To counteract this, RubyGems workforce has added a new cooldown argument to Bundler that takes ignores gems till they’ve been revealed for a specified variety of days. This gives an extra layer of protection towards malicious package deal releases because it provides others a possibility to determine any malicious code they comprise earlier than set up.
The cooldown system works by checking the timestamp of any new variations of gems. Any new additions to the supply should come from older variations, any new additions will probably be delayed till they’re validated.
In conditions the place ready is unhelpful — as an illustration when a known-good package deal is launched to patch a harmful safety flaw — the delay could be overridden.