There is actually another big third_party component that is currently
shipped together with ruby package - rubygems.
Rubygems is developed as a project  separately from ruby. Once in a
while ruby developers check-in rubygems into their source tree .
And up until now we used ruby's version of rubygems.
The issue is that rubygems keeps getting releases that are never
integrated into ruby releases. For example rubygems 2.7.6 has a number
of security bugfixes and it was not merged into ruby 2.5 branch.
I am going to split 'rubygems' package from 'ruby' and bring
'rubygems' up-to-date. 'ruby' will have a dependency to 'rubygems'
thus update does *not* require installing 'rubygems' separately.