In our delicious appetizer overview, we serve everything that didn’t make it into the news but we still think is exciting:
Read more after the ad
- A new supply chain attack apparently targets SAP-related npm packages. The credential-stealing malware attack is self-described “mini Shai-Hulud.” The packages are affected
[email protected],@cap-js/[email protected],@cap-js/[email protected]and@cap-js/[email protected]. The maintainers have now released new versions without the malware. - The Apache Software Foundation has released Apache Camel 4.20.0. The release extends the free routing and conversion engine for Java with an Azure Storage Blob component that can be used to create and retrieve blob snapshots.
- The April 2026 release of the Python Environments Extension for Visual Studio Code improves the handling of Python environments. Additionally, launch speed and reliability of the extension have increased, and package list updates are now automatic.
- Google has added new functions to its NoSQL database Firestore. Included are a native full-text search, geodata queries and subqueries for improved join operations. In addition, updates and deletes can be done directly in Firestore with the new DML tool.
(Bild: joeycheung / Adobe Stock)
This year’s Mastering GitOps online conference by iX and dpunkt.verlag on June 25, 2026 will focus on practical topics such as the use of GitOps in platform engineering and the rendered manifests pattern with OCI registries. Early bird tickets are still available until June 3rd.
- The package manager for Python packages, pip, is now at version 26.1. Highlights include dependency cooldowns, experimental support for standardized lock files (pylock.toml) and improvements to the 2020 resolver in order to be able to replace the old resolver in the long term. With pip 26.1, support for Python 3.9 also ends.
- The JavaScript package manager pnpm 11.0 introduces stricter security rules: The minimumReleaseAge supply chain protection introduced in version 10 is now active by default. This can be used to delay the installation of newly released package versions. The information is given in minutes, for example
minimumReleaseAge: 1440for a one day delay. According to the pnpm team, most malicious releases are discovered and removed within an hour.
- The first preview for SkiaSharp 4.0 has been released. According to Microsoft, this is a milestone based on two years of work. SkiaSharp is a cross-platform 2D graphics API for .NET platforms based on Google’s Skia Graphics library.
- The new release Arduino App Lab 0.7 introduces custom bricks. These are modular software components to provide functions in projects. Developers can create bricks and reuse them across different apps, making App Lab an extensible platform.
- Ghostty is leaving GitHub: Mitchell Hashimoto, developer of the terminal emulator, announced this on his blog. The background is increasing GitHub outages. He still wants to share more details about the Ghostty move and its new home. A read-only mirror should remain on GitHub.
If you miss a tasty topic, we look forward to receiving your email.
(who)
