NOTICE: RubyGems API Deprecation & Impact on Nexus Repository

UPDATE: Fix Released for RubyGems Dependencies API Removal

With Sonatype Nexus Repository 3.53.0, we provide important updates to ensure those using RubyGems repositories will not encounter errors. If you are using RubyGems, you must upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by the dependency API deprecation.


We are reaching out to let you know about a change made by that could affect Nexus Repository customers.

If you’re a Nexus Repository customer who has configured a proxy repository to access, you may experience dependency download (and, therefore, build) failures due to the planned deprecation of the dependency API.

Leading up to the deprecation of the dependency API on May 10, 2023, 24-hour API brownouts are scheduled on April 17th & 24th and May 1st, 3rd, & 5th, resulting in potential build failures for gem clients.

Possible Mitigations When Proxying when the dependencies API has been removed

  1. Configure rubygems clients with sources of either hosted or proxy repo types only, instead of a group repository.

  2. At the reverse proxy level, make all inbound requests to Nexus rubygems group repos ( not hosted or proxy ) at paths matching /repository/REPLACE_WITH_YOUR_GROUP_REPO_NAME/api/v1/dependencies/.* return a 404 not found instead of 200 response. This will trigger the bundler client to try an alternate slower mechanism to retrieve the same information

  3. Add to bundler client an additional source of the Nexus Repo Proxy repo of remote When accessing the proxy repo directly from the client, it will return a 404 and then this will trigger different client behaviour

  4. Explicitly give bundler install the --full-index option

This public JIRA ticket contains additional mitigation ideas from Nexus Repository customers, which may be useful to some users.

Is there a permanent fix?

Sonatype is working diligently on a permanent fix to help mitigate this change for our Nexus Repository customers. Obtaining the fix will require upgrading to the latest version of Nexus Repository 3 containing the fix—3.53.0—which is currently targeted to be delivered by May 2, 2023.

This situation is subject to change; as we learn more, we encourage you to stay updated on suggested mitigation steps and developments by following this community post.