of your project’s dependencies you can now quickly check what has changed. Just click on the Changelog viewer icon and start reading!
Gemnasium will automatically aggregate changelog data and scope it to what matters to you: the changes between your current version and the latest stable!
No changelog? We can still help you.
When package’s changelog is not available, Gemnasium still try to make it easier for you. It will indeed try to fall back to a nicely displayed list of commit messages.
At any time you can click on a commit from the list to see it on Github. You can also check the full compare view following the link provided in the header.
Our Changelog viewer is already included in all paid plans without any extra cost and is available to free users during their 30 days trial period.
For all existing free users, you’ll also be able to try it until june, 15th, enjoy!
We hope you’ll appreciate it and your feedback is welcome!
Cheers, Gemnasium Team
We’ve released a bunch a small fixes and improvements to make Gemnasium better! Let’s review them.
You now can choose exactly which projects you want to monitor and which one you don’t care about.
Gemnasium will still try to automatically add/remove projects when syncing with Github, but as soon as you manually start or stop monitoring a project, it won’t override your choice anymore.
So you now can freely choose which projects you want to track, and drop the others.
To make it more clear, we’ve also cleaned up the profile view and you’ll now only see the monitored projects there. This will drastically reduce the signal to noise ratio so that you can focus on what matters to you.
You can retrieve all your profile’s projects in the Project’s management page in your settings. There you’ll be able to start/stop monitoring and edit projects settings to fine tune them.
First introduced with our Gemnasium Gem, the offline projects can now be totally managed on Gemnasium.
You can create projects from your profile settings and upload dependency files directly from the UI.
New platinum plan!
As required by our users who have a lot of private stuff, here comes the Platinum plan. It allows to track up to 125 private projects for $100/month!
We’ve changed a bit the settings to make account management easier.
The Settings home now displays the list of your Gemnasium profiles. Here you can manage them and add new ones.
The Github Permissions feature has been improved to give more granularity and now tells you how it affects your Gemnasium account.
Thanks for your support and your feedback that help us improving Gemnasium!
Cheers, Gemnasium Team
As announced last week, we are pleased to release today the new features focusing on security.
Remember: since Gemnasium-2.0 we monitor popular packages, looking for security or critical updates. Once something is detected, all impacted versions are tagged accordingly which ends up to a red color on the projects depending on it.
It’s time to put some steroids in this! Let’s review the new features:
To bring you more information on these critical and security updates, Gemnasium now displays advisories right on the package’s page.
Advisories provide useful informations about security issues or critical updates: description, affected versions, fixed versions, available solutions etc…
Advisories are displayed on each affected versions of a package and also on the ones that fix it.
But that’s not enough… Keep calm and let the Security Coach tell you what’s wrong with your projects!
Right from your project page you now can check the security and critical advisories affecting your dependencies.
Open alerts just hang here until your project become safe! They are closed automatically when the dependency is updated to a non-affected version.
If your app has been fixed with a patch, a workaround or is simply not affected by the advisory, you can tell Gemnasium it’s okay and just close the alert.
Notifications and reminder
Gemnasium’s Security Coach will warn you immediately when an advisory is created and will remind you every day until the alert is closed (by an update or using the close button). But if you feel bothered by the reminder and still haven’t fixed the issue, you can acknowledge the alert to stop the notifications. This can be done on the project page or directly from your alert email.
To avoid spamming you when you have a lot of affected projects, notifications are grouped by advisory. Here is a sample alert email:
The security reminder takes your notifications settings into account. So you only receive security emails for projects and packages that have notifications enabled and you won’t be notified at all if you have totally disabled notifications in your settings.
Please note that all old alerts have been automatically acknowledged to avoid spamming you. Feel free to reopen them if you want to be reminded.
The notifications and reminder features are included in all plans starting from Bonzaï (see pricing), and also available as trial during the 1st month of registration for Free plans. As an exceptional offer, the security reminder is also available to all existing Free users until March, 31st!
