Automated Pull Requests for the Security Win – InApps 2022

It was a nice, quiet start to this week when we found out that, despite all other attempts to protect ourselves and our online identities, every single Wi-Fi-enabled device was vulnerable to a newly discovered security flaw, this time with WPA2, the “protocol that secures all modern protected Wi-Fi networks.”

So, with that in mind, we’ll start out this time around with a look at a study that scientifically proves something we should all know by now. The study out of North Carolina State University asks “can automated pull requests encourage software developers to upgrade out-of-date dependencies?” and finds that, indeed, auto-fix tools help programmers better protect their code. In fact, not updating out-of-date dependencies is one reason behind yet another recent hack that spewed all of our personal information across the web — the Experian hack. As noted by the study’s author, tools exist to help with automatically updating dependencies — but it’s on you, the developer, to implement them in the first place.

This Week in Documentation

• First, it’s not new but it certainly is helpful, and that’s likely why it’s sitting atop Hacker News. DevDocs.io “combines multiple API documentations in a fast, organized, and searchable interface” for well over 100 languages, frameworks, libraries and even numerous versions. The site works offline, on mobile, and can be installed on Chrome and is free and open source.
• If you want to take a step further down that rabbit hole, Kin Lane offers a more comprehensive set of sources when it comes to API documentation.
• And in the big documentation news of the week, Mozilla, Microsoft, Google, Samsung and the W3C have all agreed to move web documentation to Mozilla’s MDN portal, which already “has over 34,500 documentation pages and over 20,500 contributing users.”

This Week in Programming News

• It’s been a long-time coming but Airbnb officially announced that it has launched its API, which is not yet public but is accepting applications.
• TypeScript, the typed superset of JavaScript, announced a release candidate for TypeScript 2.6 and Infoworld digs into what’s new in the latest version. Put simply, 2.6 offers “increased strictness to help developers better find mistakes” and new error suppression capabilities. For all the nitty-gritty, see the official announcement.
• Also arriving is Microsoft’s attempt at creating a “multi-threaded JavaScript runtime” called Napa.js, which is enduring a skeptical reception in many comment threads. Many are noting Microsoft’s tendency to abandon such projects and the overall trend of failed attempts at bringing multi-threading and parallelism to JavaScript.
• Finally, the next version of Kotlin — 1.2 Beta2 — has been released and is said to provide “a range of compiler performance improvements since the previous public release,” and an average project build time decreased by nearly 20%. In case you missed it, Kotlin was projected last week — after Google’s endorsement — to surpass Java on Android in the next year.

This Week in Circumspection

• As more folks continue the migration to React 16, which was released just a few weeks back, we’ll continue to hear stories of their efforts. In this post on Hacker Noon, Vivek Nayyar lauds the error boundaries in React 16, noting that “with error boundaries, even if one of your components results in an error, the entire react app would not get unmounted and instead only the erroneous component would display a fallback UI and the entire app would still be fully functional.” Nifty. Another blog post on the topic calls error handling in React 16 “probably the most exciting new feature.” Read about error boundaries in full on the React site.
• Long before React, there was HTML and CSS and JavaScript. In this blog post, Peter Jang, the so-called “Dean of Instruction” at code boot camp Actualized, offers a walkthrough of JavaScript history. He follows the road “from plain HTML and JS to using a package manager to automatically download 3rd party packages, a module bundler to create a single script file, a transpiler to use future JavaScript features, and a task runner to automate different parts of the build process.” It’s an interesting look at the evolution of JavaScript and the various tools now surrounding it. As Jang remarks, “Web development used to be a great entry point for people new to programming precisely because it was so easy to get up and running; nowadays it can be quite daunting, especially because the various tools tend to change rapidly.
• Finally, a tale comes to us of why one company switched from Python to Go. The reasons are many and the story offers a detailed look at the differences between the two languages, finally concluding that “Python is a great language but its performance is pretty sluggish for use cases such as serialization/deserialization, ranking and aggregation. We frequently ran into performance issues where Cassandra would take 1ms to retrieve the data and Python would spend the next 10ms turning it into objects. … Go is a very performant language with great support for concurrency. It is almost as fast as languages like C++ and Java. While it does take a bit more time to build things using Go compared to Python or Ruby, you’ll save a ton of time spent on optimizing the code.”

Feature photo via Pixabay.