Testing Go projects with Docker

Our CI server is getting a bit overloaded, and I didn't want to install more packages on it to test our new go projects. Since we are also playing a lot with Docker lately, it felt natural to use it to run test suites and determine coverage of go projects. Just by installing docker on our private CI server, all our team is now able to add various projects, with different versions, without interfering with other projects or environments.

This first step was to define a common Go base image for our go projects :

# Prefer debian over ubuntu FROM debian:wheezy # Let's install go just like Docker (from source). RUN apt-get update -q RUN apt-get install -qy build-essential curl git mercurial bzr RUN curl -s https://go.googlecode.com/files/go1.2.src.tar.gz | tar -v -C /usr/local -xz RUN cd /usr/local/go/src && ./make.bash --no-clean 2>&1 ENV PATH /usr/local/go/bin:/go/bin:$PATH ENV GOPATH /go # we're using godep to save / restore dependancies RUN go get github.com/kr/godep # Cover is used in almost all projects too RUN go get code.google.com/p/go.tools/cmd/cover WORKDIR /go

Let's create a Makefile along to this Dockerfile:

all: build build: docker build -no-cache -rm -t docker:5000/go:1.2 . run: docker run -rm docker:5000/go:1.2

We can argue on the no-cache parameter here, but since the second line is a "apt-get update", we should not cache this. If we decide to modify th Dockerfile later, and add a new debian package with "apt-get install", it will possibly fail because it won't be available anymore for download.

Anyway, we now have our docker:5000/go:1.2 image ready to be used. We won't use this image directly, but instead share it in other docker images.

Let's Create our go project

Let's create a new "go-example" project on our git server. The local path in $GOPATH will be something like "$GOPATH/src/gitlab.local/tech-angels/go-example". Let's create a Dockerfile for this project:

FROM docker:5000/go:1.2 ADD . /go/src/gitlab.local/tech-angels/go-example # Fetch deps WORKDIR /go/src/gitlab.local/tech-angels/go-example RUN go get # Allow to mount the current version in the container VOLUME /go/src/gitlab.local/tech-angels/go-example

With the common Makefile:

all: build build: docker build -no-cache -rm -t docker:5000/go-example .

We now have a full project environment, ready to compile and test, without installing anything else than Docker.

And now, configure the CI Server

We are using Gitlab-CI to test our projects, but the following will work with any CI server out there.

docker pull docker:5000/go-example docker run -t -i -rm -v `pwd`:/go/src/gitlab.local/tech-angels/go-example docker:5000/go-example go test -cover

and Voilà!

Our CI will just start a container, run the tests, and get an exit code from the go command.

Go further

We didn't add the save / restore deps step in this very simple example. It's trivial to add it, and you'll need a test script inside the container for that.

Also, you probably realize now how simple it is to test with different go versions!

Goodbye Campfire, welcome Flowdock, and Happy New Year!

Happy new year all! To celebrate 2014, we decided to refresh a bit our processes and tools. While Campfire was doing a great job, and was especially stable (ie: available), it was lacking a lot of features. The most annoying was the missing ability to edit a misspelled message. Our typos were frozen for eternity, what a shame!

We decided to give Flowdock a shot, and felt instantly in love with it. The notification are finally separated from the chat flow, they can be categorized, and have their own life (understand: a chat thread can be created a every notification!). The service is affordable (at least for a small team like us), and their mobile native apps are also a great way to keep in touch with co-workers. Especially, a mention "@user" will trigger a mobile notification if not read on the web, of the native app (windows/mac). We strongly encourage your team to try flowdock, you won't regret it!

Tech-Angels is turning 4!

We are happy to celebrate our 4th birthday!

The last four years have been extremely challenging: we have improved the level of all our skills, and our team is very proud of all our realizations.

We would like to say an enormous THANK YOU to all our customers! We will continue to raise the bar, and provide a quality of service we're proud of.

"Longue vie" Tech-Angels !

Speed up ruby on rails sites in vagrant vm

We're using since this summer vagrant (with vmware fusion) to run virtual environments closer to our production servers. We discovered some slowness with the development environment, and especially when the number of assets is important, which is particularly true with our backbone apps. The network graph in chrome was showing a lot of network latency:

We first thought of ns lookup resolution, but it was rapidly clear that this couldn't be the issue. There was really something odd about our VMs, since the dev env was running much faster outside the VM (on our laptops directly).

