JavaGolangJavaScriptSwiftAndroidRustMiddleware
6 hours ago
fast-xml-parser
NaturalIntelligence

fix minor old bugs and update builder

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated
7 hours ago
vmprint
cosmiciron

VMPrint 1.4.0 — Mixed Page Geometry

This release gathers the engine work since the last GitHub release into one public milestone. The headline is mixed page geometry: VMPrint can now resolve different page sizes and margins within a single document, carry those resolved dimensions through the layout stream, and render matching PDF media boxes.

Added

  • Document-level page templates: layout.pageTemplates can override page size, orientation, and margins by zero-based pageIndex or by selectors such as first, odd, even, and all.
  • Mixed-size PDF output: Renderers receive resolved page.width and page.height per page, so saved layout streams and direct renders preserve odd-sized sheets instead of forcing every page back to the document default.
  • Partial simulation: engine.layout({ stopAtPage }) and lower-level simulation options can intentionally stop after an inclusive zero-based page prefix, with reports marking the stop reason as page-limit.
  • Flow-friendly engine substrate: The runtime now has stronger hosted-region, world-plain, and persistent child-actor behavior, including live mutation paths for zone-hosted and story-hosted content.
  • Exclusion assembly and shape work: Added weighted exclusion assemblies, compression/generation tooling, circle and ellipse exclusion support, polygon carry-over, and a micro-lane policy for controlling tiny wrap lanes.
  • Text and rendering capabilities: Added letter spacing support, CSS/browser line-height calculation mode, a contract-level text delegate surface, and pre-resolved renderer font handling.
  • Authoring and documentation coverage: Updated the quickstart, AST reference, CLI reference, page-control guide, engine README, architecture docs, internals guide, docs index, and VMPrint authoring skill for the new page geometry and partial simulation surfaces.

Changed

  • Renderer architecture: Refactored rendering around ContextRenderer, separating box traversal from context-specific drawing and trimming stale renderer surfaces.
  • Engine runtime ownership: Moved more layout subsystems into runtime-owned boundaries, tightened session/collaborator coordination, and made capture and region identity clearer in the simulation report.
  • Page identity model: Reduced brittle pageIndex * pageHeight assumptions by carrying chunk/frontier state more explicitly through checkpoints, provenance, redraw, hosted-region settlement, and finalization.
  • Repository and release workflow: Clarified the shared-engine sync workflow, contracted the repository around the engine/CLI/docs, and kept companion runtime packages external to the CLI bundle.
  • Browser demo evolution: The docs playground gained engine-native selection, cross-actor copy, copy-as-Markdown behavior, improved bidi selection highlighting, and a richer dashboard-style preview surface.

Fixed

  • Empty trailing page in odd-size documents: The new page-template fixture now produces only the intended pages, with no blank page after the second sheet.
  • Deferred total-pages materialization: Finalized page publication now exposes deferred header/footer content in page-region summaries.
  • Contained text stability: Fixed contained grapheme overflow, strict contained line-box wrapping, contained host-width import, and assembly lane caps.
  • Splitting and continuation stability: Fixed constrained-height paragraph splitting, hosted-region orphan-limit candidates, spanning-zone recovery, table continuation metadata, and zone overlays.
  • Performance regressions: Restored fast paths around ASCII segmentation, cached cluster/font resolution, optional interaction-map construction, and the temporal presentation collaborator path.
  • Packaging and typings: Refreshed publish-time typings, dual CJS/ESM exports, CLI runtime bundling, and packaged integration smoke checks.
8 hours ago
router
TanStack

Release 2026-05-05 00:00

Release 2026-05-05 00:00

Changes

Fix

  • fix plain TypeScript parser handling (#7342) (056337ef02) by @schiller-manuel

Packages

  • @tanstack/react-start@1.167.63
  • @tanstack/react-start-rsc@0.0.42
  • @tanstack/router-cli@1.166.41
  • @tanstack/router-generator@1.166.40
  • @tanstack/router-plugin@1.167.33
  • @tanstack/router-utils@1.161.8
  • @tanstack/router-vite-plugin@1.166.48
  • @tanstack/solid-start@1.167.60
  • @tanstack/start-plugin-core@1.169.18
  • @tanstack/vue-start@1.167.56
8 hours ago
zustand
pmndrs

v5.0.13

This release includes an improvement in the devtools middleware.

What's Changed

New Contributors

Full Changelog: https://github.com/pmndrs/zustand/compare/v5.0.12...v5.0.13

8 hours ago
next.js
vercel

v16.3.0-canary.10

Core Changes

  • Upgrade React from da9325b5-20260417 to f4e0d4ed-20260429: #93457
  • Bump @vercel/ncc: #93459
  • Include deployment id in cacheHandlers keys: #93453
  • fix(next/image): Improve error message for private IP (SSRF) rejections: #91686

Misc Changes

  • Upgrade to swc 65: #93325
  • [test] Ensure target page is compiled before navigation in instant-navs-devtools: #93365
  • [ci] Allow configuring the base URL for preview builds: #93464
  • turbo-tasks-backend: fix snapshot coordination races + extract SnapshotCoordinator: #93416

Credits

Huge thanks to @mischnic, @vercel-release-bot, @eps1lon, @rishishanbhag, and @lukesandberg for helping!

