Plus, 'everything' package blocks developers from unpublishing packages
For January 05, 2024 | |
Here's a look at today's Dev briefing. - Oracle introduced JavaScript support in MySQL.
- GitHub unveiled generated Go and .NET SDKs.
- Daniel Stenberg highlighted the impact of low-quality AI-generated reports on bug bounty programs.
Thank you. Sudarshan p/sudarshan | |
1 | Oracle added JavaScript support in MySQL, enabling developers to write JavaScript stored programs in the MySQL database server. JavaScript support is available through a Preview in MySQL Enterprise Edition. More: - Oracle believes the support for JavaScript in stored programs will allow developers to write MySQL stored programs in a familiar language, enhancing developer productivity and allowing organizations to leverage a broad talent pool.
- MySQL-JavaScript unlocks capabilities to implement advanced data processing logic, such as data extraction, data formatting, approximate search, data validation, compression/encoding, and data transformation.
- MySQL-JavaScript will also be available in the MySQL Heatwave cloud service on OCI, AWS, and Azure.
- According to Stack Overflow's 2023 Developer Survey, JavaScript is the most popular programming language, followed by HTML/CSS, Python, and SQL.
| | |
2 | GitHub announced the adoption of Kiota, an OpenAPI-based HTTP Client code generator, to release two dynamically generated SDKs in Go and .NET. GitHub said this move marks a strategic shift towards more dynamic, flexible, and user-friendly tools for the GitHub community. More: - GitHub transitioned from Octokit to Kiota to offer immediate updates to models and APIs and also introduced new features to the SDK landscape.
- GitHub preferred Kiota over other generative approaches because of its ability to generate comprehensive, idiomatic SDKs from GitHub's OpenAPI specification.
- GitHub said it aims to unlock possibilities for developers to focus on user needs and innovation through the new SDKs.
| | |
3 | In a recent blog post, Daniel Stenberg discussed the impact of AI-generated security reports on the curl project's bug bounty program. Stenberg is the founder and lead developer of open-source projects curl and libcurl. More: - Stenberg pointed out that low-quality AI-generated reports result in wasting developers' time and energy.
- He further added that when such reports are made to look good, it takes more time and energy to research before they are eventually discarded.
- So far, the bug bounty program has paid over $70,000 in rewards for 415 vulnerability reports.
- Of the 415 reports, 64 were confirmed security problems, and 77 were informative, while the remaining 66% were neither a security issue nor a normal bug.
- Stenberg emphasized the need for human checks to enhance the effectiveness of AI-powered tools amid expectations for an increase in AI-generated security reports.
| | |
4 | A package called "everything" was published to the npm registry on Dec. 29, which attempts to include every npm package ever published when downloaded, resulting in storage issues. This rendered the ability to unpublish packages on the site ineffective for developers who have ever published on the registry. More: - The "everything" package contains five sub-packages, incorporating every existing package within the registry as dependencies.
- Each sub-package includes nearly 800 npm projects as its dependencies.
- gdi2290, the developer behind the prank, apologized for any inconvenience and is working with npm admins to fix the issue.
- According to BleepingComputer, the package remains on the registry, but the thousands of @everything-registry scoped packages associated with it have been made private, potentially resolving the issue.
| | |
5 | New Tools and Updates: - Microsoft unveiled the Azure Migrate application and code assessment tool for .NET. The new tool empowers developers to assess .NET source code, configurations, and binaries of their applications to identify potential issues and opportunities while migrating an app to Azure. It is available as a Visual Studio extension and as a .NET CLI tool.
- Bun version 1.0.21 with support for console.table(), a Web API that can print a table from an object or iterable. The latest version also includes 33 bug fixes and memory performance enhancements for Bun.write, Bun.file, and bun:sqlite.
- New updates in Uiverse.io 2.0 include over 3,5000 open-source UI elements, Figma copy and paste, TailwindCSS, new categories like Forms and Tooltips, and more.
| | |
6 | 📚 Tutorials: - This article demonstrates how to integrate Google sign-in into Kotlin Multiplatform.
- Learn how to build a table with styling, filtering, sorting, and paging using the react-table library.
- Google shared a tutorial on using Fetch Priority API to improve LCP image load times.
- Here are ten interview questions every JS developer should know in 2024.
| | |
7 | Quick Hits: - Need to close more deals faster? See 6 tips on how Calendly helps sales & marketing teams automate the meeting lifecycle and grow revenue. Read the blog.*
- Go creator Rob Pike shared the lessons learned from building the programming language on its 14th anniversary.
- Professor Niklaus Wirth, the creator of the Pascal programming language, passed away on New Year's Eve.
- Kaspersky's researchers have discovered a hardware feature vulnerability that allows attackers to bypass the hardware-based memory protection on iPhones.
*This is a sponsored listing. | | |
Upcoming Events | JAN 30 | Join TruEra for an expert discussion about the impact of the EU AI Act on US and Canadian firms | | | | | * This is a sponsored event | | | |
| Analyst | Sudarshan lives in Toronto, Canada, and is an engineering graduate. He is passionate about business, tech, entrepreneurship, and politics. FUN FACT: Sudarshan worked for the election campaign teams of two heads of state in India. When he is not busy with work, he enjoys hiking, playing cricket, and cooking. | This newsletter was edited by Aaron Crutchfield | |
|
|
Comments
Post a Comment