After some digging, we found this vagrant option: (http://docs.vagrantup.com/v2/synced-folders/nfs.html)

"In some cases the default shared folder implementations (such as VirtualBox shared folders) have high performance penalties. If you're seeing less than ideal performance with synced folders, NFS can offer a solution."

Vagrant.configure("2") do |config| # ... config.vm.synced_folder ".", "/vagrant", nfs: true end

Indeed, NFS is a solution. The access on the development unicorn is now much faster, without these big latencies.

Another good news, this change comes for "free" for Mac Os users (not tested on Linux, but it should act the same), the NFS exports on the host are managed by Vagrant. We just had to add this line to see a huge performance boost.

October News

We've been very busy this summer, and have some great news to share!

First of all, we spent a lot of time polishing our development environments. We were spending more and more time configuring envs, and fighting tiny differences between OS (Mostly Mac and Linux Ubuntu in dev, Linux Debian in production).

It was a big task, but we are now using Vagrant and Puppet to manage our development virtual machines. With Packer to the rescue, we were able to create standard images for both vmware and virtualbox. Puppet is in charge of the provisioning, and will use the same recipes as our production servers now. Every VM will be automatically synced with the dev puppet master so we don't have to worry about the configuration of each computer any more. Everyone in the team has a running instance of the projects in minutes now. Having the exact same postgresql, redis, etc. versions is also a big win. The impact of upgrading one of these components is now extremely easy to determine.

We'd like to share our experience with Vagrant and managing software projects on the long term. That's why we'll be hosting a workshop session at dotRB next Oct. 19th in Paris.

Speaking of wvmare, we are also proud to announce that we have migrated all our infrastructure to 2 privates clouds powered by vmware vsphere. The 2 clouds are located in France and Canada, and every network appliance / server / san is fully redundant. We are now able to extend the capacity of our hosting without limits, with just a few mouse clicks. This migration was necessary since we are hosting more and more services for our customers, and for our own products. By the way, we will recruit sysadmins in the US very soon, contact us if you are interested.

First customer using our new infrastructure, EasyWelcome (http://easywelco.me and https://twitter.com/easywelcome ) is a platform that aims to take the hassle out of the short term rentals by providing services bookable directly online and operated by professionals and vetted local experts. The website was developed by our engineers, using Ruby on Rails and Backbone.js.

We'd like also to welcome Santech (http://www.santech.fr), which is now hosted on our servers. Santech is a new company created in 2012, specialized in online health products and services.

We're growing! Developers wanted in France

Tech-Angels is currently growing quickly, and we need talented engineers to join our consulting team in France. (Disclaimer: following text in french only)

Nous recrutons des ingénieurs (H/F) développement (junior/senior) pour renforcer ses équipes consulting en France. Maitrise de Ruby On Rails et Javascript indispensable. Vous travaillerez à distance, depuis votre domicile, comme l'ensemble de nos équipes. Pour postuler, rendez-vous sur notre annonce APEC ou LinkedIn

Gemnasium, now with 1-click away changelogs

Tired of spending hours looking for what has changed in your dependencies?

Save your time! Gemnasium brings you 1-click changelogs!

For each of your project's dependencies you can now quickly check what has changed. Just click on the Changelog viewer icon and start reading!

Gemnasium will automatically aggregate changelog data and scope it to what matters to you: the changes between your current version and the latest stable!

No changelog? We can still help you.

When package's changelog is not available, Gemnasium still try to make it easier for you. It will indeed try to fall back to a nicely displayed list of commit messages.

At any time you can click on a commit from the list to see it on Github. You can also check the full compare view following the link provided in the header.

Pricing?

Our Changelog viewer is already included in all paid plans without any extra cost and is available to free users during their 30 days trial period.

For all existing free users, you'll also be able to try it until june, 15th, enjoy!

We hope you'll appreciate it and your feedback is welcome!

Cheers, Gemnasium Team

What's new in Gemnasium?