Gemnasium is still growing its changelogs base and advocates for a common format. Your opinion is welcome and you can contribute on the Vandamme open source project to help us defining a convention.
As always, we hope you’ll appreciate these new features and your feedback is welcome!
Cheers, Gemnasium Team
There are thousands of different changelogs (if any) out there, with dozens of different names. It’s almost impossible to fetch and parse them automatically… Gemnasium is using Vandamme to keep each changelog specificities (changelog location, version format, file format).
We really believe in changelogs. Following changes in dependencies is a hard task, and almost impossible by reading commits only.
The open-source world would be so much nicer with full, readable and comprehensive changelogs. As a solution to this problem, we propose a simple set of rules and requirements to follow in order to have a Standard Changelog. Please see the specs here:
Feedback is welcome!
Gemnasium loves you, thank you so much for your support! We are proud today to announce a new exciting release.
We have worked hard in the last months to improve the code base and features, it was also time to put in place a fresh and optimized UI. Each page has been lovingly handcrafted into an amazing new design. Here is an quick insight:
The new UI also comes with a new Dashboard page with gathered statistics about profiles and some info about a pushed package each week, and live events scoped to your account.
We also have lots of surprises for you, so let’s jump right in!
Gemnasium is now able to read your NPM dependencies and monitor them. If your Github profile contains projects with a “package.json” or a “npm-shrinkwrap.json” file, Gemnasium will be able to track the dependencies for you!
This feature is included in all plans (including free plans), with no extra fee! And Gemnasium already monitors more than 22.000 node packages.
Your personal security coach
Need some help to follow important changes and security announcements? Let us introduce you the new “Watchmen” team. Everyday, we’ll be tracking important changelogs and security advisories for you, and will mark as “red” dangerous or broken versions. Don’t spend more time to wonder if your projects are vulnerable because you forgot to update them, let us ping you when we think you should worry about something!
“Watched” packages and each “Checked”versions are marked with these labels:
“Watched” means the project is being manually checked every day. “Checked” is an acknowledge on the package version you are browsing.
The Watchmen feature will evolve continuously to provide better and smarter security announcements so that you can relax and stay focus on your work. Expect a release dedicated to this topic next week!
Gemnasium now provides tons of metadata for both Rubygems and Npms packages (owners, maintainers, useful links, etc.). You can also find the dependencies of a package and discover the other packages depending on it.
For those who maintain a changelog, Gemnasium is also able to provide its content for each versions. Though, as there is no standard yet, this feature requires the changelog to be in a supported format. We’ll write more about this soon, stay tuned!
We’re taking part in the new “Shields” project, and provide clean, consistent and more readable badges for your Readmes. Your project badge can be copied/pasted on your github Readme page in seconds. Just click on the badge on your Gemnasium’s project page and follow instructions!
We still have a lot of terrific ideas to come, stay tuned!
Ho, one more thing
We have a lovely gift for you! As you can see, a lot has changed in the new Gemnasium and the response we’ve gotten from community has been amazing. We’d like to welcome new subscribers with a 50% discount for 3 months (with the 1st month 100% free!)
While creating your subscription on gatekeeper (our account platform), just enter the coupon : VALENTINESDEP
<3<3<3 from the Gemnasium Team
As part of our continuous effort to give you a better experience, we have just migrated our customer support processes to Freshdesk. We strive to take full advantage of the powerful capabilities and best-practices in Freshdesk, to give you a better support experience.
How does this make a difference to you ?
Not a lot changes in terms of how you get in touch with us. You can shoot us an email to firstname.lastname@example.org, and our support system will automatically create a ticket on your behalf. You will also be notiﬁed of our responses and status changes to your tickets via email as well, and you can send out your replies directly.
The ﬁrst time you send us a support query, you will receive an email with activation instructions to login to our support portal at http://support.tech-angels.com. Going forward, you can check the status or add comments to your support queries here.
