This Week in Open Source

If you’re in the northern hemisphere, it’s likely things are starting to get a little cooler than before. 🍁 Fall is on full display in shops and our hearts even if not in the weather.

My southern hemisphere friends will see things heating up as spring has sprung with the equinox recently passing! 🌱 I’m told it’s always warm in Brazil. ☀️

Wherever you are, I hope these updates find you and find you well. Today we’re going over the updates to thoughtbot’s open source projects for the month of July.

Some updates have been consolidated into their own sections at the bottom including our dynamic security.md work and Clarissa Lima Borges’s (clarissalimab) updates to our infra project CODEOWNERS files.

The following projects received updates:

• Administrate
• Art Vandelay
• thoughtbot design system
• Flightdeck
• GoldMiner
• thoughtbot’s Guides
• PropsTemplate
• Shoulda Matchers
• Superglue
• thoughtbot’s documentation templates
• Upcase

Administrate

Administrate is a framework for creating flexible, powerful admin dashboards in Rails.

Jeanine Soterwood (littleforest) did some linting (02084aa).

jubilee2 updated the example website document to HasOne field type for HasOne section (ffb98f0).

Michal Cichra (mikz) fixed the ordering of HasOne fields without an explicit order (5e2fda6).

dependabot[bot] bumped the versions of standard (47e23e1), sentry-ruby (af4c8a3), and sentry-rails (00e2624).

Art Vandelay

Art Vandelay is an importer/exporter for Rails 6.0 and higher.

Steve Polito (stevepolitodesign) updated the CI Matrix and bumped the local Ruby version (21daf91) and updated the supported Ruby and Rails versions (97c2e96).

benjamin wil (benjaminwil) added Import#json, Export#json, and Export#email. It’s worth noting that Export#email_csv method has been renamed to Export#email, as well (468db73).

thoughtbot design system

thoughtbot design system (tbds) is the design system for thoughtbot websites.

dependabot[bot] bumped versions of sass (86be0b0) and stylelint (d5ed668).

Flightdeck

Flightdeck provides Terraform modules for rapidly building production-grade Kubernetes clusters following SRE practices.

Clarissa Lima Borges (clarissalimab) adjusted Terraform formatting on aws/cluster/ files (4a6797e). and updated the CODEOWNERS and README files (c2c37ad).

GoldMiner

GoldMiner is a tool for finding interesting messages in a Slack channel and turning them into a blog post for the thoughtbot blog.

Matheus Richard (MatheusRich) added more authors to the author_config file (03f9344) and use Enumerator.produce to find last Friday (f0fcef5).

dependabot[bot] bumped the versions of rexml (d776d77), async (59db064), and standard (1b8905b).

Guides

thoughtbot’s Guides for working together, getting things done, programming well, and programming in style.

Elaina Natario (enatario) removed the terminology (5fb1558), working together (9caa4d0), communication (c9a359c), and inclusive culture guides (632b7a0).

Ferdia Kenny (Ferdia-thought) and Elaina moved these into the Best Practices section of our Playbook.

PropsTemplate

PropsTemplate is a direct-to-Oj, JBuilder-like DSL for building JSON. It has support for Russian-Doll caching, layouts, and can be queried by giving the root a key path.

Bogdanov Anton (kortirso) added a test for reproducing a bug that occures when rendering a partial with locals (1e91b17), updated block_opts_to_render_opts to use explicit handlers :props for partials rendering (b6a6d29), and added key formatting examples to the README (f9e640f).

Johny Ho (jho406) updated locals to be shallow cloned (890bffb) and bumped the version to 0.35.0 🎉 (0c07dec).

Shoulda Matchers

Shoulda Matchers provides simple one-liner tests for common Rails functionality.

Victor Andrey (vaot) added a without_instance_methods qualifier to the enum matcher (121590b).

Earlopain removed useless logger require (ede8fa3).

Samuel Williams (ioquatix) added support for deprecated status code symbols (03b0801).

Superglue

Superglue is a tool that helps you use classic Rails to build rich React Redux applications with NO APIs and NO client-side routing.

Johny Ho (jho406) Typescript-ified main (71d78fc), added Typestrict (400c9ae), migrated from jest to vitest (f5bc910), and updated package.json (fa3175a).