We've released a bunch a small fixes and improvements to make Gemnasium better! Let's review them.

Manual monitoring

You now can choose exactly which projects you want to monitor and which one you don't care about.

Gemnasium will still try to automatically add/remove projects when syncing with Github, but as soon as you manually start or stop monitoring a project, it won't override your choice anymore.

So you now can freely choose which projects you want to track, and drop the others.

To make it more clear, we've also cleaned up the profile view and you'll now only see the monitored projects there. This will drastically reduce the signal to noise ratio so that you can focus on what matters to you.

You can retrieve all your profile's projects in the Project's management page in your settings. There you'll be able to start/stop monitoring and edit projects settings to fine tune them.

Offline projects

First introduced with our Gemnasium Gem, the offline projects can now be totally managed on Gemnasium.

You can create projects from your profile settings and upload dependency files directly from the UI.

New platinum plan!

As required by our users who have a lot of private stuff, here comes the Platinum plan. It allows to track up to 125 private projects for $100/month!

Improved settings

We've changed a bit the settings to make account management easier.

The Settings home now displays the list of your Gemnasium profiles. Here you can manage them and add new ones.

The Github Permissions feature has been improved to give more granularity and now tells you how it affects your Gemnasium account.

Thanks for your support and your feedback that help us improving Gemnasium!

Cheers, Gemnasium Team

Should you upgrade Rails from 3.2.12 to 3.2.13 ?

Rails 3.2.13 was released just a week ago. Since it fixes 4 important security breaches (CVE-2013-1854 for activerecord, CVE-2013-1855 for actionpack, CVE-2013-1856 for activesupport and CVE-2013-1857 for actionpack), you may want to upgrade it asap. Yet, performance regressions and major bugs has been discovered in this new version of Rails.

What are the risks ?

Upgrading your application to Rails 3.2.13 will make bugs and performance issues popping out.

action_missing function will be broken

ActiveRecord chained scopes will cause bugs such as the one GitHub experienced lately

Assets and views loading time will drastically increase

How to remain safe without upgrading to 3.2.13?

We recommend you to not upgrade to Rails 3.2.13 and to wait for 3.2.14 to be released. But how to do so having in mind the 4 security breaches that still exists ? Well, that's simple, first of all, you might not be impacted by all of those issues and second, some monkey patches have been released to help you keep your application secure without upgrading. So keep calm, create a temporary hotfix branch until 3.2.14 is out and apply the patches you need.

Fixing Symbol DoS vulnerability in Active Record (CVE-2013-1854)

Your application does not use params as a find value for a query? You're safe!

Impacted code will look like User.where(:name => params[:name]). To fix this issue, you should call to_s method on params used as a find value. Basically, you'll need to change code that looks like

User.where(:name => params[:name])

to:

User.where(:name => params[:name].to_s)

Patch provided by Rails team

Fixing XSS vulnerability in sanitize_css in Action Pack (CVE-2013-1855)

You don't use sanitize_css method using user input as parameter? You're safe!

Impacted code will look like sanitize_css(user_input). The following patch will fix the issue:

module HTML class WhiteListSanitizer # Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute def sanitize_css(style) # disallow urls style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ') # gauntlet if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ || style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/ return '' end clean = [] style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val| if allowed_css_properties.include?(prop.downcase) clean << prop + ': ' + val + ';' elsif shorthand_css_properties.include?(prop.split('-')[0].downcase) unless val.split().any? do |keyword| !allowed_css_keywords.include?(keyword) && keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/ end clean << prop + ': ' + val + ';' end end end clean.join(' ') end end

Patch provided by Rails team

Fixing XML Parsing Vulnerability affecting JRuby users (CVE-2013-1856)

Your application does not use JRuby? Your JRuby application does not use the JDOM backend? You're safe!

To fix this issue, place this code in an application initializer:

ActiveSupport::XmlMini.backend="REXML"

Patch provided by Rails team

Fixing XSS Vulnerability in the sanitize helper (CVE-2013-1857)

Your app doesn't use sanitize method helper with user input? You're safe!