We are actively populating our support portal with FAQs and solutions in our knowledge base, so you can help yourself to how-tos and instructions. You can also discuss your ideas and share tips in our community forums.
Each product has now its own support portal
In addition to the top-level support portal http://support.tech-angels.com, each product now features its own support, with online forums and knowledge base:
- Gemnasium : http://support.gemnasium.com (email@example.com)
- Spectorus : http://support.spectorus.com (firstname.lastname@example.org)
- Jagan : http://support.jagan.io (email@example.com)
Talk to us on Social too
Our support team is now listening to conversations on our Twitter handle (@techangels) and Facebook page (facebook.com/TechAngels). In addition to email and through our website, feel free to reach us here as well.
We love hearing from you
We strive to give you an awesome support experience with every query, and your feedback will help us get there faster. We will be sending out satisfaction surveys for you to rate your support experience with us periodically. If you have any doubts or queries regarding our new support tools and policies, please drop us a line at firstname.lastname@example.org, and we’ll be glad to assist you. And make sure you visit our new support portal at http://support.tech-angels.com.
From now on, the new and only scope used for authentication will be
user:email (“gives apps read-only access to a user’s private email addresses”).
Since the scope changed, you will need to accept again the app, and once done, we will only be able to read your public data + private email:
For existing accounts, you must link your account after login into gatekeeper, using the link “Connect Github account” in your account page:
This release marks the end of a big rewrite that lays the foundation of our vision for Gemnasium.
We really aim to make it an essential tool that will help developers save time dealing with dependencies so they can stay focused on their work. We keep hearing your feedbacks and will add more and more useful stuff in the future but this rewrite already comes with a bunch of new things and updates that you may take a look at.
The colors scheme has been redefined and now follows these rules:
green => dependency is up to date with latest version available
yellow => there is at least one newer stable version available
red => the dependency is behind a security fix or an important update (broken API, deprecation, …)
First, as app maintainers we eat our own dog food and after a long time using Gemnasium we ended to this new scheme which better suits our needs. It also answers most of our customers feedback about these status colors.
Having some outdated gems isn’t always a very bad thing: you may have missed the minor update about that feature you don’t use, so you’re behind latest. Well, yes but your app is still working great and there’s not threat on it. In such cases, the scary red was a bit too much.
On the other hand, staying just behind a tiny patch can be a very bad thing… you know, this little patch which fixes that big security issue! And here, red is a good color to say: “hey, you really should take a look and update me now”
While green and yellow status updates will stay entirely automatic, the red one will now go through a manual process. For now, our team will take care of this by watching Rubygems updates and flag them as security or important update. Of course, this implies that we can’t do it for every Rubygems and only the most popular ones will be watched at first. But according to the Pareto principle, this should suit most of developers needs. We are also already working on alternative solutions to improve coverage.
Note: Prerelease versions will still be notified when published but they are no longer considered as a leading factor in dependencies status choice.
Locked version awareness
The more you tell to Gemnasium, the more it will show you in return!
If your repository contains a Gemfile.lock (aka lockfile), Gemnasium will now use it and check your dependencies against the versions that you really use in your application. This is a huge improvement and particularly for developers that heavily rely on Optimistic Version Constraint.
Say you have defined the following dependency requirement some times ago :
gem 'library', '>= 2.2.0'
And now library 2.5.0 is out. Your requirement is still matching latest and any new install will get the 2.5.0 version.
But as an app user you certainly use a lockfile to ensure all your environments are using exact same versions of your dependencies. And then, unless you have updated it, you may have something like version 2.3.0 in your lockfile.
So your app is not using the latest version and this dependency is out-of-date! Now Gemnasium will warn you about this.
Ok they didn’t changed that much actually. The Travis-like style is really appreciated and developers are accustomed to it. So after some brush love and updated wording to match new colors meaning, here we go:
As an alternative, you still can use the dots version, available with just adding
?dots at the end of your badge url.
