August 2018 Security Releases Node.js
August 11th, 2018
SummaryThe Node.js project will be releasing new versions for each of its supported release lines on, or shortly after, the 15th of August, 2018 (UTC). These releases will incorporate a number of security fixes and an upgraded version of OpenSSL. We consider all of the flaws being addressed in these releases to be low severity….
React v16.4.2: Server-side vulnerability fix
August 1st, 2018
We discovered a minor vulnerability that might affect some apps using ReactDOMServer. We are releasing a patch version for every affected React minor release so that you can upgrade with no friction. Read on for more details. Short Description Today, we are releasing a fix for a vulnerability we discovered in the react-dom/server implementation. It…
You Probably Don’t Need Derived State
June 7th, 2018
React 16.4 included a bugfix for getDerivedStateFromProps which caused some existing bugs in React components to reproduce more consistently. If this release exposed a case where your application was using an anti-pattern and didn’t work properly after the fix, we’re sorry for the churn. In this post, we will explain some common anti-patterns with derived…
June 2018 Security Releases
June 6th, 2018
SummaryNode.js will release new versions of all supported release lines on or around June 12th, 2018 (UTC). These releases will incorporate a number of security fixes.ImpactAll versions of Node.js 6.x (LTS "Boron") are vulnerable to 1 denial-of-service (DoS) vulnerability with a severity of LOW.All versions of Node.js 8.x (LTS "Carbon") are vulnerable to 2 denial-of-service…
React v16.4.0: Pointer Events
May 23rd, 2018
The latest minor release adds support for an oft-requested feature: pointer events! It also includes a bugfix for getDerivedStateFromProps. Check out the full changelog below. Pointer Events The following event types are now available in React DOM: onPointerDown onPointerMove onPointerUp onPointerCancel onGotPointerCapture onLostPointerCapture onPointerEnter onPointerLeave onPointerOver onPointerOut Please note that these events will only work…
React v16.3.0: New lifecycles and context API
March 29th, 2018
A few days ago, we wrote a post about upcoming changes to our legacy lifecycle methods, including gradual migration strategies. In React 16.3.0, we are adding a few new lifecycle methods to assist with that migration. We are also introducing new APIs for long requested features: an official context API, a ref forwarding API, and…
Update on Async Rendering
March 27th, 2018
For over a year, the React team has been working to implement asynchronous rendering. Last month during his talk at JSConf Iceland, Dan unveiled some of the exciting new possibilities async rendering unlocks. Now we’d like to share with you some of the lessons we’ve learned while working on these features, and some recipes to…
March 2018 Node Security Releases
March 22nd, 2018
SummaryThe Node.js project will be releasing new versions for each of its supported release lines on, or shortly after, the 27th of March, 2018 (UTC). These releases will incorporate a number of security fixes and will also likely include an upgraded version of OpenSSL.InclusionsOpenSSL 1.0.2oThe OpenSSL team have announced that OpenSSL 1.0.2o will be made…
Sneak Peek: Beyond React 16
March 1st, 2018
Dan Abramov from our team just spoke at JSConf Iceland 2018 with a preview of some new features we’ve been working on in React. The talk opens with a question: “With vast differences in computing power and network speed, how do we deliver the best user experience for everyone?” Here’s the video courtesy of JSConf…
jQuery 3.3.1 – fixed dependencies in release tag
January 22nd, 2018
We encountered an issue in the release for jQuery 3.3.0, so we’ve immediately released another tag. The code itself is identical, but our release dependencies (only used during release) were added to the dependencies of the jQuery package itself due to the new behavior of npm in version 5+. jQuery 3.3.1 is now recommended if…