 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
A security vulnerability in React related to React Server Components was identified over the holiday weekend.
On Nov. 29, Lachlan Davidson, a security consultant for the New Zealand-based security firm Carapace, reported the vulnerability. It allows unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints.
“Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components,” the React team warned Wednesday.
The vulnerability is present in versions 19.0, 19.1.0, 19.1.1 and 19.2.0 of:
It requires immediate action, the team noted, with a fix introduced in versions 19.0.1, 19.1.2 and 19.2.1. Users will need to upgrade the packages to the fixed versions.
“If your app’s React code does not use a server, your app is not affected by this vulnerability,” the team added. “If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability.”
The affected frameworks and bundlers include: Next, react-router, Waku, @parcel/rsc, @vitejs/plugin-rsc and Redwood SDK.
The full post outlines how to update to address the vulnerability.
The team at TanStack released on Wednesday TanStack AI, “a framework-agnostic AI toolkit built for developers who want control over their stack.”
“We’re building the Switzerland of AI tooling,” the TanStack team wrote. “An honest, open source set of libraries (across multiple languages) that works with your existing stack instead of replacing it.”
The alpha release includes a server that supports multiple languages, with JavaScript/TypeScript, PHP and Python available now. It also offers adapters for OpenAI, Anthropic, Gemini and Ollama. The TypeScript server library also handles summarizations and embeddings, the team added.
TanStack AI uses an open, published protocol.
“We’ve documented exactly how the server and client communicate,” the team stated. “Use whatever language you want. Use whatever transport layer you want. HTTP, websockets, smoke signals. As long as you speak the protocol through a connection adapter, our client will work with your backend.”
In addition to these features, it offers:
More is in the works, including headless chatbot UI components for React and Solid.
It has also advanced the TanStack Pacer API to beta. Pacer provides utilities for framework-agnostic debouncing, throttling, rate limiting, queuing and batching.
Microsoft’s Web Install API is now available to test on sites as an origin trial on Microsoft Edge. It’s available for Windows, macOS and Linux.
“With the Web Install API, your website can request the browser to install other web applications on the user’s device, by calling the asynchronous navigator.install() function,” wrote Diego González, the program manager for Microsoft Edge. “This allows you to invoke the browser’s built-in web app installation experience from your own user interface and exactly when you need it.”
Basically, it can help developers improve the installation experience of an app or suite of apps, but it can also be used for app store-like experiences, Gonzalez noted.
The blog post provides a brief tutorial on how to use the API.
On Wednesday, Django fellow Natalia Bidart announced version 6.0 of the web framework Django is available.
Highlights of this release include:
With this release, Django 5.2 reaches the end of mainstream support with the final minor bug fix release, 5.2.9, issued Tuesday. It will still receive security and data loss fixes until April 2028, although users are encouraged to upgrade before then.
Looking for a new challenge but don’t want to write your own JS framework? Check out the Advent JS, which offers a coding challenge to be solved in JavaScript, TypeScript or Python for every day leading up to Christmas on Dec. 25.
The Advent of Code challenge began in 2015 and is free; however, this year it’s undergone some changes, including removing the global leader board, according to creator Eric Wastl.
Developers can send as many solutions as they want and only the best score will be saved.