Gem versions history
Gem page now provides versions history so you can get a quick overview. This place will also receive some nice updates soon to provide you more useful information, so stay tuned.
New settings for personal notifications
The new settings section offers you the ability to choose the email address on which you want to receive personal notifications.
We also added “daily” and “never” frequencies in order to manage the notifications more finely or stop them for all your projects.
The new Hooks feature (available for business plans)
Email or Campfire hooks can now be defined on a per-profile basis that will be fired when a dependency is updated.
The hooks are totally separated from personal notifications, they have their own target (email address or campfire room) and their own frequency. Hooks are also shared among all users who can access the profile they belong to and all of them can add/update/remove the hooks.
We currently only provide Email and Campfire hooks, but feel free to suggest other ones if you need them!
With all these new things combined together, you now have a great tool that will keep an eye on your dependencies 24/7 and warn you the way you want, when it matters to you.
We hope you’ll enjoy these changes and as always, your feedback is welcome!
One of the most asked features is being released today: You can now connect to your Tech-Angels account using your Github account! No more password needed, unless you want one. Please read the following before trying the feature:
If you already have a Tech-Angels account (ie: to use https://gemnasium.com), you must sign-in first with your current account, and then link it with your Github account:
You can unlink your account from the same location.
New users can simply click on the new “Connect with Github” link in the nav bar. If your public data is complete on Github, your account should be created right away, otherwise you will be invited to fill your missing information.
New password policy
This feature introduce a new policy regarding passwords:
- Users coming from Github directly don’t have a password, so it won’t be required to update your account information
- Users who linked their existing account have a password, it will be asked to update your account information.
If you don’t have a password, and want to increase the security of your account, you can set-up one after sign-up from Github. It will then be asked to protect modifications on your account (including plans subscriptions very soon).
Why do I have to allow the application twice on Github when I use Gemnasium?
Our account management app (Gatekeeper) is using the smallest scope available on github, it will just fetch your user ID + your public data. While this is enough to create a Tech-Angels account, Gemnasium needs to access to your repositories to check dependencies.
We have deployed today a new version of Gemnasium, coming with completely new plans. The early adopters of Gemnasium already have received an email explaining this change, and it’s time to bring more information to everyone.
“Wait, what? Why?”
With the previous plans, it was impossible to follow public repositories on github for free, unless you were the owner. Since today most of the big projects are shared inside a public organization, we decided to create a new Free plan. This new plan is now allowing users to follow all their public projects, whether in personal accounts or in organizations.
“But the new plans are more expensive!”
New plans will appear more expensive for a very small part of our customers, the ones working alone with only a few private projects. For the others, especially little companies like us, it will allow all the collaborators to use Gemnasium with a fixed and cheaper price. No more per-user subscription, the plan can now be ordered by the boss of your company, and will benefit to all employees. The plans are now based on your number of private repositories, so following your business activity.
The recommended plans are the Business ones (respectively Bronze, Silver and Gold).
These plans will benefit of all Gemnasium features, including the upcoming ones.
They are suited for all companies using organizations on github. Each business plan subscribed will allow to follow one organization on Github (ie: If you are a member of the “rails” and “collectiveidea” organizations, you should order a Free plan for “rails”, and a Business plan among Bronze, Silver, Gold for “collectiveidea”).
Check-out the new plans here: https://gemnasium.com/pricing
For users still using Personal plans (only) on github, we deployed today a new set of plans: the Personal plans. They can’t be used with Github organizations, and will get only some of the upcoming features.
“Why do I have to create an account on another site?”
The addition of companies was a big step for Gemnasium. Since we will deploy more products like Gemnasium in the future, the need for a central account appeared as obvious for us. Therefore, your account will be now located in Gatekeeper (which is not related to Apple of course). Gatekeeper will be your central place for subscriptions, companies, and account management. The design is purposely similar to Gemnasium (and our upcoming products), but it’s a separate site.
We have a very long road in front of us, and we hope you will share the travel with us and enjoy it!