10 hours ago
dockview
mathuo

v6.0.1

What's Changed

Full Changelog: https://github.com/mathuo/dockview/compare/v6.0.0...v6.0.1

14 hours ago
drawio
jgraph

v29.7.11

15 hours ago
axios
axios

v0.32.0

v0.32.0 — May 4, 2026

This release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes.

⚠️ Breaking Changes & Deprecations

  • Null-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (#10838)

🔒 Security Fixes

  • Default error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (#10838)
  • Cookie & XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (#10838)
  • Proxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (#10838)
  • Node http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (#10838)
  • Browser xhr adapter: Stricter own-property checks when reading config and headers. (#10838)
  • URL parameters: AxiosURLSearchParams keeps %00 encoded and applies consistent encoding throughout. (#10838)
  • Public type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (#10838)

🔧 Maintenance & Chores

  • Repo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (#10838)

Full Changelog

17 hours ago
mobx
mobxjs

mobx@6.15.1

Patch Changes

18 hours ago
astro
withastro

astro@6.2.2

Patch Changes

  • #16292 00f48ee Thanks @p-linnane! - Fixes head metadata propagation in dev for adapters that load modules in the prerender Vite environment, such as @astrojs/cloudflare. The astro:head-metadata plugin previously only tracked the ssr environment, so maybeRenderHead() could fire inside an unrelated component's <template> element, trapping subsequent hoisted <style> blocks.

  • #16451 778865f Thanks @maximslo! - Fixes build crash when processing animated AVIF images. Sharp now gracefully passes through unsupported image formats instead of crashing during the build.

  • #16548 7214d3e Thanks @senutpal! - Fixes scoped styles applying to the wrong element when vite.css.transformer is set to 'lightningcss' and a selector uses a nested & inside :where(...), such as Tailwind v4's space-x-*, space-y-*, and divide-* utilities.

  • #16566 9ac96b4 Thanks @web-dev0521! - Fixes data-astro-prefetch="tap" not triggering when clicking nested elements (e.g. <span>, <img>, <svg>) inside an anchor tag.

  • #15994 1e70d18 Thanks @ossaidqadri! - Fix <style> compilation failure when importing Astro components via tsconfig path aliases

  • #16144 1cd6650 Thanks @fkatsuhiro! - Fixed a regression where .html was unexpectedly stripped from dynamic route parameters on non-page routes (.ts endpoints and redirects). This caused endpoints like /some/[...id].ts returning id: 'file.html' on getStaticPaths to not serve that file because the generated route (/some/file.html) would get matched as id: file that is not part of the list returned by getStaticPaths.

  • #16415 559c0fd Thanks @0xbejaxer! - Fix CSS traversal boundaries so pages with export const partial = true still contribute styles when imported as components by other pages.

  • #16516 17f1867 Thanks @fkatsuhiro! - Fixes an issue where the index route would return a 404 error when using a custom base path combined with trailingSlash: 'never'. This ensures that the home page and internal rewrites are correctly matched under these configurations.

  • #16515 280ec88 Thanks @jp-knj! - Fixes an issue where i18n.fallback pages with fallbackType: 'rewrite' were emitted with empty bodies during astro build.

  • #16565 7959798 Thanks @enjoyandlove! - Fixes session persistence when session.delete() is the first mutation in a request (no prior get, set, has, or keys). The session was marked dirty in memory, but persistence skipped the save because #data stayed undefined, so the backing store could still return the deleted key on the next request.

  • #16527 86fd80d Thanks @enjoyandlove! - Prevents script deduplication state from being consumed while rendering inert <template> contexts.

  • #16540 e59c637 Thanks @ascorbic! - Skips session storage reads when no session cookie is present. Previously, calling session.get() on a request without a session cookie would initialize the storage driver and make a read that was guaranteed to miss. On network-backed drivers this added latency and resource usage to every anonymous request.

  • #16517 6ab0b3c Thanks @adamchal! - Removes inline CSS for prerendered routes from the SSR manifest. The static HTML on disk already inlines those styles, and the SSR worker never renders prerendered routes, so the data was dead weight. Builds with many prerendered routes and build.inlineStylesheets: "always" (or "auto" with small stylesheets) will see a smaller SSR entry chunk, which reduces cold-start parse time on platforms like Cloudflare Workers.

  • #16509 d3d3557 Thanks @cyphercodes! - Fix conditional named slot callbacks receiving arguments from Astro.slots.render().

  • #16236 c6b068e Thanks @fkatsuhiro! - Fixes the position prop on <Image /> and <Picture /> components to correctly apply object-position styles

  • #16018 d14f47c Thanks @felmonon! - Fix defineLiveCollection() so LiveLoader data types declared as interfaces are accepted.