Templates

thoughtbot’s documentation templates for open source projects.

Neil Carvalho (neilvcarvalho) added a list of all public repositories that will have their SECURITY.md file dynamically updated (7c03334).

Steve Polito (stevepolitodesign) updated trigger-dynamic-security-update.yaml to include Art Vandelay (443801d).

Stefanni Brasil (stefannibrasil) updated security.md (1779e8a) ande made improvements to workflows and the security workflow example (4fdb46d).

Upcase

Upcase is a Rails application deployed to Heroku designed to help sharpen your programming skills.

Silumesii Maboshe (smaboshe) updated the versions of Bundler (ed640f1), (bbc2860), Ruby to v3.1.6 (72d3bd9), pg (4639332), Standard (3c915b7), (5ee6a36), Pry (2e88ccf), Rails (9612ec2), and Node.js (82e881d).

Silumesii also updated .tool-versions (3ba764d), marked when Upcase was upgraded to heroku-24 (0e37e83), applied Standard formatting (167164e), (ecaf176), and added support for inverting belongs_to -> has_many Active Record associations (7cda015).

dependabot[bot] updated version of rails_admin (15f1e0a), sentry-rails (536c3ff), webmock (9efdf9e), rexml (015701f), aws-sdk-s3 (2247189), rails-assets-lodash (444155c), psych (eaa0b0b), puma (6ace2fe), active_model_serializers (94ac72f), factory_bot_rails (d760fcb), sprockets-rails (82bc75a), and pg_search (a1dc67e).

Codifying CODEOWNERS For Infra Repos

Clarissa Lima Borges (clarissalimab) added and/or updated the CODEOWNERS for the following infrastructure projects:

• AWS Database Modules for Terraform
• Flightdeck)
• Route 53 Delegated Subdomain Terraform Module
• Sentry DSN for AWS
• SES Domain Identity Terraform Module
• SES SMTP User
• Terraform ALB Ingress
• Terraform AWS Secrets
• Terraform Modules AWS IAM Identity Center Permission Sets
• Terraform Module for AWS/Google SSO Sync
• Terraform S3 Bucket

Dynamic Security

You might remember back in a TWIOS issue covering March 2024 updates where we saw Stefanni Brasil adding a workflow throughout our repos to dynamically update their README footers.

A similar initiative took place in July to add a unified and dynamic SECURITY.md across our repos based on our template in Templates.

Thank you to Rakesh Arunachalam (rakeshpetit), Stefanni Brasil (stefannibrasil), Neil Carvalho (neilvcarvalho), Sarah Lima (sarahraqueld), Steve Polito (stevepolitodesign), Chad Pytel (cpytel), and everyone else who helped with this undertaking!

The following repos now include this dynamic SECURITY.md:

• AlertManager Delivery Module
• Art Vandelay
• Bourbon
• CapybaraAccessibilityAudit
• Capybara Discoball
• Clearance
• ClearanceI18n
• Climate Control
• Design Sprint Guide
• thoughtbot design system
• ESLint Config
• factory_bot
• factory_bot_rails
• Flightdeck
• Form Props
• GoldMiner
• Guides
• Humid
• Laptop
• Paperback
• PropsTemplate
• React Native On Rails
• Resolved
• Select Your Own Seat
• Shoulda
• Shoulda Context
• Shoulda Matchers
• Superglue
• Suspenders
• Terraform ALB Ingress
• AWS Database Modules for Terraform
• Terraform Module for AWS/Google SSO Sync
• Terraform Modules AWS IAM Identity Center Permission Sets
• Terraform AWS Secrets
• Sentry DSN for AWS
• SES SMTP User
• Terraform EKS CI/CD Pipeline
• Route 53 Delegated Subdomain Terraform Module
• Terraform S3 Bucket
• SES Domain Identity Terraform Module
• Terrapin
• Upcase

---

✨Have you considered contributing to open source? There’s a project out there for you! Visit our Open Source page to learn more about our team’s projects and contributions. While you’re there, consider contributing to one of our projects.

We even recently started sharing our open source maintainers sync notes publicaly, making it easier than ever for you to find a good place to start. You can check it out here.