React v16.3.0: New lifecycles and context API
March 29th, 2018
A few days ago, we wrote a post about upcoming changes to our legacy lifecycle methods, including gradual migration strategies. In React 16.3.0, we are adding a few new lifecycle methods to assist with that migration. We are also introducing new APIs for long requested features: an official context API, a ref forwarding API, and…
Update on Async Rendering
March 27th, 2018
For over a year, the React team has been working to implement asynchronous rendering. Last month during his talk at JSConf Iceland, Dan unveiled some of the exciting new possibilities async rendering unlocks. Now we’d like to share with you some of the lessons we’ve learned while working on these features, and some recipes to…
March 2018 Node Security Releases
March 22nd, 2018
SummaryThe Node.js project will be releasing new versions for each of its supported release lines on, or shortly after, the 27th of March, 2018 (UTC). These releases will incorporate a number of security fixes and will also likely include an upgraded version of OpenSSL.InclusionsOpenSSL 1.0.2oThe OpenSSL team have announced that OpenSSL 1.0.2o will be made…
Sneak Peek: Beyond React 16
March 1st, 2018
Dan Abramov from our team just spoke at JSConf Iceland 2018 with a preview of some new features we’ve been working on in React. The talk opens with a question: “With vast differences in computing power and network speed, how do we deliver the best user experience for everyone?” Here’s the video courtesy of JSConf…
jQuery 3.3.1 – fixed dependencies in release tag
January 22nd, 2018
We encountered an issue in the release for jQuery 3.3.0, so we’ve immediately released another tag. The code itself is identical, but our release dependencies (only used during release) were added to the dependencies of the jQuery package itself due to the new behavior of npm in version 5+. jQuery 3.3.1 is now recommended if…
Meltdown and Spectre – Impact On Node.js
January 8th, 2018
Project zero has recently announced some new attacks that have received a lot of attention:https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html.The risk from these attacks to systems running Node.js resides in the systems in which your Node.js applications run, as opposed to the Node.js runtime itself. The trust model for Node.js assumes you are running trusted code and does not provide…
Behind the Scenes: Improving the Repository Infrastructure
December 15th, 2017
As we worked on React 16, we revamped the folder structure and much of the build tooling in the React repository. Among other things, we introduced projects such as Rollup, Prettier, and Google Closure Compiler into our workflow. People often ask us questions about how we use those tools. In this post, we would like…
Data Confidentiality/Integrity Vulnerability, December 2017
December 8th, 2017
(Update 7-December-2017) Security releases availableSummaryUpdates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. In addition the updates for 8.X and 9.X include a fix for a low severity buffer vulnerability as describe below. We recommend that all users upgrade as soon as…
Introducing the React RFC Process
December 7th, 2017
We’re adopting an RFC (“request for comments”) process for contributing ideas to React. Inspired by Yarn, Ember, and Rust, the goal is to allow React core team members and community members to collaborate on the design of new features. It’s also intended to provide a clear path for ideas to enter the project: Create an…
React v16.2.0: Improved Support for Fragments
November 28th, 2017
React 16.2 is now available! The biggest addition is improved support for returning multiple children from a component’s render method. We call this feature fragments: Fragments look like empty JSX tags. They let you group a list of children without adding extra nodes to the DOM: render() { return ( <> <ChildA /> <ChildB />…