To fix this issue, place the following code into a file in your config/initializers folder.

module HTML class WhiteListSanitizer self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|%)3A/i def contains_bad_protocols?(attr_name, value) uri_attributes.include?(attr_name) && (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|%)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip)) end end end

Patch provided by Rails team

Gemnasium Gem 1.0 is out! Because security matters

Nothing is more important for us than your data safety, and we’d like to really thank our customers for their trust so far! Anyway, as we are very concerned with security, we find unacceptable to be forced asking you for a full access on your projects. We had a lot of complains regarding this problem, and we fully agree with you:** you should never grant access to your work.**

That’s why we’re proud to unveil today a new way to keep your projects in shape, without lowering your security requirements.

Why did we need a full access to your private repos?

Gemnasium is fully integrated with Github: it automatically fetches your repositories and gets notified about code updates (pushes). But for that, you need to authorize Gemnasium to access your code through Oauth.

Unfortunately, Github only provides a “Read + Write” access for private repos (the “repo” scope), which implies a full trust in the third party service. For freelancers, and agencies, it meant sharing their customer code with us, which is often forbidden by contracts or NDAs (and it’s a good thing!).

If you don’t trust this gem either, keep calm and relax, the source code is fully available: https://github.com/gemnasium/gemnasium-gem

How does it work?

Dependencies can be tracked now without authorizing any access to your application code, just by using that tiny gem!

Drop it in your project (or just install the gem), run install command, fill in the config file and you’re ready to go in a few seconds!

You can also use the provided post-commit Git hook to automatically push updates to Gemnasium when you commit changes on your dependency files.

Alternatively, you can use the “gemnasium” command, the rake task or even call directly Gemnasium’s gem classes from your code. See readme for more details.

Finally, using the Rake task, a CI server can be in charge of pushing the changes for you.

Behind the scene

When executed, Gemnasium gem will calculate SHAs for your dependency files (the same way Git does it) and send them to Gemnasium API to compare with remote ones. If anything changed in the files, SHAs will be different and then Gemnasium gem will upload updated files.

The after-commit Git hook we provide is even smarter as it will only fire SHAs check if your commit contains changes about your dependency files. It’s even faster than with our Github service hook!

One great thing with this gem is that you can check dependencies updates without pushing to the repository! Just update the dependency files, run “gemnasium push” and everything gets updated on gemnasium.com.

Gemnasium Gem is published under the MIT license. It’s compatible with all ruby projects, not only rails app. We’ve made it as light as possible and it doesn’t require any other dependency. Though, it’s only compatible with ruby >=1.9 for now (yes, that mean ruby 2.0 too!).

For Node.js projects owners, please note that this gem is also able to upload package.json and npm-shrinkwrap.json files, as long as you have a running ruby. For others don't worry, a Npm module is coming!

Please also note that for now the gem only works with existing Gemnasium profiles. So you still need to link your Gemnasium account with Github after registration (with read-only public access at least) and order a plan for one of your Github profiles. You’ll then be able to add your offline projects to the profile of your choice. Offline private projects are taken into account for your plan’s private slots limit.

We’re also working on fully offline profiles to allow non-Github setup. This will come a bit later. Stay tuned!

How to migrate existing project?

If you have already setup your projects to be synchronized automatically with Github, you can switch them to use the gem. Just follow the readme to complete the setup and use the “gemnasium create --force” command. The "--force" option will override the existing setup on gemnasium.com, updating your projects origin attribute from “github” to “offline”. Warning: there is currently no easy way to switch back to Github origin (need to contact support). Use with caution.

You can then update your Github permissions in your settings to use the read-only public access.

No more excuses to not track your dependencies and keep your projects in shape with Gemnasium!

Cheers, Gemnasium Team

Gemnasium's Security Coach on steroids!

As announced last week, we are pleased to release today the new features focusing on security.

Remember: since Gemnasium-2.0 we monitor popular packages, looking for security or critical updates. Once something is detected, all impacted versions are tagged accordingly which ends up to a red color on the projects depending on it.

It's time to put some steroids in this! Let's review the new features:

Security advisories

To bring you more information on these critical and security updates, Gemnasium now displays advisories right on the package’s page.

Advisories provide useful informations about security issues or critical updates: description, affected versions, fixed versions, available solutions etc…

Advisories are displayed on each affected versions of a package and also on the ones that fix it.

Alerts

But that’s not enough… Keep calm and let the Security Coach tell you what’s wrong with your projects!

Right from your project page you now can check the security and critical advisories affecting your dependencies.

Open alerts just hang here until your project become safe! They are closed automatically when the dependency is updated to a non-affected version.

If your app has been fixed with a patch, a workaround or is simply not affected by the advisory, you can tell Gemnasium it’s okay and just close the alert.

Notifications and reminder

Gemnasium’s Security Coach will warn you immediately when an advisory is created and will remind you every day until the alert is closed (by an update or using the close button). But if you feel bothered by the reminder and still haven’t fixed the issue, you can acknowledge the alert to stop the notifications. This can be done on the project page or directly from your alert email.

To avoid spamming you when you have a lot of affected projects, notifications are grouped by advisory. Here is a sample alert email:

The security reminder takes your notifications settings into account. So you only receive security emails for projects and packages that have notifications enabled and you won’t be notified at all if you have totally disabled notifications in your settings.

Please note that all old alerts have been automatically acknowledged to avoid spamming you. Feel free to reopen them if you want to be reminded.

The notifications and reminder features are included in all plans starting from Bonzaï (see pricing), and also available as trial during the 1st month of registration for Free plans. As an exceptional offer, the security reminder is also available to all existing Free users until March, 31st!

Side notes

Gemnasium is still growing its changelogs base and advocates for a common format. Your opinion is welcome and you can contribute on the Vandamme open source project to help us defining a convention.

As always, we hope you'll appreciate these new features and your feedback is welcome!

Cheers, Gemnasium Team

Standard Changelogs

There are thousands of different changelogs (if any) out there, with dozens of different names. It's almost impossible to fetch and parse them automatically... Gemnasium is using Vandamme to keep each changelog specificities (changelog location, version format, file format). We really believe in changelogs. Following changes in dependencies is a hard task, and almost impossible by reading commits only. The open-source world would be so much nicer with full, readable and comprehensive changelogs. As a solution to this problem, we propose a simple set of rules and requirements to follow in order to have a Standard Changelog. Please see the specs here: [https://github.com/tech-angels/vandamme/blob/master/README.md#changelogs-convention](https://github.com/tech-angels/vandamme/blob/master/README.md#changelogs-convention) Feedback is welcome!

Gemnasium V3 aka Gemnasium <3

 Gemnasium loves you, thank you so much for your support! We are proud today to announce a new exciting release. We have worked hard in the last months to improve the code base and features, it was also time to put in place a fresh and optimized UI. Each page has been lovingly handcrafted into an amazing new design. Here is an quick insight:  The new UI also comes with a new Dashboard page with gathered statistics about profiles and some info about a pushed package each week, and live events scoped to your account. We also have lots of surprises for you, so let's jump right in! ## NPM Support Gemnasium is now able to read your NPM dependencies and monitor them. If your Github profile contains projects with a “package.json” or a “npm-shrinkwrap.json” file, Gemnasium will be able to track the dependencies for you!                   This feature is included in all plans (including free plans), with no extra fee! And Gemnasium already monitors more than 22.000 node packages.                   ## Your personal security coach Need some help to follow important changes and security announcements? Let us introduce you the new “Watchmen” team. Everyday, we’ll be tracking important changelogs and security advisories for you, and will mark as “red” dangerous or broken versions. Don’t spend more time to wonder if your projects are vulnerable because you forgot to update them, let us ping you when we think you should worry about something! “Watched” packages and each “Checked”versions are marked with these labels:          “Watched” means the project is being manually checked every day. “Checked” is an acknowledge on the package version you are browsing. The Watchmen feature will evolve continuously to provide better and smarter security announcements so that you can relax and stay focus on your work. Expect a release dedicated to this topic next week! ## Packages Improvements Gemnasium now provides tons of metadata for both Rubygems and Npms packages (owners, maintainers, useful links, etc.). You can also find the dependencies of a package and discover the other packages depending on it. For those who maintain a changelog, Gemnasium is also able to provide its content for each versions. Though, as there is no standard yet, this feature requires the changelog to be in a supported format. We’ll write more about this soon, stay tuned!  ## New badges We’re taking part in the new “Shields” project, and provide clean, consistent and more readable badges for your Readmes. Your project badge can be copied/pasted on your github Readme page in seconds. Just click on the badge on your Gemnasium’s project page and follow instructions!                       We still have a lot of terrific ideas to come, stay tuned! ## Ho, one more thing We have a lovely gift for you! As you can see, a lot has changed in the new Gemnasium and the response we've gotten from community has been amazing. We’d like to welcome new subscribers with a 50% discount for 3 months (with the 1st month 100% free!) While creating your subscription on gatekeeper (our account platform), just enter the coupon : **VALENTINESDEP** <3<3<3 from the Gemnasium Team

Announcing a Better, Faster and Smoother Support Process

As part of our continuous effort to give you a better experience, we have just migrated our customer support processes to [Freshdesk](http://www.freshdesk.com). We strive to take full advantage of the powerful capabilities and best-practices in Freshdesk, to give you a better support experience. ## How does this make a difference to you ? Not a lot changes in terms of how you get in touch with us. You can shoot us an email to [email protected], and our support system will automatically create a ticket on your behalf. You will also be notified of our responses and status changes to your tickets via email as well, and you can send out your replies directly. The first time you send us a support query, you will receive an email with activation instructions to login to our support portal at [http://support.tech-angels.com](http://support.tech-angels.com). Going forward, you can check the status or add comments to your support queries here. We are actively populating our support portal with FAQs and solutions in our knowledge base, so you can help yourself to how-tos and instructions. You can also discuss your ideas and share tips in our community forums. ## Each product has now its own support portal In addition to the top-level support portal http://support.tech-angels.com, each product now features its own support, with online forums and knowledge base: * Gemnasium : http://support.gemnasium.com ([email protected]) * Spectorus : http://support.spectorus.com ([email protected]) * Jagan : http://support.jagan.io ([email protected]) ## Talk to us on Social too Our support team is now listening to conversations on our Twitter handle (@techangels) and Facebook page ([facebook.com/TechAngels](https://www.facebook.com/TechAngels)). In addition to email and through our website, feel free to reach us here as well. ## We love hearing from you We strive to give you an awesome support experience with every query, and your feedback will help us get there faster. We will be sending out satisfaction surveys for you to rate your support experience with us periodically. If you have any doubts or queries regarding our new support tools and policies, please drop us a line at [email protected], and we’ll be glad to assist you. And make sure you visit our new support portal at [http://support.tech-angels.com](http://support.tech-angels.com).

"Bienvenue à La Conf"

# Tech-Angels is a Gold Sponsor @la_conf  We're very proud and excited to announce today our participation to La-Conf in Paris, France, next 9-10 May 2013! The conference will be held in the heart of Paris, at the four-star [Westin Paris - Vendôme](https://maps.google.fr/maps?q=3+Rue+de+Castiglione,+75001+Paris+&hl=en&ie=UTF8&ll=48.865731,2.327471&spn=0.034696,0.038581&sll=48.865602,2.327369&sspn=0.017348,0.01929&gl=fr&hnear=3+Rue+de+Castiglione,+75001+Paris,+%C3%8Ele-de-France&t=m&z=15) (3 Rue de Castiglione, 75001 Paris). You will find us easily with our t-shirts / sweatshirts:  Please come and meet us, we will surely be good advisors regarding the wine and cheese! More info: http://2013.la-conf.org/

Projects settings: choose your branch!

As requested, here is a new feature to allow you to choose which branch of your projects you want to monitor. This setting can be found on the new _Projects_ page of your [Settings](https://gemnasium.com/settings).  When the branch for a project is changed, Gemnasium automatically syncs with its GitHub’s repository and updates the dependencies as needed.

Prerelease notifications

Since [Gemnasium-2.0 has been released](http://blog.tech-angels.com/post/37192207715/gemnasium-2-0), prerelease versions have been relegated to the background. Though it still can be interesting for library maintainers to stay up to date with latest changes and also get notifications when prereleases are published. For those who want it, there is now a setting for that (disabled by default):  For business plans owner, this setting is also available in Hooks.